You are not logged in.

#1 2022-02-25 13:44:28

hwallace
Member
Registered: 2021-08-30
Posts: 53

risk of malicious wiki entries/edits

In a reddit discussion of the security of applications through the AUR a user suggests that since the wiki changes are not moderated there is a significant danger of malware introduction.

How significant is that risk?

Offline

#2 2022-02-25 13:45:32

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,382
Website

Re: risk of malicious wiki entries/edits

Malware in a wiki?  Perhaps you mean text that if executed on a machine by the user would result in breakage of a system?  Hopefully your average Archer would know better than to rm -rf * or whatever.

Last edited by graysky (2022-02-25 13:46:37)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2022-02-25 14:01:20

hwallace
Member
Registered: 2021-08-30
Posts: 53

Re: risk of malicious wiki entries/edits

graysky wrote:

Malware in a wiki?  Perhaps you mean text that if executed on a machine by the user would result in breakage of a system?  Hopefully your average Archer would know better than to rm -rf * or whatever.

Not that.
The issue is the possibility that someone would create an AUR link to malware.

Offline

#4 2022-02-25 14:30:34

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 16,186

Re: risk of malicious wiki entries/edits

Wiki changes are often looked at by the wiki administrators, especially big and popular sites, I doubt this would go unnoticed for long.

Offline

#5 2022-02-25 14:37:20

seth
Member
Registered: 2012-09-03
Posts: 28,838

Re: risk of malicious wiki entries/edits

Also you'd first have to introduce the malware into the AUR *and* users not read the PKGBUILD of the AUR package… because they didn't read https://wiki.archlinux.org/title/Arch_U … g_packages

Online

Board footer

Powered by FluxBB