This backdoor has been on the verge of collapsing the world of free software

Linux could have crashed. Luckily... they detected it in time.

This backdoor has been on the verge of collapsing the world of free software
Chema Carvajal Sarabia

Chema Carvajal Sarabia

  • Updated:

Three days ago, researchers revealed the discovery of an intentionally placed backdoor in xz Utils, an open-source data compression utility available in almost all Linux installations and other Unix-like operating systems.

Windows 11 DOWNLOAD

It is likely that the person or people behind this project have invested years in it. And it is likely that they were about to incorporate the backdoor update into Debian and Red Hat, the two largest Linux distributions, when a sharp-eyed software developer discovered something suspicious.

Researchers have spent the weekend gathering clues and Ars Technica has masterfully summarized it. This is what is known so far.

What is xz Utils?

xz Utils is almost ubiquitous in Linux. It provides lossless data compression on virtually all Unix-like operating systems, including Linux.

xz Utils provides critical functions for compressing and decompressing data during all kinds of operations. xz Utils also supports the legacy .lzma format, making this component even more crucial.

What has happened?

Andres Freund, a developer and engineer working on Microsoft’s PostgreSQL offerings, was troubleshooting performance issues experienced by a Debian system with SSH, the most widely used protocol for remotely logging into devices over the Internet.

Specifically, SSH logins consumed too many CPU cycles and generated errors with valgrind, a utility for monitoring computer memory.

Thanks to a combination of luck and Freund’s attention, he discovered that the problems were due to updates of xz Utils. On Friday, Freund turned to the Open Source Security List to reveal that the updates were the result of someone intentionally introducing a backdoor into the compression software.

What does the back door do?

The malicious code added to versions 5.6.0 and 5.6.1 of xz Utils modified the software’s operation when performing lzma compression or decompression operations. When these functions involved SSH, they allowed executing malicious code with root privileges.

Windows 11 DOWNLOAD

This code allowed someone in possession of a default encryption key to log into the system with a backdoor via SSH. From that moment on, that person would have the same level of control as any authorized administrator.

Chema Carvajal Sarabia

Chema Carvajal Sarabia

Journalist specialized in technology, entertainment and video games. Writing about what I'm passionate about (gadgets, games and movies) allows me to stay sane and wake up with a smile on my face when the alarm clock goes off. PS: this is not true 100% of the time.

Latest from Chema Carvajal Sarabia

Editorial Guidelines