Post Syndicated from corbet original https://lwn.net/Articles/958318/

John Stawinski IV describes,
in detail, how he and a partner were able to compromise the security of the
heavily used PyTorch project.

Our exploit path resulted in the ability to upload malicious
PyTorch releases to GitHub, upload releases to AWS, potentially add
code to the main repository branch, backdoor PyTorch dependencies –
the list goes on. In short, it was bad. Quite bad.

As we’ve seen before with SolarWinds, Ledger, and others, supply
chain attacks like this are killer from an attacker’s
perspective. With this level of access, any respectable
nation-state would have several paths to a PyTorch supply chain
compromise.