Which strongly suggests that they planned and/or executed more backdoors via Jia... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		formerly_proven on March 30, 2024 \| parent \| context \| favorite \| on: XZ backdoor: "It's RCE, not auth bypass, and gated... Which strongly suggests that they planned and/or executed more backdoors via Jia Tan’s access.

pja on March 30, 2024 [–]

I guess xzdec was supposed to sandbox itself where possible so they disabled the sandbox feature check in the build system so that future payload exploits passed to xzdec wouldn’t have to escape the sandbox in order to do anything useful?

Sneaky.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact