106
submitted 1 month ago by nemeski@mander.xyz to c/linux@programming.dev
you are viewing a single comment's thread
view the rest of the comments
[-] Equinox1289@sh.itjust.works 6 points 1 month ago

This is why I prefer Flatpaks, or really any application sandboxing.

[-] Ooops@feddit.org 7 points 1 month ago

People not even checking the PKGBUILDs will also not check sandboxed applications to see if it was actually done properly...

[-] 9tr6gyp3@lemmy.world 6 points 1 month ago

AUR packages can be sandboxed with many different solutions. Any pckage can be sandboxed really.

[-] defaultusername@lemmy.dbzer0.com 9 points 1 month ago* (last edited 1 month ago)

This attack was executed by a script running in the PKGBUILD itself. You didn't have to run the application to be infected since just building it will infect your machine.

[-] 9tr6gyp3@lemmy.world 3 points 1 month ago

Yeah, I bet the build process could also be sandboxed, but Im sure its not the default.

[-] defaultusername@lemmy.dbzer0.com 4 points 1 month ago

Sandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don't include a full list of dependencies.

[-] patlefort@lemmy.world 2 points 1 month ago

It also had an install script that will be run as root when the package is installed. Can't sandbox that.

this post was submitted on 12 Jun 2026
106 points (100.0% liked)

Linux

14309 readers
377 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS