Krb5 & grep packaging appropriate?

Not sure if the following belongs in this category ( or even if Manjaro is responsible for this):

The krb5 package installs 2 man pages in /usr/share/man/man5 as a . file, which somewhat obfuscates its location. The file name in full is .k5identity.5.gz and .k5login.5.gz. While it is understandable the reasoning behind this file naming convention was chosen (since both man pages cover the relevent . files that can be found in a $HOME directory) it still seems to me ill advised since it would not listed on a cursory ls of the directory in question. (Nor am I sure I would have had the sense to pre-pend the . were I looking for these man pages. I only noticed this after running rkhunter on the system.

That being said, these files are not malicious whatsoever. They are legitimate man pages.

Another thing of note: fgrep and egrep found in /usr/bin are scripts apparently. While innocuous, I could see this providing a security weakness (albeit, one not likely to be exploited). Wouldn’t it be better served as an alias? (this is from the grep package.

Ok, was discussed on 2013 too, and probably comes up every now and then
https://bbs.archlinux.org/viewtopic.php?id=167410

Please do elaborate what constitutes the weakness … the fact that are scripts? How about /usr/bin/fsadm then ? part of lvm2 package

They will do the exact same thing, regardless.

I suppose since it is easier to, if you have access to the system, malicious change the script? as opposed to actually recompiling a binary.

But you are right, this present no real security threat.

In any event, thank you for the prompt response. And for the work you have done with Manjaro. .

In that case the entire system can be compromised.