Re: [opensuse] Who said Linux doesnot get Virus infections

David Bolt wrote:
On Tue, 7 Aug 2007, Clayton wrote:-

<snip>

This does not account for buffer overflow exploits etc...I seem to
remember one recently (in the past year) that would give you root
access to a remote machine... scary except that you had to be root
already to get into the state where the exploit could be triggered..
giving you root access to something you were already logged into as
root... so not much of an exploit.

If you can get a normal user to execute something that is able to use a
local root exploit, that users system could be very easily compromised.
All it would need is for whatever used the root exploit install a
root-kit, downloading whatever is needed as required, and the system can
end up in a similar state as a virus-infected Windows system.

However, all this is based upon the premise that you have a user[0] so
idiotic that they'd specifically save an attachment, make it executable,
actually open this executable file, and that the exploit it wishes to
exploit is actually present on that system. Any of these don't occur,
there will be no infection.


As more and more file types get linked to more applications I am not so
sure that "executing" something has the same meaning it used to. Say you
download a new screen saver, you never really execute that, but your
window manager utilizes the data in it. Your window manager runs on X, X
runs as root... Yeah its a huge round-about way, but really can anyone
say something similar with X or something else, is absolutely impossible?

Of course, there's also those infections that occur without user
intervention, but those tend to come in through security holes in server
daemons which are unlikely to be running on a normal users desktop
system.


Yup, I would classify those more as worms or exploits rather than virii.
But most of the popular services have had some issues, ftp, mail, http,
ssh...

[0] Of which I'm absolutely certain there either are some right now, or
there will be some in the future.


I totally agree. Windows is the low hanging fruit. People can get the
most bang for the least effort there. They want a zombie network that can
spam the world, right now its far easier to develop something for Windows
than to do the same for Linux.

Regards,
David Bolt


Michael


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: New To Linux
    ... A file can be user root and group root, but when yo uhave a look you will ... The concept behind Linux IS confusing for someone accustomed to windows, ... execute, delete). ... In windows you are always an Administrator unless you use explicitely the ...
    (alt.os.linux.suse)
  • Re: New To Linux
    ... > A file can be user root and group root, but when yo uhave a look you will ... > The concept behind Linux IS confusing for someone accustomed to windows, ... > User Read write execute ... > In windows you are always an Administrator unless you use explicitely the ...
    (alt.os.linux.suse)
  • Re: Card Reader
    ... and you get your payload to execute as root. ... Right, but most allow root to log in, and other trojans can ... The Unix vendors created DCE, but couldn't come up with a product that enough customers could figure out. ... The Windows users in my building at work were down ...
    (rec.photo.digital)
  • Re: chroot?
    ... > communications link and am setting up chroot for this ... Does it need to be suid root? ... To execute chroot, either the function or the command, ... you need any dynamic libs used by that program. ...
    (comp.unix.aix)
  • Re: AIX 5.1/5.2/5.3 local root exploits (diag issue)
    ... > environment variable as a prefix to an external binary executed as root. ... A vulnerability was discovered in the diag script that may allow any user ... To determine if this fileset is installed, execute the following ... various suid root AIX commands invoke the diag ...
    (Bugtraq)