69
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads
(thehackernews.com)
this post was submitted on 02 Mar 2025
69 points (97.3% liked)
Technology
66067 readers
5112 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Given that a lot of Python software I see already by convention runs in a venv, which is at least somewhat-isolated from the rest of the system...I wonder how much harder it would be to make it the norm for most Python software to run in an isolated sandbox, without broader filesystem access. Like, kinda follow an Android-like model, where there's an application-private directory and permissions that mostly make the app keep to itself.
I do run some Python software in firejail. But it'd need to be a norm for how the software is distributed. Can't require a bunch of technical work on the part of end users.
You can't simultaneously have an executable that operates in a private sandbox and maintain all the features expected of the programming language.
You're correct. Not all software will be able to usefully run under such a restriction.
But I think that a very substantial amount probably can.