71
Malicious AUR Checkup Script. (Not a silver bullet, but it helps) (discuss.cachyos.org)
submitted 1 day ago* (last edited 1 day ago) by ekZepp@lemmy.world to c/linux@lemmy.world
15 comments fedilink hide all child comments

All credit to Cscs https://discuss.cachyos.org/u/cscs/summary

you are viewing a single comment's thread
view the rest of the comments
[-] LostWanderer@fedia.io 1 points 1 day ago

Nah, nobody is recommending that you just rawdog this freaking script in a terminal, as it is only useful if you make use of the AUR! The golden rule is to evaluate every script that you see, decide if it is a good or bad, personally having read it there aren't any malicious instructions present in it. ML tools aren't particularly reliable, can be tricked, deliver false negative or false positive results, and will just dull your mind.

If one cannot read, evaluate, and come to a decision based on the information available...Arch simply isn't a good fit for the person in question. That is okay, and there are plenty of options.

Granted the AUR shouldn't be as easy to exploit as it was in this instance, it's a bit too wild west for my liking. There needs to be better protections that prevent such exploitation in the future, as there are clear exploitable weaknesses present with the AUR which need to be closed to prevent something low effort from happening again. The axiomatic truth of the AUR remains true: Do not trust, verify any PKGbuilds before installing software and before every single update.

this post was submitted on 17 Jun 2026
71 points (96.1% liked)

Linux

17847 readers
125 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 3 years ago
MODERATORS
MigratingtoLemmy@lemmy.world