Possibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 1 year agoXZ backdoor in a nutshelllemmy.zipimagemessage-square148fedilinkarrow-up12arrow-down10
arrow-up12arrow-down1imageXZ backdoor in a nutshelllemmy.zipPossibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 1 year agomessage-square148fedilink
minus-squaredan@upvote.aulinkfedilinkarrow-up0·1 year ago OpenSSL did add to the entropy pool a bunch uninitialized memory and the PID. Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it. The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.
Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it.
The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.