You are not logged in.
- Topics: Active | Unanswered
#1 2022-02-25 13:44:28
- hwallace
- Member
- Registered: 2021-08-30
- Posts: 82
risk of malicious wiki entries/edits
In a reddit discussion of the security of applications through the AUR a user suggests that since the wiki changes are not moderated there is a significant danger of malware introduction.
How significant is that risk?
Offline
#2 2022-02-25 13:45:32
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,496
- Website
Re: risk of malicious wiki entries/edits
Malware in a wiki? Perhaps you mean text that if executed on a machine by the user would result in breakage of a system? Hopefully your average Archer would know better than to rm -rf * or whatever.
Last edited by graysky (2022-02-25 13:46:37)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#3 2022-02-25 14:01:20
- hwallace
- Member
- Registered: 2021-08-30
- Posts: 82
Re: risk of malicious wiki entries/edits
Malware in a wiki? Perhaps you mean text that if executed on a machine by the user would result in breakage of a system? Hopefully your average Archer would know better than to rm -rf * or whatever.
Not that.
The issue is the possibility that someone would create an AUR link to malware.
Offline
#4 2022-02-25 14:30:34
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 19,301
Re: risk of malicious wiki entries/edits
Wiki changes are often looked at by the wiki administrators, especially big and popular sites, I doubt this would go unnoticed for long.
Online
#5 2022-02-25 14:37:20
- seth
- Member
- Registered: 2012-09-03
- Posts: 38,835
Re: risk of malicious wiki entries/edits
Also you'd first have to introduce the malware into the AUR *and* users not read the PKGBUILD of the AUR package… because they didn't read https://wiki.archlinux.org/title/Arch_U … g_packages
Offline