Malicious Software Packages Found On Arch Linux User Repository
7월 11, 2018
Yet another incident that shows why you should never blindly trust packages from user-controlled software repositories. Arch Linux , one of the most popular independently developed Linux distributions, has removed three packages from its community-driven Arch User Repository (AUR) after they were found to contain malicious code. Arch Linux is a general-purpose GNU/Linux distribution focused on free and open-source software with strong community involvement. In addition to its official repositories, users often rely on the AUR for additional packages maintained by fellow users. Because AUR packages are user-submitted, Arch maintainers have always advised users to carefully inspect the PKGBUILD and any .install files for suspicious commands before building and installing them. Compromised PDF Viewer Found on Arch Linux AUR On June 7, a malicious user nicknamed "xeactor" adopted an orphaned AUR package called acroread (a PDF vie...
