[Toybox] [landley/toybox] weak symbols hack broke the build (Issue #554)
Rob Landley
rob at landley.net
Wed Jul 2 10:16:03 PDT 2025
On 7/2/25 11:26, Rob Landley wrote:
> Sigh. I submitted _another_ removal request to check.spamhaus.org, and
> also sent a long explanatory message through their contact-center webform.
>
> I should have saved a copy of that message so I can send it to the NEXT
> one.
For reference, here's what I sent them:
I ship portable cross compiler binaries (as part of my old Aboriginal
Linux project), and a dozen years ago somebody used an old version of
the arm compiler I published to build their malware with, which (thanks
to gnu being bad at its job, especially back then) leaked the build path
of the libraries into all the binaries (rpath I think), which looked
like /home/landley/aboriginal...
Somebody decided that "landley" (my last name, and thus my username) was
a sufficiently unique string to identify this malware with, and even
their most strict reading of the path string would identify the compiler
tarball that had been used to build the malware binary as malware.
(Because they got cause and effect backwards.)
I ignored it until dreamhost took my site down for malware
(https://landley.net/notes-2024.html#24-04-2024 specficially identifying
the compiler binary from 2013), then in March urlhaus picked up block
and needed to be enaged on gitlab to stop it ala
https://mstdn.jp/@landley/114169242776698138 and now Google is using
your zen list to prevent the Android base OS maintainer from emailing me
or my toybox project's mailing list on lists.landley.net at dreamhost (I
wrote and maintain Google's command line utilities, see
https://lwn.net/Articles/629362/ and
https://android.googlesource.com/platform/external/toybox/ ) so he's
opening github issues to communicate, ala
https://github.com/landley/toybox/issues/554 (until github decides to
start blocking my email I guess?)
I requested removal last week, which worked for a few days, but my site
apparently got re-listed because whatever filter rule you have is still
saying my last name is a bad word.
Could a human please look at this?
Rob
P.S. Here's an example of somebody fishing said compiler build paths out
of malware made using my old compiler toolchains:
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
The compilers in question have been around forever:
https://landley.net/aboriginal/downloads/old/binaries/1.2.4/
I have no idea who uses my compilers, or what they build with them. Note
that the development project I produced those compilers for got
restarted under a new name in 2017:
https://landley.net/aboriginal/
My _current_ compilers (https://landley.net/bin/toolchains/) aren't
built under an "aboriginal" directory. (I'm using a wrapper around Rich
Felker's musl-cross-make.)
More information about the Toybox
mailing list