betalars soon@eh 2382 on Nostr: By the way ... I think #nixos may be invulnerable from the #xz backdoor, because it ...
By the way ... I think #nixos may be invulnerable from the #xz backdoor, because it obscurities application paths (the payload seems to only be deployed when xz is called from usr/sbin/sshd).
And I gotta say: that'd be a pretty funny instance of accidental security trough obscurity.
(Please correct me if I'm wrong, please do not take my word for it, I don't know what I'm talking about, and this is my personal reading of this explanation:
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 )
And I gotta say: that'd be a pretty funny instance of accidental security trough obscurity.
(Please correct me if I'm wrong, please do not take my word for it, I don't know what I'm talking about, and this is my personal reading of this explanation:
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 )