[aur-requests] [PRQ#28011] Deletion Request for opendoas-bin

notify at aur.archlinux.org notify at aur.archlinux.org
Sat Sep 4 23:16:09 UTC 2021


duncaen [1] filed a deletion request for opendoas-bin [2]:

This is a forked version of the community/opendoas package.

There are a number of issues:
* This could give the false impression that its the same project as
community/opendoas, the description is the same.
* They added a flag that accepts a password, which leaks the password
to anyone reading /proc/*/cmdline.
* This is a binary package for a setuid binary (from an untrusted
source), I only verified the "source", there is no guarantee that it
doesn't add more malicious code.

[1] https://aur.archlinux.org/account/duncaen/
[2] https://aur.archlinux.org/pkgbase/opendoas-bin/


More information about the aur-requests mailing list