alienscience@programming.devtoProgramming@programming.dev•Backdoor in upstream xz/liblzma leading to ssh server compromise
19·
7 months agoThe person that found this is a hero.
Whenever I see slightly weird behaviour, there is a temptation to just move on because there isn’t enough time, running software is complicated, and there is something else I want to do. I will try to change my attitude in future in case it uncovers a backdoor like this – it would be educational too.
Just to add to this point. I have been running a separate namespace for CI and it is possible to limit total CPU and memory use for each namespace. This saved me from having to run a VM. Everything (even junk) goes onto k8s isolated by separate namespaces.
If limits and namespaces like this are interesting to you, the k8s resources to read up on are
ResourceQuota
andLimitRange
.