5 Sep
2021
5 Sep
'21
1:16 a.m.
duncaen [1] filed a deletion request for opendoas-bin [2]: This is a forked version of the community/opendoas package. There are a number of issues: * This could give the false impression that its the same project as community/opendoas, the description is the same. * They added a flag that accepts a password, which leaks the password to anyone reading /proc/*/cmdline. * This is a binary package for a setuid binary (from an untrusted source), I only verified the "source", there is no guarantee that it doesn't add more malicious code. [1] https://aur.archlinux.org/account/duncaen/ [2] https://aur.archlinux.org/pkgbase/opendoas-bin/