70
Malicious AUR Checkup Script. (Not a silver bullet, but it helps)
(discuss.cachyos.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Jun 2026
70 points (96.1% liked)
Linux
17847 readers
187 users here now
Welcome to c/linux!
Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!
Rules:
-
Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
-
Be respectful: Treat fellow community members with respect and courtesy.
-
Quality over quantity: Share informative and thought-provoking content.
-
No spam or self-promotion: Avoid excessive self-promotion or spamming.
-
No NSFW adult content
-
Follow general lemmy guidelines.
founded 3 years ago
MODERATORS
Thanks for sharing.
But, please stop using the curl command piped into a terminal pattern. Malicious actors have been abusing the fuck out of this pattern ever since the idiots at Anthropic decided that would be the official install pattern for Claude. I've been cleaning up infections based on people just blindly running shit like that constantly over the last couple months.
Folks, never run a random script from the internet, without being sure what you are actually about to run. If using AUR packages is considered risky. Random scripts being piped into a terminal ranks right up there with sticking your dick in a blender.
This is so stupid but really hard to avoid. Before I had a gz link and I knew I'd download, check Sha or signature, export path and ready.
Tried installing antigravity and it's this stupid thing. So I downloaded a large script, read a lot of it, didn't find something easy to put together to figure out what binary to download. Took me quite some time to install something that should have taken 2 minutes.
Ah and I'm told it auto upgrades. Great, now I have a back door too.
Replace this tool with basically anything, because pages don't have download links anymore. Soon there will be nothing published in curated repos like brew, nix, debían etc
I made a spite-site a few years ago for this very purpose https://stoppip.ing/
Longer than that. In particular, a malicious server can detect when a script is being viewed or downloaded vs being piped to a shell, and can serve something different. https://web.archive.org/web/20250622061208/https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
Wow. Learn something new everyday.
Thanks for sharing.
Excellent imagery.
And so true.
And I'm guilty of it myself, even though I know better.
That must make for embarrassing discussions with your doctor.
Bravo! (sincere, not sarcastic)
I actually had to go back and re-read what I posted to understand your answer. I am apparently a derp today.
I agree that's why i've posted the main link and author. Still is a fair point. I'll remove the code from the description.