top | item 39883015

(no title)

plg94 | 1 year ago

You do realize that "that shit" was part of the obfuscated and xz-compressed backdoor hidden as binary test file, right? It was never committed in plain sight. You can go to https://git.tukaani.org/xz.git and look at the commits yourself – while the commits of the attacker are not prime examples of "good commits", they don't have glaringly obvious red flags either. This backdoor was very sophisticated and well-hidden, so your comment misses the point completely.

discuss

johnisgood|1 year ago

> It was never committed in plain sight.

It was though. I have seen those two test files being added by a commit on GitHub. Unfortunately it has been disabled by now, so I cannot give you a working link.

fullstop|1 year ago

It really wasn't, though.

    commit 74b138d2a6529f2c07729d7c77b1725a8e8b16f1
    Author: Jia Tan <jiat0218@gmail.com>
    Date:   Sat Mar 9 10:18:29 2024 +0800
    
        Tests: Update two test files.
        
        The original files were generated with random local to my machine.
        To better reproduce these files in the future, a constant seed was used
    to recreate these files.



    diff --git a/tests/files/bad-3-corrupt_lzma2.xz b/tests/files/bad-3-corrupt_lzma2.xz
    index 926f95b0..f9ec69a2 100644
    Binary files a/tests/files/bad-3-corrupt_lzma2.xz and b/tests/files/bad-3-corrupt_lzma2.xz differ
    diff --git a/tests/files/good-large_compressed.lzma b/tests/files/good-large_compressed.lzma
    index 8450fea8..878991f3 100644
    Binary files a/tests/files/good-large_compressed.lzma and b/tests/files/good-large_compressed.lzma differ

Would you bat an eye at this? If it were from a trusted developer and the code was part of a test case?

If you looked at strings contained within the bad file, you might notice that this was not random:

    7zXZ
    ####Hello####
    7zXZ
    w,( 
    7zXZ
    ####World####

But, again, this was a test case.