Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC
Privacy, Security, Encryption I've bored the readers of my personal website to death with two rather prosaic articles debating the Linux security model, in direct relation to Windows and associated claims of wondrous infections and lacks thereof. However, I haven't yet discussed even a single program that you can use on your Linux machine to gauge your security. For my inaugural article for OSNews, I'll leave the conceptual stuff behind, and focus on specific vectors of security, within the world of reason and moderation that I've created and show you how you can bolster a healthy strategy with some tactical polish, namely software.
Thread beginning with comment 430921
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Don't need anti-virus?
by fewt on Mon 21st Jun 2010 15:50 UTC in reply to "RE: Don't need anti-virus?"
fewt
Member since:
2010-06-09

[q]It's NOT trivial to gain root, if it was trivial the whole UNIX security would be worthless. The particular method you described is not really practical.

I think you mean social engineering -- tricking the user with a sudo window. Which can work (if the user doesn't bother to think why there's a sudo window all of a sudden).


echo alias sudo='sudo do bad stuff >/dev/null 2>&1;sudo' >>~/.bashrc

I agree with pretty much everything else you said though. Malicious people that want in don't necessarily need in "right now", they wait patiently for it.

Edited 2010-06-21 15:54 UTC

Reply Parent Score: 1

RE[3]: Don't need anti-virus?
by WereCatf on Tue 22nd Jun 2010 02:55 in reply to "RE[2]: Don't need anti-virus?"
WereCatf Member since:
2006-02-15

echo alias sudo='sudo do bad stuff >/dev/null 2>&1;sudo' >>~/.bashrc

I agree with pretty much everything else you said though. Malicious people that want in don't necessarily need in "right now", they wait patiently for it.


In order for that to work the malware app in question would either have to be root in order to put the fake sudo in a location mentioned in $PATH, or it would have to place it somewhere in the user's own home directory and modify $PATH.

The problem? Well, atleast some distros use the Tomoyo/SELinux framework to disable running applications from the user's own home directory if they have the same name as a common system application, and sudo often belongs in that list.

Some shell providers even completely disable the ability for one to run executable code from the home directories or /tmp and it might actually be a good idea for home-user oriented distros too; a common home user does not have the need to execute stuff from their home directory, they'll most likely just install what they need system-wide using the package manager. Executing stuff from your own home dir is more likely a power-user feature, including programmers et al, not Joe Sixpack.

Reply Parent Score: 2

RE[3]: Don't need anti-virus?
by wirespot on Tue 22nd Jun 2010 09:11 in reply to "RE[2]: Don't need anti-virus?"
wirespot Member since:
2006-06-21

echo alias sudo='sudo do bad stuff >/dev/null 2>&1;sudo' >>~/.bashrc


That works. It can be countered with some extra safety measures in the shell.

But it's awkward; it may give false positives and impact legitimate uses; it can still be circumvented; it uses a blacklist, which is usually a bad idea in security; and most importantly, it misses the main point: once malware executes on your machine, you're screwed.

There's a [url=http://ubuntuforums.org/showthread.php?t=504740]lengthy discussion[/url] on this exact topic on the Ubuntu forums, if you care to read it.

Personally, I'd rather have most effort put into plugging app vulnerabilities than in mitigating the aftermath of a break-in. I find the casual attitude about break-ins on Windows terrible. If a Linux user found a single piece of malware crawling inside their machine, they'd be horrified. A Windows user just assumes it's natural to have piles of that stuff. Terrible.

Granted, good security means layers upon layers and not relying on a single barricade, lest you find yourself in trouble when that barricade is breached. sudo calls could probably use better guarding and closing some of the more "creative" ways of plugging into it.

I agree with pretty much everything else you said though. Malicious people that want in don't necessarily need in "right now", they wait patiently for it.


Let's not assume there's an actual person behind every break-in. Most break-ins into personal computers are done by bots, the worms that cruise the net and blindly try every address with every trick they know. They don't rest, they don't stop, they don't think, they don't have personal likes or dislikes or reasons to do something. They just do what they were told to do, forever. Like I said, a numbers' game. That's the main threat we're trying to protect against: dumb repetitive robots.

I'd wager that if an actual highly skilled hacker wants in your computer, they will manage that. Then again, even an unskilled person can manage that, with a hammer and your fingers. But that's another ball game entirely.

Reply Parent Score: 2