> Even Linux users are vulnerable to this kind of attack.
No, Linux itself is not vulnerable; at least there is no known
vulnerability.
> Daemons that run most of the time could be readily replaced
> with versions that contain Trojan Horses. It is becoming
This would require root access. If somebody has root access, a trojan
is probably the least of your worries.
> essential that, before installing new utilities, in
> particular daemons, one actually review the source code to
> see if it's likely that it contains a Trojan.
While this would, of course, be the ultimate in security, the
complexity and frequency of updates of today's server software means
that this is not practical for most of us. Thus, we rely on PGP/GPG
signatures from the authors, on the same from our software
distributors, and the like in lieu of being able to review millions of
lines of code ourselves.
> Given that 'time()' will return 946702800 on Sat Jan 1
> 00:00:00 2000, it might be advisable to at least grep
And of course now that this is published, somebody will be smart and
go in wit 946702801 and mess up the greps.
> possible, it would be well for us to start looking out for
> such things.
Certainly we must look out for Y2K issues wherever possible, but I
think that calling for everyone to review all code to programs running
on their machine solely because of this issue is response not in
proportion to the danger.
> Penguin : Linux version 2.2.6 on an i686 machine (400.59 BogoMips).
> Warning : It's hard to remain at the trailing edge of technology.
Hmm. Trade in your 686 for an Alpha then :-)
(ducks)
-- John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org | Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org | ----------------------------------------------------------------------------+ The 1,146,623rd digit of pi is 3.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/