ihatelinux@sh.itjust.works to Linux@lemmy.ml · 6 months agoDoes any distro read through 100% of the source-code of a package before adding it to its repo?message-squaremessage-square56fedilinkarrow-up1123arrow-down19
arrow-up1114arrow-down1message-squareDoes any distro read through 100% of the source-code of a package before adding it to its repo?ihatelinux@sh.itjust.works to Linux@lemmy.ml · 6 months agomessage-square56fedilink
minus-squareNorgur@kbin.sociallinkfedilinkarrow-up38·6 months agoI’d expect them to properly comment it with “#-------Begin malicious shit--------”. COMMENT YOUR CODE, PEOPLE!
minus-squareatzanteol@sh.itjust.workslinkfedilinkEnglisharrow-up21·6 months agoThe exploit should be written in a way that it is obvious and doesn’t need commenting!
minus-squarelily33@lemm.eelinkfedilinkarrow-up14·edit-26 months agoOh, in that case we don’t need to read either - just run a simple grep!
minus-squareNorgur@kbin.sociallinkfedilinkarrow-up11·6 months agoThose malicious coders are too sly for that. Some write “Sh1t” to throw grep off, others even do a “B3g1n”… They are always one step ahead!
minus-squarelily33@lemm.eelinkfedilinkarrow-up5·6 months agoGood point. I’d try to grep for something like [Bb3][Ee3]g[Ii1][nη]\w+<and so on> but I just know I’ll miss something
I’d expect them to properly comment it with “#-------Begin malicious shit--------”.
COMMENT YOUR CODE, PEOPLE!
The exploit should be written in a way that it is obvious and doesn’t need commenting!
Oh, in that case we don’t need to read either - just run a simple grep!
Those malicious coders are too sly for that. Some write “Sh1t” to throw grep off, others even do a “B3g1n”… They are always one step ahead!
Good point. I’d try to grep for something like
[Bb3][Ee3]g[Ii1][nη]\w+<and so on>
but I just know I’ll miss something