> some binary test files were added later that are probably now suspect That's c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gamer191 on March 30, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... > some binary test files were added later that are probably now suspect That's confirmed From https://www.openwall.com/lists/oss-security/2024/03/29/4: > The files containing the bulk of the exploit are in an obfuscated form in > tests/files/bad-3-corrupt_lzma2.xz > tests/files/good-large_compressed.lzma > committed upstream. They were initially added in > https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf...

m0dest on March 30, 2024 [–]

It probably makes sense to start isolating build processes from test case resources.

saagarjha on March 30, 2024 | [–]

Sure but then you can smuggle it into basically any other part of the build process…?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact