Possibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 6 months agoXZ backdoor in a nutshelllemmy.zipimagemessage-square152fedilinkarrow-up13arrow-down10
arrow-up13arrow-down1imageXZ backdoor in a nutshelllemmy.zipPossibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 6 months agomessage-square152fedilink
minus-squaredan@upvote.aulinkfedilinkarrow-up0·6 months ago OpenSSL did add to the entropy pool a bunch uninitialized memory and the PID. Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it. The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.
Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it.
The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.