FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-16-2009, 03:29 PM
Ron Johnson
 
Default security (malware) issues in Linux bases OSes

On 02/16/2009 08:26 AM, Paul E Condon wrote:

On 2009-02-15_17:26:23, Boyd Stephen Smith Jr. wrote:

On Sunday 15 February 2009 15:48:37 Ron Johnson wrote:

[W]hat's to stop Joe Wannabe from doing this?

$ sudo dpkg -i NakedBrittany.deb

What's to stop Joe Wannabe from doing this?
sudo rm -rf The Great American Novell / Movie


Joe Wannabe needs to learn more in order to do him self real harm.
Shouldn't it be:

sudo rm -rf "The Great American Novell"


That's the whole point. People coming from a gooey environment
don't think (about such things).



? ;-)
And, without testing it, I'm pretty sure that

sudo rm -rf /


is trapped and subject to special handling. At least, it should be,
IMHO.


I don't believe it. Show us!

--
Ron Johnson, Jr.
Jefferson LA USA

Supporting World Peace Through Nuclear Pacification


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 03:37 PM
Avi Greenbury
 
Default security (malware) issues in Linux bases OSes

Ron Johnson wrote:


I don't believe it. Show us!



In the interests of satisfying my curiosity:

vm-linux2:/# rm -rf /
rm: cannot remove root directory `/'
vm-linux2:/#


--
--
Avi Greenbury
http://aviswebsite.co.uk
http://aviswebsite.co.uk/asking-questions


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 03:41 PM
Ron Johnson
 
Default security (malware) issues in Linux bases OSes

On 02/15/2009 11:39 PM, T o n g wrote:

On Sun, 15 Feb 2009 15:48:37 -0600, Ron Johnson wrote:


Anyway, twice in the past few years, Debian servers have been
compromised. One time it was thru a weak DD user password,


You implication seems to be "Debian is not secure enough",


"Debian" can be made just as insecure as Windows. Anyway...

No, you are wrong. I was replying to your inference that package
signing makes everything ok.



but my conclusion
from above incident is quite the opposite from yours -- Debian is *amazingly*
secure.

If a Windoze PC is taken over by someone or some new malware that no
existing anti-virus software can detect, how soon can a normal Windows user
notice it? how soon can a experienced Windows admin, who is not working on
the box notice it? Make a rough guess and read the aforementioned intrusion
incident in Debian again. I don't know about you, but I was totally amazed
that two Debian admins in two different corners of the world noticed the
sign of intrusion at the first moment!



Sure, admins watching an important server. But how many of us run
IDS on our home boxes? Certainly not I...


--
Ron Johnson, Jr.
Jefferson LA USA

Supporting World Peace Through Nuclear Pacification


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 03:42 PM
Dave Ewart
 
Default security (malware) issues in Linux bases OSes

On Monday, 16.02.2009 at 16:37 +0000, Avi Greenbury wrote:

> Ron Johnson wrote:
>>
>> I don't believe it. Show us!
>>
>
> In the interests of satisfying my curiosity:
>
> vm-linux2:/# rm -rf /
> rm: cannot remove root directory `/'
> vm-linux2:/#

That's rather annoying. If I want to shoot myself in the foot, it
should let me. It's a bug that it doesn't :-)

Dave.

--
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
University of Oxford / Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7516, W 1.2152
 
Old 02-16-2009, 05:30 PM
David Jardine
 
Default security (malware) issues in Linux bases OSes

On Mon, Feb 16, 2009 at 04:42:18PM +0000, Dave Ewart wrote:
> On Monday, 16.02.2009 at 16:37 +0000, Avi Greenbury wrote:
>
> > In the interests of satisfying my curiosity:
> >
> > vm-linux2:/# rm -rf /
> > rm: cannot remove root directory `/'
> > vm-linux2:/#
>
> That's rather annoying. If I want to shoot myself in the foot, it
> should let me. It's a bug that it doesn't :-)

Perhaps rm -rf /* would do more or less what you want


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 05:40 PM
"H.S."
 
Default security (malware) issues in Linux bases OSes

Ron Johnson wrote:
> On 02/16/2009 04:30 AM, Dave Sherohman wrote:
>> On Sun, Feb 15, 2009 at 04:22:37PM -0300, Eduardo M KALINOWSKI wrote:
>>> But neither of these help in case a stupid user receives an e-mail
>>> saying:
>>>
>>> Run 'sudo dpkg -i FreePornPics.deb to see <insert celebrity name here>'s
>>> secret sex tape'.
>>
>> No, but it still wouldn't get far because, unlike all the major Windows
>> malware threats, this requires the user to do actual *typing* (eww!
>> yuck!) instead of just going clicky-clicky or auto-running as soon as
>> the message is previewed.
>>
>
> You have a point. However...
>
> Hooking file-roller into gksu and dpkg wouldn't be that hard.
>
> In fact, I wouldn't be surprised if that weren't already the case.
>

I think Ubuntu does it. You download a deb to your desktop, double click
on it and the GUI leads you through the installation after asking for
the sudo password. So, yes, you need to be an admin for this.

What I haven't seen yet is a deb which does not need even sudo
privileges so that the package is installed in the user's own home
directory. If this were practical, wouldn't be hard to envision a key
logger being installed to record the user's login names and passwords.
Is this something that is feasible?




--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 07:02 PM
Dotan Cohen
 
Default security (malware) issues in Linux bases OSes

> In the interests of satisfying my curiosity:
>
> vm-linux2:/# rm -rf /

Here I hold my breath!

> rm: cannot remove root directory `/'
> vm-linux2:/#
>

Here I sigh and change my pants. And of course, the ob:
http://xkcd.com/242/

--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-*-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-*-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه*-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-*-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-*-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü
 
Old 02-16-2009, 08:42 PM
Ron Johnson
 
Default security (malware) issues in Linux bases OSes

On 02/16/2009 12:40 PM, H.S. wrote:

Ron Johnson wrote:

On 02/16/2009 04:30 AM, Dave Sherohman wrote:

On Sun, Feb 15, 2009 at 04:22:37PM -0300, Eduardo M KALINOWSKI wrote:

But neither of these help in case a stupid user receives an e-mail
saying:

Run 'sudo dpkg -i FreePornPics.deb to see <insert celebrity name here>'s
secret sex tape'.

No, but it still wouldn't get far because, unlike all the major Windows
malware threats, this requires the user to do actual *typing* (eww!
yuck!) instead of just going clicky-clicky or auto-running as soon as
the message is previewed.


You have a point. However...

Hooking file-roller into gksu and dpkg wouldn't be that hard.

In fact, I wouldn't be surprised if that weren't already the case.



I think Ubuntu does it.


Why am I *not* surprised?


You download a deb to your desktop, double click
on it and the GUI leads you through the installation after asking for
the sudo password. So, yes, you need to be an admin for this.

>

What I haven't seen yet is a deb which does not need even sudo
privileges so that the package is installed in the user's own home
directory. If this were practical, wouldn't be hard to envision a key
logger being installed to record the user's login names and passwords.
Is this something that is feasible?


Sure. The keylogger would have to add itself to the "autostart
folder", but that's no mean feat.


--
Ron Johnson, Jr.
Jefferson LA USA

Supporting World Peace Through Nuclear Pacification


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 08:55 PM
"H.S."
 
Default security (malware) issues in Linux bases OSes

Ron Johnson wrote:

>
> Sure. The keylogger would have to add itself to the "autostart folder",
> but that's no mean feat.
>

I am sorry, what is an auto start folder in relation to Debian or Ubuntu?

I would expect it to put a line in .bashrc to start automatically when
user logs in or perhaps put in a crobtab entry for the user.



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 09:05 PM
Ron Johnson
 
Default security (malware) issues in Linux bases OSes

On 02/16/2009 03:55 PM, H.S. wrote:

Ron Johnson wrote:


Sure. The keylogger would have to add itself to the "autostart folder",
but that's no mean feat.



I am sorry, what is an auto start folder in relation to Debian or Ubuntu?


The same people who would install NakedBrittany.deb are the same
ones who log in thru gdm, probably without even a password.



I would expect it to put a line in .bashrc to start automatically when
user logs in or perhaps put in a crobtab entry for the user.


Does .bashrc execute from within gdm, or only when you open a
terminal window?


--
Ron Johnson, Jr.
Jefferson LA USA

Supporting World Peace Through Nuclear Pacification


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org