![Avatar](/_next/image?url=https%3A%2F%2Fmedia.kbin.social%2Fmedia%2Fe5%2F59%2Fe559ede17c57b24aa1e96b6b4b900849e85a37fc6f5d82cb8249e6b5b6778857.png&w=3840&q=75)
![Avatar](/_next/image?url=%2Flemmy-icon-96x96.webp&w=3840&q=75)
chameleon
iām lizard š¦
Looking at the implementation, it doesnāt really implement sudoers or tools like sudoedit in any way. systemd-run
has already been an existing tool for quite some time and this is really just a different CLI for it. That tool asks systemd to make a temporary new service and immediately run it. That, in turn, requires blanket yes/no approval for org.freedesktop.systemd1.manage-units
via polkit.
So with run0, you can either do everything or you can do nothing. In-betweens are just not a thing at the moment. Thereās very little new backend code running as root.
run0 bash
should behave very similar to something like systemd-run --uid=0 --gid=0 --wait --same-dir --send-sighup --pty --pipe --collect bash
and the majority of those options have been available for quite a while.
Note Dark Void Zero never really got rid of their draconian, broken DRM. Still has the same old 2010-era SecuROM with half-functioning servers that may or may not permanently go offline on any random day.
Itās not what the buttons look like, itās what they do. In Krita, making an ellipse involves clicking the ellipse button and dragging it somewhere. You now have an ellipse, and you hold shift if you want to make it a circle instead.
In GIMP there is no direct ellipse tool, thereās only an ellipse select tool, likewise you hold shift to make it a circle. Then you use a menu item to select the border of your selection, getting a popup to let you determine how much pixels you want. And then, you use the fill tool or fill menu item to fill it. Thatās a surprising amount of clicks to accomplish whatās most likely the single most common task for anyone opening a screenshot in an image editor. Iām not aware of any easier/faster method to do it. Feels like it should exist, but this is also what you get if you search for how to draw a circle in GIMP, so if it exists everyoneās missing it.
GIMPās method gives you more power, but you rarely ever need that power. But when you do, Krita also has ellipse select, border select and various fill tools that can be strung together in the same way.
Test files often represent states that canāt be represented in the library proper. Things like āa tree where node A is a child of B and node B is a child of Aā, āthe previous instruction repeated x timesā where x was never set or there was no previous instruction, or weird combinations of mutually exclusive effects. More often than not, you canāt really generate those using the library itself, as libraries tend to be written to reject those kinds of invalid states (thereās only so much you can do in C but in functional programming land, āmake invalid states unrepresentableā is a straight up mantra).
Even if you did manage to do that, using the system under test to generate test data for the system under test is generally not very useful by itself; youād need some kind of extra protections on top to make sure the actual test files continue to be identical between revisions (like hashing them). Otherwise, a major incompatibility could be easily overlooked. But that also makes it hard to make any kind of valid changes to the library at all. Worse yet, some libraries donāt implement everything needed to generate the test files: even xz is missing pieces, for example thereās an lzip decompressor but not a compressor.
Thereās some arguments to be made for separating the test system from the main distribution, but the end result will likely be that nobody runs the testsuite at all. Itās difficult enough to get distros to do it in the first place.
These things are always easy to say in hindsight, but I do believe that a closer review of the build system shenanigans used to install the backdoor would have at least raised some questions.
Nobody noticed it because nobody is reviewing autotools spaghetti and especially not autotools spaghetti that only exists as shipped in a tarball. Minor differences in those files are perfectly normal as the contents of them are copied in from the shared autoconf-archive project, but every distro ships a different version of that, so what any given thing looks like will depend on the maintainerās computer. And nearly nobody has a good understanding of what any given line in a .m4 file is going to ultimately lead to the execution of regardless, so why bother investigating any differences? The maintainer of Meson has a good take on this.
Shipping tarballs without any form of generated files and having a process to validate release tarballs against the repo would be a good step, but is much easier said than done for a variety of reasons. Same thing can be said for shipping without any form of binary files in the repo, thereās quite high value in integration tests and xzās README for the test blobs has correctly included this paragraph for 16 years:
Many of the files have been created by hand with a hex editor, thus there is no better āsource codeā than the files themselves.
For any given tag, GitHub will always have an autogenerated āarchive/ā link, but the ārelease/ā link is a set of maintainer-uploaded blobs. In this situation, those are the compromised ones. Any distro pulling from an āarchive/ā link would be unaffected, but I donāt know of any doing that.
The problem with the āarchive/ā links is that GitHub reserves the right to change them. Theyāre promising to give notice, but itās just not a good situation. The ārelease/ā links are only going to change if the maintainer tries something funny, so the distroās usual mechanisms to check the hashes normally suffice.
NixOS 23.11 is indeed not affected.
Youāre looking at the wrong line. NixOS pulled the compromised source tarball just like nearly every other distro, and the build ends up running the backdoor injection script.
Itās just that much like Arch, Gentoo and a lot of other distros, it doesnāt meet the gigantic list of preconditions for it to inject the sshd compromising backdoor. But if it went undetected for longer, it would have met the conditions for the āstage3ā/āextension mechanismā.