ihatelinux@sh.itjust.works to Linux@lemmy.ml · 6 months agoDoes any distro read through 100% of the source-code of a package before adding it to its repo?message-squaremessage-square55fedilinkarrow-up10arrow-down10
arrow-up10arrow-down1message-squareDoes any distro read through 100% of the source-code of a package before adding it to its repo?ihatelinux@sh.itjust.works to Linux@lemmy.ml · 6 months agomessage-square55fedilink
minus-squareNorgur@kbin.sociallinkfedilinkarrow-up0·6 months agoI’d expect them to properly comment it with “#-------Begin malicious shit--------”. COMMENT YOUR CODE, PEOPLE!
minus-squarelily33@lemm.eelinkfedilinkarrow-up0·edit-26 months agoOh, in that case we don’t need to read either - just run a simple grep!
minus-squareNorgur@kbin.sociallinkfedilinkarrow-up0·6 months agoThose malicious coders are too sly for that. Some write “Sh1t” to throw grep off, others even do a “B3g1n”… They are always one step ahead!
minus-squarelily33@lemm.eelinkfedilinkarrow-up0·6 months agoGood point. I’d try to grep for something like [Bb3][Ee3]g[Ii1][nη]\w+<and so on> but I just know I’ll miss something
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up0·6 months agoThe exploit should be written in a way that it is obvious and doesn’t need commenting!
I’d expect them to properly comment it with “#-------Begin malicious shit--------”.
COMMENT YOUR CODE, PEOPLE!
Oh, in that case we don’t need to read either - just run a simple grep!
Those malicious coders are too sly for that. Some write “Sh1t” to throw grep off, others even do a “B3g1n”… They are always one step ahead!
Good point. I’d try to grep for something like
[Bb3][Ee3]g[Ii1][nη]\w+<and so on>but I just know I’ll miss somethingThe exploit should be written in a way that it is obvious and doesn’t need commenting!