Nemeski@mander.xyz to Linux@programming.dev · 10 days agoActive AUR malicious packages incidentarchlinux.orgexternal-linkmessage-square27linkfedilinkarrow-up1105arrow-down10
arrow-up1105arrow-down1external-linkActive AUR malicious packages incidentarchlinux.orgNemeski@mander.xyz to Linux@programming.dev · 10 days agomessage-square27linkfedilink
minus-squareDefault Username@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up9·edit-210 days agoThis attack was executed by a script running in the PKGBUILD itself. You didn’t have to run the application to be infected since just building it will infect your machine.
minus-square9tr6gyp3@lemmy.worldlinkfedilinkEnglisharrow-up3·10 days agoYeah, I bet the build process could also be sandboxed, but Im sure its not the default.
minus-squareDefault Username@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·10 days agoSandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don’t include a full list of dependencies.
minus-squarepatlefort@lemmy.worldlinkfedilinkarrow-up2·9 days agoIt also had an install script that will be run as root when the package is installed. Can’t sandbox that.
This attack was executed by a script running in the PKGBUILD itself. You didn’t have to run the application to be infected since just building it will infect your machine.
Yeah, I bet the build process could also be sandboxed, but Im sure its not the default.
Sandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don’t include a full list of dependencies.
It also had an install script that will be run as root when the package is installed. Can’t sandbox that.