I says quite clearly in the second article you posted it can only work in Linux...
"...Linux distributions add a patch to link sshd to systemd, a program that loads a variety of services during the system bootup. Systemd, in turn, links to liblzma, and this allows xz Utils to exert control over sshd." -- ESP On Thu, 4 Apr 2024 21:17:18 +0000 Katherine Mcmillan <[email protected]> wrote: > Hello Peter and all, > > I have seen the following comment, or similar, in several articles > now: "On Friday, a lone Microsoft developer rocked the world when he > revealed a > backdoor<https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/> > had been intentionally planted in xz Utils, an open source data > compression utility available on almost all installations of Linux > and other Unix-like operating systems." > https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ > > There are a couple of problems with this statement, but I just want > to focus in on the "almost all installations of Linux and other > Unix-like operating systems" part. From my understanding, it is > certainly almost all installations of Linux, but the "and other > Unix-like operating systems" doesn't seem founded. From what I > understand, this backdoor would not affect any flavour of *BSD, or of > illumos for that matter (ex. smartOS), or QNX, or Solaris. Just for > clarity, does anyone know what "Unix-like operating systems" would be > affected by this? > > Thank you, > Katie > > ________________________________ > From: [email protected] <[email protected]> on behalf of > Aaron Mason <[email protected]> Sent: 03 April 2024 19:17 > To: [email protected] <[email protected]> > Subject: Re: lcamtuf on the recent xz debacle > > Attention : courriel externe | external email > > On Sat, Mar 30, 2024 at 9:32 PM Peter N. M. Hansteen > <[email protected]> wrote: > > > > "This dependency existed not because of a deliberate design decision > > by the developers of OpenSSH, but because of a kludge added by some > > Linux distributions to integrate the tool with the operating > > system’s newfangled orchestration service, systemd." > > > > As if I needed another reason to intensely dislike systemd... > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse >
