Low Level Learning - Backdoor In Open Source by Subverting The Build Tools

This is pretty crude stuff compared to what could be done, but still, it shows how vulnerable git repos can be. [Correction: git was not involved in the backdoor, see Soléne's blog post Lessons learned with XZ vulnerability, nevertheless, git will happily distribute any binary files, including executables that could be used to subvert the development process. This can happen by accident or design, see e.g. https://github.com/LifeWithDavid/RaspberryPiPico-BareMetalAdventures/tree/main/Chapter%2004] See Backdoor in upstream xz/liblzma leading to SSH server compromise for some more details.

Subscribe to Low level Learning.

Comments

Popular posts from this blog

Live Science - Leonardo da Vinci's Ancestry

David Turner Obituary by Sarah Nicholas Fri 24 Nov 2023