FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-12-2011, 10:05 AM
"Joep L. Blom"
 
Default create a boot-able disk from an iso file

On 12/01/11 10:00, Nils Kassube wrote:

Joep L. Blom wrote:

On 11/01/11 23:42, Nils Kassube wrote:

I think root access isn't necessary at all for doing serious
damage. For a "normal user" like me, the most valuable data are
stored in my home directory and malware running with my privileges
can delete all those files. That would probably be the greatest
damage that could be done to my system. Furthermore, as a normal
user the malware can start applications e.g. to join a botnet and
send spam mails. That would also be a major damage, this time for
the network, not for my machine. And again root access isn't
necessary.


I tend to disagree. Malware has to enter. This of course can occur
via port 80. However, to run a program an execute command must be
given and the executable bit must be set. You can install as many
programs as you want but a program that is not installed by you can
not run as you and therefore cannot damage your home directory.


I tend to disagree as well. How does malware get into a Windows system?
Usually there is a vulnerability of the browser or email client or
whatever. The same is possible with Linux / Unix programs. Granted,
clicking on an email attachment under Linux usually isn't as dangerous
as it is under Windows because it isn't automatically executable.
How? U agree java-beans and other java snippets have the possibility to
execute but in their own memory-segment but can contain malwar.
Therefore it is good practice to block it (an add-on for Firefox) and
only allow it if you are sure it contains no malware.


But we all know that programs like Adobe reader and flash player are a
major target of malware and the security holes found in those two alone
often are exploitable for Linux as well. If I stumble upon a malicious
website with a flash exploit targeted at Linux systems, the malicious
code runs with my privileges and I don't see why it can't install
something permanently which is executable and which is run at every
startup of my KDE or Gnome session. Something like "tar xfz malware.tgz"
inside the exploit code should suffice.
Again, block flash and only allow films you're reasonably sure they are
safe or use only Adobe for reading .PDF-files.
It is as with your house, of course somebody can knock on your door with
malicious intent, but you can keep him out (e.g. a chain or something)
and ascertain that he is no threat. The same with programs. And of
course I'm somewhat paranoid but I have some experience with computer
security.
If a company build houses with doors that cannot be locked, that company
will be sued for criminal neglect. Microsoft does it for over 20 years
as that is the time they know of their neglect but everybody think
that's normal.



Another thing is to always have a
firewall not so much for fending off intruders (OK is handy) but to
prevent unknown malware to contact the outside world which means in
practice that all outgoing ports are closed except when specific
programs (listed on the firewall) request access.


That's certainly good practice but unfortunately it is not the default
setup and as a "normal user" I wouldn't even think about the possibility
to lock down outgoing traffic.
I don't lock it, the firewall only is open for programs known to it
(i.e. the known ports).
If you have a separate system as firewall, that is very easy (look at
LEAF firewall).

Joep




Nils




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 01:19 PM
Brian
 
Default create a boot-able disk from an iso file

On Tue 11 Jan 2011 at 23:42:49 +0100, Nils Kassube wrote:

> I think root access isn't necessary at all for doing serious damage. For
> a "normal user" like me, the most valuable data are stored in my home
> directory and malware running with my privileges can delete all those
> files.

You can achieve the same effect with rm. Which is why users who value
their data take every precaution to safeguard it. The system has limited
responsibilty to protect you from yourself.

> That would probably be the greatest damage that could be done to my
> system.

There is no damage to the system, only to the data which are in your
home directory and which you are responsible for.

> Furthermore, as a normal user the malware can start applications e.g.
> to join a botnet and send spam mails. That would also be a major
> damage, this time for the network, not for my machine. And again root
> access isn't necessary.

I can envisage how malware in $HOME could send email but how does it get
the machine to join a botnet? Anyway, as you imply, it's not a good idea
to download and install malware in your own space.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 02:52 PM
Tobias Göller
 
Default create a boot-able disk from an iso file

Hi Joep,

On 11.01.2011, at 23:23, Joep L. Blom wrote:

>>
> ZenWiz,
> Please, show me one!

Maybe we should be more precise. I've seen various flavours of trojans on linux (as well as on other unices). I have seen viruses on Linux as well.

> There are so many claims of viruses for Linux but I never saw one and I'm working with Unix since 1978 and with Linux since 1992. Of course there are methods to enter Unix/Linux systems but gain access to root - which is a necessity for doing serious damage - is IMO only possible due to neglect by the owner (e.g. using root as his main user).

Isn't this the case with all OSs?

Sorry, the problem simply is that most users do not at all know what they're doing. Not using a firewall ist just one of the things you're going to see when having to debug "friend's" computers.

> Even planting malware like key-grabbers can only be achieved when Linux users are careless or help from the inside is given. But correct me if I'm wrong.

Sure, with a top-notch up-to-date system you're relatively unlikely to run into problems... and yes, open-source has a clear advantage here over closed-source (IMHO).

But, honestly: Who is using Linux / Unix? Those aren't the users who have no clue about nothing. Windows is - almost likely - preinstalled on any box you buy. Installing Linux means that at least you had to make a choice...

Tobias

--
E = M * C^2 +/- 3db




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 04:19 PM
Nils Kassube
 
Default create a boot-able disk from an iso file

Brian wrote:
> On Tue 11 Jan 2011 at 23:42:49 +0100, Nils Kassube wrote:
> > I think root access isn't necessary at all for doing serious
> > damage. For a "normal user" like me, the most valuable data are
> > stored in my home directory and malware running with my privileges
> > can delete all those files.
>
> You can achieve the same effect with rm. Which is why users who value
> their data take every precaution to safeguard it. The system has
> limited responsibilty to protect you from yourself.

Right, with rm I can do the same damage, but then it is my own
stupidity. However if some malware exploits a vulnerability of my
system, I'm not so sure I can easily prevent major damage. After all, I
wouldn't intentionally install malware on my system.

> > That would probably be the greatest damage that could be done to my
> > system.
>
> There is no damage to the system, only to the data which are in your
> home directory and which you are responsible for.

Well, my definition of "system" would include my own data. Of course
your definition as "the OS with installed applications" sure makes sense
as well. But I wouldn't care too much about damage to that type of
system because it can be easily restored from the install CD.

> > Furthermore, as a normal user the malware can start applications
> > e.g. to join a botnet and send spam mails. That would also be a
> > major damage, this time for the network, not for my machine. And
> > again root access isn't necessary.
>
> I can envisage how malware in $HOME could send email but how does it
> get the machine to join a botnet?

I think there is an IRC client installed on a default Ubuntu system.
OTOH, malware used to join botnets and send spam might as well use its
own binary to achieve that goal.


Nils

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 04:34 PM
Nils Kassube
 
Default create a boot-able disk from an iso file

Joep L. Blom wrote:
> On 12/01/11 10:00, Nils Kassube wrote:
> > Joep L. Blom wrote:
> >> On 11/01/11 23:42, Nils Kassube wrote:
> >>> I think root access isn't necessary at all for doing serious
> >>> damage. For a "normal user" like me, the most valuable data are
> >>> stored in my home directory and malware running with my
> >>> privileges can delete all those files. That would probably be
> >>> the greatest damage that could be done to my system.
> >>> Furthermore, as a normal user the malware can start applications
> >>> e.g. to join a botnet and send spam mails. That would also be a
> >>> major damage, this time for the network, not for my machine. And
> >>> again root access isn't necessary.
> >>
> >> I tend to disagree. Malware has to enter. This of course can occur
> >> via port 80. However, to run a program an execute command must be
> >> given and the executable bit must be set. You can install as many
> >> programs as you want but a program that is not installed by you
> >> can not run as you and therefore cannot damage your home
> >> directory.
> >
> > I tend to disagree as well. How does malware get into a Windows
> > system? Usually there is a vulnerability of the browser or email
> > client or whatever. The same is possible with Linux / Unix
> > programs. Granted, clicking on an email attachment under Linux
> > usually isn't as dangerous as it is under Windows because it isn't
> > automatically executable.
>
> How? U agree java-beans and other java snippets have the possibility
> to execute but in their own memory-segment but can contain malwar.

I think you misunderstood what I wrote: An email attachment is not
automatically executable with Linux.

> Therefore it is good practice to block it (an add-on for Firefox)
> and only allow it if you are sure it contains no malware.

Granted, it may be good practice to lock down a system, but a) that can
be done with Windows systems as well and b) that has nothing to do with
the initial point I tried to make: You don't need root access to do
major damage.

> Again, block flash and only allow films you're reasonably sure they
> are safe or use only Adobe for reading .PDF-files.

No, reading PDF files with Adobe isn't safe either. The Adobe reader has
been vulnerable on Linux / Unix more than once [1,2].

Anyway, even though it may be quite interesting, I think we are getting
more and more off topic here. Therefore I'll refrain from further
comments. Feel free to contact me off-list if you want to continue this
discussion.


Nils

[1] <http://www.h-online.com/security/news/item/Adobe-warns-of-zero-day-vulnerability-in-Reader-and-
Acrobat-1075787.html>
[2] <http://www.h-online.com/security/news/item/Adobe-hole-closed-hole-open-1131232.html>

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 09:07 PM
"Joep L. Blom"
 
Default create a boot-able disk from an iso file

On 12/01/11 18:34, Nils Kassube wrote:

Joep L. Blom wrote:

On 12/01/11 10:00, Nils Kassube wrote:

Joep L. Blom wrote:

On 11/01/11 23:42, Nils Kassube wrote:

I think root access isn't necessary at all for doing serious
damage. For a "normal user" like me, the most valuable data are
stored in my home directory and malware running with my
privileges can delete all those files. That would probably be
the greatest damage that could be done to my system.
Furthermore, as a normal user the malware can start applications
e.g. to join a botnet and send spam mails. That would also be a
major damage, this time for the network, not for my machine. And
again root access isn't necessary.


I tend to disagree. Malware has to enter. This of course can occur
via port 80. However, to run a program an execute command must be
given and the executable bit must be set. You can install as many
programs as you want but a program that is not installed by you
can not run as you and therefore cannot damage your home
directory.


I tend to disagree as well. How does malware get into a Windows
system? Usually there is a vulnerability of the browser or email
client or whatever. The same is possible with Linux / Unix
programs. Granted, clicking on an email attachment under Linux
usually isn't as dangerous as it is under Windows because it isn't
automatically executable.


How? U agree java-beans and other java snippets have the possibility
to execute but in their own memory-segment but can contain malwar.


I think you misunderstood what I wrote: An email attachment is not
automatically executable with Linux.


Therefore it is good practice to block it (an add-on for Firefox)
and only allow it if you are sure it contains no malware.


Granted, it may be good practice to lock down a system, but a) that can
be done with Windows systems as well and b) that has nothing to do with
the initial point I tried to make: You don't need root access to do
major damage.


Again, block flash and only allow films you're reasonably sure they
are safe or use only Adobe for reading .PDF-files.


No, reading PDF files with Adobe isn't safe either. The Adobe reader has
been vulnerable on Linux / Unix more than once [1,2].

Anyway, even though it may be quite interesting, I think we are getting
more and more off topic here. Therefore I'll refrain from further
comments. Feel free to contact me off-list if you want to continue this
discussion.


Nils

[1]<http://www.h-online.com/security/news/item/Adobe-warns-of-zero-day-vulnerability-in-Reader-and-
Acrobat-1075787.html>
[2]<http://www.h-online.com/security/news/item/Adobe-hole-closed-hole-open-1131232.html>


Nils,
With respect to OT: I agree.
Joep


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-12-2011, 10:42 PM
Brian
 
Default create a boot-able disk from an iso file

On Wed 12 Jan 2011 at 18:19:42 +0100, Nils Kassube wrote:

> Right, with rm I can do the same damage, but then it is my own
> stupidity. However if some malware exploits a vulnerability of my
> system, I'm not so sure I can easily prevent major damage. After all, I
> wouldn't intentionally install malware on my system.

Using rm in $HOME or installing malware there (which is the only place a
user can do serious damage) would both be intentional actions, but what
was intended may be hazy and the consequences may be unforseen.

> Well, my definition of "system" would include my own data. Of course
> your definition as "the OS with installed applications" sure makes sense
> as well. But I wouldn't care too much about damage to that type of
> system because it can be easily restored from the install CD.

This is the 'my data are more important than the system' argument. The
integrity of your data depends on the integrity of the system and
without the system you have no data. Being able to rebuild the system is
neither here nor there.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-13-2011, 12:32 PM
"Boggess Rod"
 
Default create a boot-able disk from an iso file

>This is the 'my data are more important than the system' argument. The
>integrity of your data depends on the integrity of the system and
>without the system you have no data. Being able to rebuild the system
is
>neither here nor there.
>
>

I just wanted to point out one false statement I saw here: the execute
bit does NOT need to be set to run a program anymore modern GUI-enabled
(GNOME and KDE) Linux Desktops. These new launcher programs will ignore
that bit if they're set to launch a specific program.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-13-2011, 05:45 PM
MR ZenWiz
 
Default create a boot-able disk from an iso file

On Thu, Jan 13, 2011 at 5:32 AM, Boggess Rod <rboggess@tenovacore.com> wrote:
>
> I just wanted to point out one false statement I saw here: the execute
> bit does NOT need to be set to run a program anymore modern GUI-enabled
> (GNOME and KDE) Linux Desktops. These new launcher programs will ignore
> that bit if they're set to launch a specific program.
>

That's not what I'm seeing. I have a panel launcher for libreoffice
(writer), but if I chmod 644 /usr/bin/libreoffice, I get a pop-up
window that says it can't execute the file.

Or am I not understanding what you mean by "these new launcher programs?"

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-13-2011, 07:47 PM
"Boggess Rod"
 
Default create a boot-able disk from an iso file

>> the execute
>> bit does NOT need to be set to run a program anymore modern
GUI-enabled
>> (GNOME and KDE) Linux Desktops. These new launcher programs will
ignore
>> that bit if they're set to launch a specific program.
>>
>
>That's not what I'm seeing. I have a panel launcher for libreoffice
>(writer), but if I chmod 644 /usr/bin/libreoffice, I get a pop-up
>window that says it can't execute the file.
>
>Or am I not understanding what you mean by "these new launcher
programs?"
>
>

I don't claim to be an expert on this, but there are files called
something like *.desktop? They behave similar to old windows PIF
(Program Information Files) that allow GNOME (or KDE) to associate a
file with an application. Here's where I read about it (though it hardly
seems alarming): http://www.geekzone.co.nz/foobar/6229

If you follow the "follow up" link, there's a (slightly) more
informative discussion on these. It's been pointed out repeatedly and by
many that I'm not a normal person; however, I can't imagine any normal
person saving a file on their desktop and clicking it for no good
reason. But then, I've gotten several email attachments from friends
written in broken, warez English and they can't understand why I haven't
opened the attachment. (This is when I point out that Simpson was my
Mother's maiden name, not mine.) Doh!

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 08:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org