You must log in or register to comment.
That attack surface is not vanishing. It’s would be relocating the same attack surface to something that might have an xz library in memory.
- The attack surface is there either way, this is just functionality repackaged that existed already before (
systemd-run, which is calling into PID1) - all compression libraries (actually most libraries at this point) are
dlopened on demand (which was planned even before the attack, which is speculated that the attack was accelerated in timeline because he was on a timer before the change was released)
- The attack surface is there either way, this is just functionality repackaged that existed already before (
As Microsoft and Poettering intended.
