monica_b1998@lemmy.world to Linux@programming.dev · 14 days agoChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decadethehackernews.comexternal-linkmessage-square14linkfedilinkarrow-up156arrow-down133
arrow-up123arrow-down1external-linkChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decadethehackernews.commonica_b1998@lemmy.world to Linux@programming.dev · 14 days agomessage-square14linkfedilink
minus-squareOoops@feddit.orglinkfedilinkarrow-up20·14 days agoDon’t let people steal your device to break into it and replace the login software with a compromised version…
minus-squareMaki@lemmy.blahaj.zonelinkfedilinkarrow-up18·14 days agoNothing. The group in question attacked a specific system. The title is misleading.
minus-squareWhoIzDisIz@lemmy.todaylinkfedilinkarrow-up5arrow-down3·edit-213 days agoGo to something immutable. Apparently this is not as strong a solution as I thought. Apologies.
minus-squaremoonpiedumplings@programming.devlinkfedilinkarrow-up6·14 days agoNot really. Immutability can be overriden by root, who can then edit files. And in addition to that, /etc/, system config files, including pam files mentioned here, are not immuable even in immutable distros.
minus-squarePabloSexcrowbar@piefed.sociallinkfedilinkEnglisharrow-up4·13 days agoI don’t know that the current crop of immutable distros would be able to prevent something like this. rpm-ostree, at least, lets you install out-of-tree rpm packages to the base system, you just have to reboot for them to take effect.
what are we meant to do?
Don’t let people steal your device to break into it and replace the login software with a compromised version…
Nothing. The group in question attacked a specific system. The title is misleading.
Go to something immutable.Apparently this is not as strong a solution as I thought. Apologies.
Not really. Immutability can be overriden by root, who can then edit files.
And in addition to that, /etc/, system config files, including pam files mentioned here, are not immuable even in immutable distros.
TIL, TY.
I don’t know that the current crop of immutable distros would be able to prevent something like this. rpm-ostree, at least, lets you install out-of-tree rpm packages to the base system, you just have to reboot for them to take effect.