Nemeski@mander.xyz to Linux@programming.dev · 2 days agoActive AUR malicious packages incidentarchlinux.orgexternal-linkmessage-square27linkfedilinkarrow-up1104arrow-down10
arrow-up1104arrow-down1external-linkActive AUR malicious packages incidentarchlinux.orgNemeski@mander.xyz to Linux@programming.dev · 2 days agomessage-square27linkfedilink
minus-squareDefault Username@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up9·2 days agoThis attack was executed by a script running in the PKGBUILD itself. You didn’t have to run the application to be infected since just building it will infect your machine.
minus-squarepatlefort@lemmy.worldlinkfedilinkarrow-up2·1 day agoIt also had an install script that will be run as root when the package is installed. Can’t sandbox that.
minus-square9tr6gyp3@lemmy.worldlinkfedilinkEnglisharrow-up3·2 days agoYeah, I bet the build process could also be sandboxed, but Im sure its not the default.
minus-squareDefault Username@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·2 days agoSandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don’t include a full list of dependencies.
This attack was executed by a script running in the PKGBUILD itself. You didn’t have to run the application to be infected since just building it will infect your machine.
It also had an install script that will be run as root when the package is installed. Can’t sandbox that.
Yeah, I bet the build process could also be sandboxed, but Im sure its not the default.
Sandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don’t include a full list of dependencies.