Conversation

Notices

reeeeeelman (realman543@annihilation.social)'s status on Tuesday, 02-Apr-2024 09:07:46 JST reeeeeelman
@p @p @sjw @graf @Moon For those of you with similar issues:
I was having trouble running this on my only debian box. For some reason I need to use sudo for basically every high level thing, even in a rooted shell
#! /bin/bash set -eu # find path to liblzma used by sshd path="$(sudo ldd $(sudo which sshd) | grep liblzma | grep -o '/[^ ]*')" # does it even exist? if [ "$path" == "" ] then echo probably not vulnerable exit fi # check for function signature if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410 then echo probably vulnerable else echo probably not vulnerable fi
This should fix that.
Unrelated, but I cannot seem to find liblzma linked to sshd on Devuan. Is this normal? Because liblzma5 is installed on the box, but doesn’t come back on a which search.

In conversation about 8 months ago from annihilation.social permalink
- † top dog :pedomustdie: repeated this.
- p (p@shitposter.world)'s status on Tuesday, 02-Apr-2024 09:07:54 JST p
  in reply to
  @realman543 @p @sjw @graf @Moon @p
  
  > Unrelated, but I cannot seem to find liblzma linked to sshd on Devuan. Is this normal? Because liblzma5 is installed on the box, but doesn’t come back on a which search.
  
  That's because Devuan doesn't use systemd, and the only reason sshd gets linked to liblzma is because systemd subsumed the user auth process and systemd links against it. (Remember everyone that scoffed at the security concerns people raised about systemd or that hand-waved it when people pointed out that systemd is bloated and fucked up and is trying to eat the entirety of userland? Each of those people can eat a damn dick, then eat a bowl of dicks, then eat fifty dicks, and wash it down with a damn dick.)
  
  In conversation about 8 months ago permalink
  
  † top dog :pedomustdie: likes this.

Public

Conversation

Notices

Feeds