Mitigate Baron SameEdit (CVE-2021-3156) vulnerability


Polymorphing for Linux Overview

This section details how to install Polyverse’s polymorphic packages from an internet-connected machine. Polymorphing for Linux becomes the primary repository on the targeted system. This allows all supported packages to be retrieved from the Polyverse scrambled binary repository, and any custom, private, or unsupported packages to be retrievable from their original repositories. Every package downloaded is unique to the specific customer, and each used package is replaced every twenty-four hours.

Install curl

If you haven't installed curl yet, install it.

apk add curl

Make sure your operating system is up-to-date

apk update && apk upgrade

Install Polymorphing for Linux

Note: Replace the demo registration key with your own, user-specific registration key.

curl -s | sh -s install <Your registration key here>

Reinstall all packages

apk update && apk upgrade --no-cache --available && sed -in 's/^#//g' /etc/apk/repositories && apk update

Please reboot after re-installation, unless you're running in a container.

The configuration and installation is complete at this point.

Back to top

Uninstalling Polymorphing for Linux

Uninstalling Polyverse is a quick task. The high-level steps are as follows:

  1. Remove any references to the Polyverse scrambled binary repository from the system repository configuration files or folders
  2. Reinstall all packages so that they are downloaded from the remaining referenced repositories (which will not include Polyverse)

Remove the Polyverse Repository References

There is a script provided to automatically perform the removal of the Polyverse repository references. It can be executed using the following command:

curl -s | sh -s install --uninstall

Reinstall all packages

apk update && apk upgrade --no-cache --available && sed -in 's/^#//g' /etc/apk/repositories && apk update

The configuration and uninstallation is complete at this point.

Back to top


Missing Packages

The package may not actually be available. Use this command to determine if the package is available for download from the repository.

apk search <package_name>
Back to top

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.