From 94227173f6ce57781b0bbd708ac961bb739017f1 Mon Sep 17 00:00:00 2001 From: thib Date: Sat, 26 Oct 2019 00:06:11 +0200 Subject: [PATCH 1/2] appimage security warning --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e5c365f7c..9950795ee 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,12 @@ Official website: https://parity.io | Be sure to check out [our Wiki](https://wi - Double click on the file to install Fether. - Fether will be added to the program menu. +## Security warning + +- ### Don't run Fether as root +- ### Beware of suspicious symlinks called fether-x.y.z-x86_64.AppImage.home +This attack vector is applicable to any `AppImage` application. It consists in crafting a `.home` file/folder to be used as home folder by an AppImage application. The danger resides in the fact that this `.home` file could be a symlink somewhere on the user's computer. The AppImage would be using this new location as a home folder, in a non-transparent way. Running the application as root might damage a system, for example, by overflowing the /boot partition. + ## Build from sources ### Install dependencies From 41b8a7c8479144e1cdff11e820e5e8ba00ae7a73 Mon Sep 17 00:00:00 2001 From: thib Date: Sat, 26 Oct 2019 00:13:46 +0200 Subject: [PATCH 2/2] apply grammar suggestions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9950795ee..8015fa8e2 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ Official website: https://parity.io | Be sure to check out [our Wiki](https://wi - ### Don't run Fether as root - ### Beware of suspicious symlinks called fether-x.y.z-x86_64.AppImage.home -This attack vector is applicable to any `AppImage` application. It consists in crafting a `.home` file/folder to be used as home folder by an AppImage application. The danger resides in the fact that this `.home` file could be a symlink somewhere on the user's computer. The AppImage would be using this new location as a home folder, in a non-transparent way. Running the application as root might damage a system, for example, by overflowing the /boot partition. +This attack vector applies to any AppImage application. It consists of crafting a .home file/folder to be used as the home folder by an AppImage application. The danger resides in the fact that this .home file could be a symlink somewhere on the user's computer. The AppImage would be using this new location as a home folder, in a non-transparent way. Running the application as root might damage a system, for example, by overflowing the /boot partition. ## Build from sources