this post was submitted on 03 Apr 2024
34 points (88.6% liked)
Nix / NixOS
1765 readers
5 users here now
Main links
Videos
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Those packages themselves depend on xz. Pretty much all of them.
What you're suggesting would only make the
xz
executable not be backdoored anymore but any other application using liblzma would still be as vulnerable as before. That's actually the only currently known attack vector; inject malicious code into SSHD via liblzma.