Simplifying the xz backdoor
Throughout my career I’ve simplified many things others thought impossible, and I’ve done so by following a simple strategy few engage in: never surrender.
My past successes gave me the confidence to give a try to simplify one aspect of the xz backdoor: the installation of the hooks, but oh boy was I unprepared. One thing is to simplify code people did at least trying to not over-complicate things, an entirely different thing is to simply something the authors clearly did not intend for anyone to understand.
It turns out even that one thing is just way too complex. However, I did not give up, lowered my expectations, and was able to simplify at least the beginning of the backdoor.
This should be helpful for people like me who are trying to figure out ways to prevent something like this from happening in the future.
We’ll start slow to be extra careful, but if you trust me you can just check the initial patch and skip the first section.
