On 2002-06-03, J Sloan <joe@tmsusa.com> wrote:
> The thing with linux/unix "virii" is, they
> are actually for the most part trojans -
> they've been in labs for years, the problem
> is that there is no suitable transport vector!
> You'd have to dupe an unwitting superuser
> (now there's a dangerous combination) into
> running the "virus" by hand - sort of like
> the "honor system" virus....
...You mean like, get them to run './configure' ?[1][2]
...Or installing an RPM with trojanned binaries or install-time scripts,
without checking a signature?[3]
Unfortunately that's all too easy. Viruses, no. Malware, you bet. We
can't get too complacent while laughing at the virus phenomenon.
[1] http://marc.theaimsgroup.com/?l=bugtraq&m=102233939226053&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=102285523803434&w=2
[2] They don't have to do this as root, either. If they do it from an
account that can escalate privileges (i.e. is allowed to su or sudo)
then it's game over anyway, albeit with more steps.
[3] And of course signatures are useless if the signer was owned first.
Probably major distros are reasonably safe[4], but not Joe Random who
produces packages and distributes them...
[4] They're not out to get you; they've already got you:
http://www.acm.org/classics/sep95/
-- Hank Leininger <hlein@progressive-comp.com> ALL YOUR BASE ARE BELONG TO KEN THOMPSON - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 07 2002 - 22:00:18 EST