The average Linux user has probably hundreds of binaries installed. The 99% of those binaries are not reproducible, which means there's no way to know if that binary is compromised.
The average Linux distro's repositories have tens of thousands of packages built by unknown volunteers.
Modifying a binaries code to introduce a keylogger would be amazingly easy. Noone would ever notice.
This is the reason why, if you don't build from source, you are fucking retarded.
Okay, then build from source if you're that scizo. If there was a keylogger someone would probably see it in wireshark and tell everyone.
Jeremiah Cruz
>What if the compiler is compromised?
What if your very CPU is compromised.
Josiah Peterson
>someone would probably see it how many OpenSSL vulns will it take to disabuse you of this stale meme?
Thomas Martinez
>PEPE PEPE PEPE >I GOT BOXES OF PEPE
Sebastian Bell
The possibility of such an exploit being possible in the wild is close to zero.
If the compiler is compromised, and you build a different compiler with it, how would it inject malicious code on it?
Jeremiah Allen
hint: if your architecture is x86_64, your CPU is compromised
Jason Allen
that's why I only use operating system written and compiled by myself, that runs on hardware I made out of scrap metal and silicon I've found in trash near a hospital
Gavin Taylor
rkhunter and other software can detect any unwanted changes to files with hashing
Ethan Gutierrez
Post this every time a dum stupid frogposter decides to shit up this place more than it already is. I would personally shake your hand if I could.
>desperately trying to get attention by replying to everyone
Eat shit
Asher Gonzalez
see
Cameron Robinson
>The possibility of such an exploit being possible in the wild is close to zero. yet this is exactly what the Chinese government used to spy on iPhone users in China (see: XcodeGhost)
Alexander Hughes
neck yourself retardo I bet you have tiny white cock
Ethan Miller
No, YOU eat shit you frogposting scum. see see
Leo Fisher
Why do you post the frogs? What compels you to such absolute lunacy?
Elijah Roberts
>sperging out because of a frog
Angel Butler
If Linux is so insecure then why is it always Wincucks that get pwned?
Because it has a bigger marketshare and is used by literal brainlets.
Josiah Kelly
You don't understand, every thread this stupid frog gets posted with is a steaming shitfest underage retards who think shitting up this site for "le luls" is fucking epic and will go home to circlejerk to their discord mentally ill trannies.
Why isn't this stupid piece of shit a bannable offense yet, why does does this website have to be so ass backwards as FUCK.
BAN ME YOU USELESS COCKSUCKING HOT PICKET EATING PIECE OF SHIT JANNY THAT CAN'T DO HIS FUCKING JOB.
William Martinez
(THIS USER HAS BEEN BANNED FOR THIS POST)
DO IT YOU PUSSY, TAKE THE WHOLE WEBSITE DOWN FOR THE GOOK OVERLORD
Gabriel Gray
>pepeposting literally causes mental breakdowns and schizophrenia nice
Easton Flores
>le ebin contrarian faggot kys
Kevin Flores
I hate frogposters but that's too much.
If you want to know how it looks when that happens to your soul, subscribe to Londonfrog.
Yeah mate, a random stack overflow is totally the same as a keylogger.
Nolan Rodriguez
Binaries are reproducible???? You suck OP
Ryan Brooks
If I understand correctly, Chinks downloaded a pirated version of a compiler that introduced malicious code.
But, if they used that compiler/toolchain to compile another compiler from source, would that new compiler start putting malicious code into their apps? (X) Doubt.
Joshua Gutierrez
Why would you make your life so difficult? Why not just target retarded Arch users and put malware into AUR packages?
Grayson Robinson
> linux is the only place that you can build a reproducible system from source code > other systems require binary blobs and/or build systems that don't create reproducible binaries > linux is dangerous because of this
Aiden Cook
I'm having a hard time in life right now. I've been fighting a battle with religion for way too long and I've only started to come to terms with it in recent months. Thank you for posting this user, and God bless you. I can go to sleep tonight with peace in my heart being reminded of this.
Even if you build from source that assumes you to actually read every line of source. Totally easy for some compromised source to hide obfuscated in the labyrinth of packages.
Nobody is going to comb through line by line you autist.
Benjamin Johnson
>cpu compromised oh fugg What if YOU are compromised? Would you even know?
Cooper Russell
This. What if the source code was compromised? You're still essentially trusting the maintainer + community's competency. Simply put, be skeptical if it hasn't been audited.
Anthony Carter
>[Reeeeeeeees internally]
Easton Parker
Actually dude look up the reproducible binary project. Most of debian is reproducibly compiled.
Isaac Smith
Nigger that's not enough. You gotta recognize the odor of the common execution patterns and smell your processor before and during important instruction executions and sniff out any differences in odor.
Xavier Ramirez
Shame it's just make believe.
Eli Adams
Wow big whoop. How many people get infected a year? 0?
Asher Jenkins
What if somebody wrote a key logger into the source and you build it with the main application.
Or are you going to read potentially 100,000 lines of code before building?
Cooper Hughes
Nope. Auditing isnt foolproof either.
An npm package got compromised some time ago. New owner silently took over. He put malware in the latest 2.x release but ledt 3.x clean. All the legacy package.jsons upgraded to the latest non breaking 2.x tepease and got the malware.
The dogshit npm audit package only inspected the latest 3.x release.
You didn't even have to use the package directly. It could have been a sub dependency.
Lucas Russell
>This is the reason why, if you don't build from source, you are fucking retarded.
This is the reason why you place your trust somewhere since no one has the time to check every piece of code manually.