[aur-general] acroread package compromised

Bennett Piater bennett at piater.name
Mon Jul 9 08:06:11 UTC 2018

On 07/08/2018 05:00 PM, Eli Schwartz via aur-general wrote:
> Side note on the acroread pastes: https://ptpb.pw/~x was executed by the
> PKGBUILD, which in turn executed https://ptpb.pw/~u. But the thing it
> installed declares an upload() function then tries to execute the
> contents of $uploader to actually upload the data collection.
> So it basically wouldn't work as-is anyway.

for x in /root /home/*; do
	if [[ -w "$x/compromised.txt" ]]; then
		echo "$FULL_LOG" > "$x/compromised.txt"

Looks to me like this is more of a warning than anything else, no?
Why would he create those files otherwise, given how much attention that
would attract?

GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180709/03dcf459/attachment.asc>

More information about the aur-general mailing list