[Toybox] [landley/toybox] weak symbols hack broke the build (Issue #554)

Rob Landley rob at landley.net
Wed Jul 2 10:16:03 PDT 2025


On 7/2/25 11:26, Rob Landley wrote:
> Sigh. I submitted _another_ removal request to check.spamhaus.org, and 
> also sent a long explanatory message through their contact-center webform.
> 
> I should have saved a copy of that message so I can send it to the NEXT 
> one.

For reference, here's what I sent them:

I ship portable cross compiler binaries (as part of my old Aboriginal 
Linux project), and a dozen years ago somebody used an old version of 
the arm compiler I published to build their malware with, which (thanks 
to gnu being bad at its job, especially back then) leaked the build path 
of the libraries into all the binaries (rpath I think), which looked 
like /home/landley/aboriginal...

Somebody decided that "landley" (my last name, and thus my username) was 
a sufficiently unique string to identify this malware with, and even 
their most strict reading of the path string would identify the compiler 
tarball that had been used to build the malware binary as malware. 
(Because they got cause and effect backwards.)

I ignored it until dreamhost took my site down for malware 
(https://landley.net/notes-2024.html#24-04-2024 specficially identifying 
the compiler binary from 2013), then in March urlhaus picked up block 
and needed to be enaged on gitlab to stop it ala 
https://mstdn.jp/@landley/114169242776698138 and now Google is using 
your zen list to prevent the Android base OS maintainer from emailing me 
or my toybox project's mailing list on lists.landley.net at dreamhost (I 
wrote and maintain Google's command line utilities, see 
https://lwn.net/Articles/629362/ and 
https://android.googlesource.com/platform/external/toybox/ ) so he's 
opening github issues to communicate, ala 
https://github.com/landley/toybox/issues/554 (until github decides to 
start blocking my email I guess?)

I requested removal last week, which worked for a few days, but my site 
apparently got re-listed because whatever filter rule you have is still 
saying my last name is a bad word.

Could a human please look at this?

Rob

P.S. Here's an example of somebody fishing said compiler build paths out 
of malware made using my old compiler toolchains:

https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days

The compilers in question have been around forever:

https://landley.net/aboriginal/downloads/old/binaries/1.2.4/

I have no idea who uses my compilers, or what they build with them. Note 
that the development project I produced those compilers for got 
restarted under a new name in 2017:

https://landley.net/aboriginal/

My _current_ compilers (https://landley.net/bin/toolchains/) aren't 
built under an "aboriginal" directory. (I'm using a wrapper around Rich 
Felker's musl-cross-make.)


More information about the Toybox mailing list