How the xz backdoor highlights a major flaw in Nix | Shade's Blog (shadeyg56.vercel.app)

submitted 1 year ago by starman@programming.dev to c/nix@programming.dev

8 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Atemu@lemmy.ml 1 points 1 year ago

Those packages themselves depend on xz. Pretty much all of them.

What you're suggesting would only make the xz executable not be backdoored anymore but any other application using liblzma would still be as vulnerable as before. That's actually the only currently known attack vector; inject malicious code into SSHD via liblzma.

permalink
fedilink
source
parent

this post was submitted on 03 Apr 2024

40 points (100.0% liked)

Nix / NixOS

2192 readers

2 users here now

Main links

website
wiki
matrix

Videos

Linux Experiment about NixOS
Chris Titus Tech
Mental Outlaw

founded 2 years ago

MODERATORS

erlingur@programming.dev

ballmerpeaking@programming.dev

WhiteBlackGoose@programming.dev