this post was submitted on 30 Mar 2024
986 points (98.5% liked)

linuxmemes

21009 readers
2558 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    poopsmith
    zephyr
    rtxn
    986
    Debian security amirite? (lemmy.world)
    submitted 6 months ago by Emerald to c/linuxmemes
    75 comments fedilink hide all child comments
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] [email protected] 31 points 6 months ago* (last edited 6 months ago) (1 children)

    The slowness is on purpose.

    (OP may know, but I don't know if everyone does.)

    Edit: /u/[email protected] is picking up what I was putting down.

    [–] TangledHyphae 0 points 6 months ago* (last edited 6 months ago) (2 children)

    The slowness is on purpose? To help identify the sshd in question to the attacker which nodes are compromised? What reason(s) could there be?

    [–] [email protected] 6 points 6 months ago (1 children)

    He's talking about Debian's slowness in getting new versions to stable, and how the meme ignores security backports.

    [–] TangledHyphae 1 points 6 months ago

    Ohh that makes way more sense, thanks. I haven't used Debian in like 10 years but it was obviously the same back then too.

    [–] mumblerfish 2 points 6 months ago (1 children)

    If the above decides to continue, the code appears to be parsing the symbol tables in memory. This is the quite slow step that made me look into the issue.

    That is from the original find. Not sure the relevance of it and this being proof for it being "on purpose". But that is the origin of the slowness.

    [–] TangledHyphae 1 points 6 months ago

    I doubt that was intentional, they would likely want to hide that latency but the CPU time required to scan everything just is what it is.

    https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b

    The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

    It's RCE, not auth bypass, and gated/unreplayable.