Linux

65728 readers

546 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

131

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 18 hours ago by Vittelius@feddit.org to c/linux@lemmy.ml

48 comments fedilink hide all child comments

Arch Linux’s AUR is experiencing a malware incident involving user-contributed packages with malicious commits that attempt to download npm-based payloads during installation. (...)

Arch users should not update AUR packages without review. Examine PKGBUILD diffs, check any new .install files, and be cautious if updates introduce npm commands or dependencies unrelated to the software.

Users who recently updated affected AUR packages should review package history, examine executed suspicious install scripts, and treat any unexpected npm-based installation behavior as a possible compromise.

you are viewing a single comment's thread
view the rest of the comments

[–] MonkderVierte@lemmy.zip 2 points 16 hours ago* (last edited 16 hours ago) (1 children)

.... how do i make npm generally not work on Linux? I don't use it and with how attack vectors are the majority of cases via NPM... and can be shipped as a binary to .
Environment variables pointing to /dev/null? Application firewall? Or would just blocking some domain/IP suffice?

[–] sirico@feddit.uk 4 points 15 hours ago (1 children)

sudo {package-manager} remove npm nodejs sudo {package-manager} purge npm nodejs

npm: sudo tee /usr/local/bin/npm >/dev/null <<'EOF' #!/bin/sh echo "npm is blocked on this system." exit 1 EOF

sudo chmod 755 /usr/local/bin/npm

npx: sudo tee /usr/local/bin/npx >/dev/null <<'EOF' #!/bin/sh echo "npx is blocked on this system." exit 1 EOF

sudo chmod 755 /usr/local/bin/npx

Might break somethings but that's a part of boycotting something I guess.

[–] MonkderVierte@lemmy.zip 3 points 15 hours ago (1 children)

Thanks, but

and can be shipped as a binary to

[–] silasmariner@programming.dev 1 points 5 hours ago

You can't just ship a binary to a random location without knowing architecture, which is very relevant. Not everything is x86 any more. But you can do shell, and since aur is shell that should be good enough given the context of the article.