I was thinking of potentially running that script as another check within the {safeinstall} package (https://github.com/Pakillo/safeinstall). Does that sound like a good idea to you? Or better just warn that rds/rda files have been found, and point users to your repo?
I would ask that nobody share the links on Fosstodon if at all possible. Nobody there will see my post or boosts of it, and I kind of want everyone still on that server to suffer b/c of the daft folks who operate that instance.
@hrbrmstr@klmr@idavydov@AlexandreSieira Holy cow. So if I read this correctly, I could potentially pull down an .rda file and the exploit would go undetected by any antivirus and be activated upon a call to read_rds()?
@DataAngler@klmr@idavydov@AlexandreSieira "yes” is the quickest answer. Download the rda in that repo, load it and quit R for a demo. Lots of paths for shenanigans.
Add comment