Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?) (http://www.linux-archive.org/fedora-user/551174-f15-why-does-gnome-shell-automatically-start-adobe-acroread-updater-malware.html)

"Darryl L. Pierce" 07-11-2011 08:56 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
On Mon, Jul 11, 2011 at 04:19:31PM -0400, Deron Meranda wrote:
> For some reason, my Gnome 3 shell process has forked off an 'acroread'
> process which I did not start!
>
> It appears to be attempting to install itself or do something in the
> background. This is completely unacceptable, nothing should ever
> attempt to download and run some unauthenticated script and should
> never attempt to install anything without my explicit knowledge and
> permission!
>
> I consider this to be a security breach and failure of the Fedora
> security policies to permit this. In fact there should be a separate
> SELinux context for this commercial app just so it can't do anything
> to my system without my knowledge.
>
> UID PID PPID C STIME TTY TIME CMD
> XXX 2509 2483 0 Jul10 ? 00:00:01 gnome-session
> XXX 2615 2509 1 Jul10 ? 00:12:04 /usr/bin/gnome-shell
> XXX 16717 2615 0 13:46 ? 00:00:08 acroread
> XXX 16769 16717 20 13:46 ? 00:29:25 /bin/sh
> /tmp/acrobat.n9vv0T/AdobeReader/INSTALL --lzma=/home/XXX
> XXX 7662 16769 0 15:40 ? 00:00:00 [INSTALL] <defunct>
>
> Does the Gnome shell have some sort of auto-start or auto-update
> capability in it, that perhaps Adobe has surreptitiously hooked itself
> into. And how do I get it back out?

Yes, it does. Run gnome-session-properties and look at the list of
applications that will automatically load at session start.

> (The only reason I even have Adobe reader is because Evince can not
> fully handle the US IRS tax forms.)

What I'm failing to see is how this is a failing of Fedora. You
installed a non-Fedora package on your system (AdobeReader is not a part
of Fedora) and it is that non-Fedora package that appears to be doing
things in the background on your system. You can blame the distro for
compromising your system when you were the one who circumvented the
trusted packages list and installed something else.

--
Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Daniel J Walsh 07-11-2011 08:57 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/11/2011 04:19 PM, Deron Meranda wrote:
> For some reason, my Gnome 3 shell process has forked off an 'acroread'
> process which I did not start!
>
> It appears to be attempting to install itself or do something in the
> background. This is completely unacceptable, nothing should ever
> attempt to download and run some unauthenticated script and should
> never attempt to install anything without my explicit knowledge and
> permission!
>
> I consider this to be a security breach and failure of the Fedora
> security policies to permit this. In fact there should be a separate
> SELinux context for this commercial app just so it can't do anything
> to my system without my knowledge.
>
> UID PID PPID C STIME TTY TIME CMD
> XXX 2509 2483 0 Jul10 ? 00:00:01 gnome-session
> XXX 2615 2509 1 Jul10 ? 00:12:04 /usr/bin/gnome-shell
> XXX 16717 2615 0 13:46 ? 00:00:08 acroread
> XXX 16769 16717 20 13:46 ? 00:29:25 /bin/sh
> /tmp/acrobat.n9vv0T/AdobeReader/INSTALL --lzma=/home/XXX
> XXX 7662 16769 0 15:40 ? 00:00:00 [INSTALL] <defunct>
>
> Does the Gnome shell have some sort of auto-start or auto-update
> capability in it, that perhaps Adobe has surreptitiously hooked itself
> into. And how do I get it back out?
>
>
> (The only reason I even have Adobe reader is because Evince can not
> fully handle the US IRS tax forms.)

Look in
/etc/xdg/autostart





or
in ~/.config/autostart
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4bY50ACgkQrlYvE4MpobMgCQCfZ4iPVFe+FY SFpuXxoz78jKwV
yo0AoKV2Ou2mznHDj1c2v9aBFlB7RZZU
=9caG
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

"Darryl L. Pierce" 07-11-2011 09:02 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
On Mon, Jul 11, 2011 at 04:56:56PM -0400, Darryl L. Pierce wrote:
> What I'm failing to see is how this is a failing of Fedora. You
> installed a non-Fedora package on your system (AdobeReader is not a part
> of Fedora) and it is that non-Fedora package that appears to be doing
> things in the background on your system. You can blame the distro for

s/can/can't/

Doh!

> compromising your system when you were the one who circumvented the
> trusted packages list and installed something else.

--
Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Bruno Wolff III 07-11-2011 09:07 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
On Mon, Jul 11, 2011 at 17:13:27 -0400,
Deron Meranda <deron.meranda@gmail.com> wrote:
>
> I do blame Adobe though. Yes, I contemplated very long very before
> installing acroread because I do try to keep my system extremely pure
> .. but alas, the needs to fill out tax forms nudged me over. But
> Adobe to their failing did not notify me that their software would
> periodically attempt to download and install software on my system
> without my knowledge. Bad on them.

If you just needed fill out forms, evince might have worked for you.

> Concerning Fedora. This could perhaps be partially guarded against if
> there were an SELinux context into which I could label the "foreign"
> software -- that would prohibit it from accessing the network, or
> running scripts out of /tmp. Is there such a type label that I could
> chcon /usr/local/bin/acroread ??

You can run programs in a sandbox which will limit what they can do.
You can use 'man sandbox' to see how to use it.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Bruno Wolff III 07-11-2011 09:07 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
On Mon, Jul 11, 2011 at 17:13:27 -0400,
Deron Meranda <deron.meranda@gmail.com> wrote:
>
> I do blame Adobe though. Yes, I contemplated very long very before
> installing acroread because I do try to keep my system extremely pure
> .. but alas, the needs to fill out tax forms nudged me over. But
> Adobe to their failing did not notify me that their software would
> periodically attempt to download and install software on my system
> without my knowledge. Bad on them.

If you just needed fill out forms, evince might have worked for you.

> Concerning Fedora. This could perhaps be partially guarded against if
> there were an SELinux context into which I could label the "foreign"
> software -- that would prohibit it from accessing the network, or
> running scripts out of /tmp. Is there such a type label that I could
> chcon /usr/local/bin/acroread ??

You can run programs in a sandbox which will limit what they can do.
You can use 'man sandbox' to see how to use it.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Deron Meranda 07-11-2011 09:13 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
> What I'm failing to see is how this is a failing of Fedora. You
> installed a non-Fedora package on your system (AdobeReader is not a part
> of Fedora) and it is that non-Fedora package that appears to be doing
> things in the background on your system. You can blame the distro for
> compromising your system when you were the one who circumvented the
> trusted packages list and installed something else.


Thanks for the info about xdg. I was unable to find that on my
previous searches, and it doesn't show up in the graphical Gnome
preferences.

Sorry, I didn't mean to blame the distro; you're right, this was a
third party package problem. ... Except that the Gnome 3 shell doesn't
provide any feedback or information that it will run things in the
background, nor is there any apparent method of listing those things
(from the default install anyway).

I do blame Adobe though. Yes, I contemplated very long very before
installing acroread because I do try to keep my system extremely pure
.. but alas, the needs to fill out tax forms nudged me over. But
Adobe to their failing did not notify me that their software would
periodically attempt to download and install software on my system
without my knowledge. Bad on them.


Concerning Fedora. This could perhaps be partially guarded against if
there were an SELinux context into which I could label the "foreign"
software -- that would prohibit it from accessing the network, or
running scripts out of /tmp. Is there such a type label that I could
chcon /usr/local/bin/acroread ??

Thanks
--
Deron Meranda
http://deron.meranda.us/
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Deron Meranda 07-11-2011 09:13 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
> What I'm failing to see is how this is a failing of Fedora. You
> installed a non-Fedora package on your system (AdobeReader is not a part
> of Fedora) and it is that non-Fedora package that appears to be doing
> things in the background on your system. You can blame the distro for
> compromising your system when you were the one who circumvented the
> trusted packages list and installed something else.


Thanks for the info about xdg. I was unable to find that on my
previous searches, and it doesn't show up in the graphical Gnome
preferences.

Sorry, I didn't mean to blame the distro; you're right, this was a
third party package problem. ... Except that the Gnome 3 shell doesn't
provide any feedback or information that it will run things in the
background, nor is there any apparent method of listing those things
(from the default install anyway).

I do blame Adobe though. Yes, I contemplated very long very before
installing acroread because I do try to keep my system extremely pure
.. but alas, the needs to fill out tax forms nudged me over. But
Adobe to their failing did not notify me that their software would
periodically attempt to download and install software on my system
without my knowledge. Bad on them.


Concerning Fedora. This could perhaps be partially guarded against if
there were an SELinux context into which I could label the "foreign"
software -- that would prohibit it from accessing the network, or
running scripts out of /tmp. Is there such a type label that I could
chcon /usr/local/bin/acroread ??

Thanks
--
Deron Meranda
http://deron.meranda.us/
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

"Darryl L. Pierce" 07-11-2011 09:19 PM

F15 Why does gnome-shell automatically start Adobe acroread updater? (malware?)
 
On Mon, Jul 11, 2011 at 05:13:27PM -0400, Deron Meranda wrote:
> > What I'm failing to see is how this is a failing of Fedora. You
> > installed a non-Fedora package on your system (AdobeReader is not a part
> > of Fedora) and it is that non-Fedora package that appears to be doing
> > things in the background on your system. You can blame the distro for
> > compromising your system when you were the one who circumvented the
> > trusted packages list and installed something else.
>
>
> Thanks for the info about xdg. I was unable to find that on my
> previous searches, and it doesn't show up in the graphical Gnome
> preferences.
>
> Sorry, I didn't mean to blame the distro; you're right, this was a
> third party package problem. ... Except that the Gnome 3 shell doesn't
> provide any feedback or information that it will run things in the
> background, nor is there any apparent method of listing those things
> (from the default install anyway).

Look at it from a usability point of view. See that list of apps in the
gnome-session-properties app? How distracting/obnoxious/cluttering would
it be for Gnome to tell us about every single one of them starting? I
can't think of a way for it to notify the user about each of them
without being a PITA.

> I do blame Adobe though. Yes, I contemplated very long very before
> installing acroread because I do try to keep my system extremely pure
> .. but alas, the needs to fill out tax forms nudged me over. But
> Adobe to their failing did not notify me that their software would
> periodically attempt to download and install software on my system
> without my knowledge. Bad on them.

Yeah, but it's SOP. The Windows version does a (just about every day)
download of updates for Adobe. Really, you'd think by now they could get
it stabilized, right? :)

> Concerning Fedora. This could perhaps be partially guarded against if
> there were an SELinux context into which I could label the "foreign"
> software -- that would prohibit it from accessing the network, or
> running scripts out of /tmp. Is there such a type label that I could
> chcon /usr/local/bin/acroread ??

That I don't know.

--
Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 08:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.