Neil Madden on Nostr: IMO the only way we can have a chance against backdoors like #xz is to start taking ...
IMO the only way we can have a chance against backdoors like #xz is to start taking least privilege seriously. It’s insane that a compression library should ever have root privs. That ultimately means being able to control privilege at a finer grain than an OS process.
Published at
2024-04-01 07:19:24Event JSON
{
"id": "c897dc55eee307a7628d3f5ac682bfc3b46915b7c3c7ee72f1b7278e378fe467",
"pubkey": "6f40ace4826ffbfaad46ff973d991b05a0c7238ea32964ab06fe3a87ade66281",
"created_at": 1711955964,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://infosec.exchange/users/neilmadden/statuses/112194746082443740",
"activitypub"
]
],
"content": "IMO the only way we can have a chance against backdoors like #xz is to start taking least privilege seriously. It’s insane that a compression library should ever have root privs. That ultimately means being able to control privilege at a finer grain than an OS process.",
"sig": "ea92143396ea5b55fbbc966951663bf023ad59f77bb19f977274f9bf33d60df74a9450f6271c3e5e9fb13e073c0499b5610555b1431cd8edffdf91263821c5bb"
}
