VessOnSecurityMar 30, 2024

So, kids, what's the moral of the XZ story?

If you're going to backdoor something, make sure that your changes don't impact its performance. Nobody cares about security - but if your backdoor makes the thing half a second slower, some nerd is going to dig it up.

Show threadNico -telmich- SchotteliusMar 30, 2024
@bontchev "I watched my ssh daemon taking 4 KiB more memory than usual, I knew something was wrong".
Show threadkasperd
I remember back in the days of Linux 2.2 when swapping out inactive pages during memory pressure meant that it was possible for a process to show up in top with a resident size of 0KB. And top mistakenly showed any such process as a kernel thread.
Mar 31, 2024 at 1:13pmWeb