the_enidFeb 16, 2024
Matt  

Ubuntu ‘Command Not Found’ Open to Exploit, Warn Experts

https://www.omgubuntu.co.uk/2024/02/security-researchers-detail-ubuntu-security-flaw #Linux #Security

Security Experts Warn of “Snap Trap” Exploit in Ubuntu - OMG! Ubuntu

Researchers at Aqua Nautilus say they've identified a security issue in the way Ubuntu's "command not found" feature works, which attackers can exploit to

OMG! Ubuntu
Feb 15, 2024 at 7:37pmWeb
Show threadPaul LFeb 15, 2024

@thelinuxcast
I mean they could at least wait a week before suggesting any new apps from a previously unseen developer or publisher (which are different attributes on the Snap Store) as a disincentive.

There are more safeguards that could be added but it would be a start.

That said I don't actually know if there is any review period when registering to publish on the store.

Someone else already suggested limiting it to verified developers (or publishers).

Show thread𝘋𝘪𝘳𝘬Feb 15, 2024
@thelinuxcast Call me a boomer, but a command interpreter should not suggest software, it should only print an error message about the fact that the command could not be found.