On 2025-05-02 at 09:43, Greg Wooledge wrote: > On Fri, May 02, 2025 at 15:31:18 +0200, Nicolas George wrote: > >> rhkra...@gmail.com (HE12025-05-02): >> >> > What lesson is that? >> >> Never run a script with any privileges unless you know exactly what it >> does. > > Or more generally: "Third-party package repositories are often not as > high-quality as Debian's repositories." > > Assuming it even *was* a package repository, and not just a loose > standalone .deb file. Either way, anything of that nature should be > approached with all due caution. > > For the OP, I'm guessing at some point they ran a command like: > > apt install hplip > > Or possibly: > > apt install ./Downloads/hplip_*.deb > > Or in the VERY worst-case scenario: > > dpkg -i ./Downloads/hplip_*.deb && apt -f install
From the original post, apparently it wasn't even a .deb file; it was a .run file. In my experience, such a file is a shell script with an embedded (usually self-extracting) binary payload, whose design intent is that you run the shell script as root and it extracts and installs the associated software. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
