Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430129
To read all comments associated with this story, please click here.
ba1l
Member since:
2007-09-08

Yeah, this can (and does) happen with Windows software as well. It's really a problem with the "run random files downloaded off the Internet" distribution model, rather than any particular OS.

This is yet another reason we shouldn't trust this way of distributing applications. Too dangerous.

Obviously, anyone distributing source code should sign the packages, to make sure they haven't been tampered with. Most end-users won't check them, but package maintainers certainly will. That'd at least prevent a trojaned version of an application from getting into a distribution's repository.

The more interesting question is this - is there some way to safely run random applications downloaded off the 'net?

Sticking purely to a distribution's package collection is (normally - see above) much safer, since all packages in most distributions are signed. It's just sometimes not enough.

Ubuntu's PPAs go some of the way towards fixing this. As long as you install the package signing key correctly, you can be sure that the packages haven't been modified. Doesn't protect you from deliberate attacks though - PPAs can contain just about anything, and how do you know if you can trust the PPA owner?

What you really need is some way to restrict what a PPA can do, and to sandbox all of the applications inside it. Lock them down (Linux already has all the infrastructure required to do this), isolate them from each other, and come up with a way to add permissions if required, ideally in a way that's transparent to the end user (so if it needs filesystem access, you can see that and decide for yourself if you trust it).

Reply Parent Score: 2