Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mas.to is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hello! mas.to is a fast, up-to-date and fun Mastodon server.

Administered by:

Server stats:

13K
active users

mas.to: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public
AndresFreundTec

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

openwall.com/lists/oss-securit

www.openwall.comoss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
Thomas

@AndresFreundTec what's really remarkable is that you've found the attack not through a functional analysis or formal review but with a sound software engineering approach: the Valgrind effect had been tinkered on - the CPU load impact, however, is a classical side channel usually only used for attack, not for defense. Kudos for making the role of good software engineering obvious for systems security!

Mar 30, 2024, 06:22 AM·Public·Web
0boosts·1favorite
ExploreLive feeds
About