Techly NewsGet the app

Get the latest tech news

Simplifying the Xz Backdoor


Step by step I simplify the beginning of the xz backdoor so there’s no doubt of what it does.

My past successes gave me the confidence to give a try to simplify one aspect of the xz backdoor: the installation of the hooks, but oh boy was I unprepared. Based on the above we can guess the malicious developers used an RPM-based distribution, because the precise combination of config.guess=2022-01-09 and config.sub=2021-12-25 doesn’t match either what is in the automake 1.16.5 release or autotools-dev 20220109.1. In discussions online I heard the argument that it’s easy to check the tarball, all packagers need to do is install the same version of “autotools”.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of xz backdoor

xz backdoor

Related news:

News photo

Discovering the xz backdoor with Andres Freund [audio]

News photo

The XZ Backdoor: Everything You Need to Know

« A POI database in one line
Measuring personal growth »