104

Active AUR malicious packages incident (archlinux.org)

submitted 1 day ago by nemeski@mander.xyz to c/linux@programming.dev

27 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Equinox1289@sh.itjust.works 6 points 1 day ago

This is why I prefer Flatpaks, or really any application sandboxing.

[-] Ooops@feddit.org 7 points 1 day ago

People not even checking the PKGBUILDs will also not check sandboxed applications to see if it was actually done properly...

[-] 9tr6gyp3@lemmy.world 6 points 1 day ago

AUR packages can be sandboxed with many different solutions. Any pckage can be sandboxed really.

[-] defaultusername@lemmy.dbzer0.com 9 points 1 day ago* (last edited 1 day ago)

This attack was executed by a script running in the PKGBUILD itself. You didn't have to run the application to be infected since just building it will infect your machine.

[-] patlefort@lemmy.world 2 points 23 hours ago

It also had an install script that will be run as root when the package is installed. Can't sandbox that.

[-] 9tr6gyp3@lemmy.world 3 points 1 day ago

Yeah, I bet the build process could also be sandboxed, but Im sure its not the default.

[-] defaultusername@lemmy.dbzer0.com 4 points 1 day ago

Sandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don't include a full list of dependencies.

this post was submitted on 12 Jun 2026

104 points (100.0% liked)

Linux

13931 readers

440 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev