9 Jul
2018
9 Jul
'18
8:06 a.m.
On 07/08/2018 05:00 PM, Eli Schwartz via aur-general wrote:
Side note on the acroread pastes: https://ptpb.pw/~x was executed by the PKGBUILD, which in turn executed https://ptpb.pw/~u. But the thing it installed declares an upload() function then tries to execute the contents of $uploader to actually upload the data collection.
So it basically wouldn't work as-is anyway.
for x in /root /home/*; do if [[ -w "$x/compromised.txt" ]]; then echo "$FULL_LOG" > "$x/compromised.txt" fi done Looks to me like this is more of a warning than anything else, no? Why would he create those files otherwise, given how much attention that would attract? -- GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808