Article: Hidden Dangers within Ubuntu's Package Suggestion System

The TLDR of this article is that when you try to run a command that isn’t on your system, the command-not-found package will offer apt and snap suggestions. However, it’s possible for people to create malicious snap packages to appear in this list. With that malicious package, they could rely on insecure autoconnect interfaces like X11 to perform malicious options.

Posting it here so that a solution could be found to prevent such malicous uses of the command-not-found tool.

1 Like