| 7 Jul 2024 |
 matthewcroughan | Yeah I just saw the version + the config not containing LoginGracePeriod 0 | 20:28:19 |
| matthewcroughan | so maybe it's patched, I didn't look at that | 20:28:26 |
 emily | try nix derivation show $(readlink -f $(which ssh)) | 20:29:00 |
| matthewcroughan | The server is in a bit of a memory exploded state | 20:29:27 |
| matthewcroughan | dmesg has logs I see on my scrappy servers when bad memory things happen :D | 20:29:41 |
| matthewcroughan | Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:27 |
| matthewcroughan | * Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:30 |
| matthewcroughan | So yes, it is in fact vulnerable :D | 20:31:20 |
| emily | then I guess it's vulnerable | 20:31:24 |
| matthewcroughan | Shall we do a wordpress and hack it to fix it? | 20:31:43 |
| matthewcroughan | It'd probably just end up rebooting into the generation with the vulnerability anyway | 20:32:13 |
| emily | good luck, I don't think anyone has exploited it on a 64-bit system | 20:32:25 |
| matthewcroughan | Ah right, forgot about that | 20:32:39 |
