[kwlug-disc] Malware found in Ubuntu Snaps Store
Khalid Baheyeldin
kb at 2bits.com
Sun May 13 12:03:33 EDT 2018
On Sun, May 13, 2018 at 11:53 AM, Remi Gauvin <remi at georgianit.com> wrote:
> On 2018-05-13 11:15 AM, Khalid Baheyeldin wrote:
> > We were sheltered because the tried and tested methodology of
> repositories
> > made us immune to this for ~ 25 years or so.
>
> One of the things I like about Ubuntu is the great ecosystem of PPA's.
> Over the past several years, I found PPA's did a great job of filling
> the gaps between what makes it into a relatively stable distro, and
> those software packages I need to be newer for a specific task. PPA's
> were certainly more convenient that downloading and compiling from source.
>
> In this regards, I'm a little torn. On the one hand, it's just as easy
> for a bad or careless actor to put a bad package in a PPA. Without
> Snaps isolation, such a package would root a system, essential requiring
> a fresh install, or snapshot restore to guarantee system integrity. Not
> to mention her irrevocable lose of private/secret information.
>
> However, in the case of PPA's I could carefully choose which PPA I drew
> packages from, (and therefore, essentially, who to trust with the
> system.) With the snap store just allowing anyone to put whatever in
> one big repository...well,, we all already know exactly where that
> leads, and Ubuntu has provided an example in record time.
While PPAs can include malware, it less likely. Why? Because PPAs are
usually created by someone to fill a niche (like you say). For example,
having older, or newer, versions of packages available.
Examples include:
Older PHP versions on LTS releases,
Newer still experimental GIMP releases with 16/32 bit colour,
Newer KStars version with all the latest astrophotography features
Usually, these PPAs have their source published somewhere (Launchpad)
and are built nightly automatically from that source. So the source can
be inspected.
And usually, there is a community behind these, and many users. If
someone tries to slip in malware, it will be discovered quickly.
Reminds of some 12 or so years back, when the founder of Wordpress
tried to slip in invisible link farm stuff in Wordpress, with negative CSS
offsets, but was outed quickly, and apologized.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180513/a68effa2/attachment.htm>
More information about the kwlug-disc
mailing list