|
|
| Next: How to -- PPPoE with my ADSL Connection to connec.. |
| Author |
Message |
ac
External
Since: Jan 21, 2006
Posts: 92
|
 Posted: Sun Aug 05, 2007 7:56 am Post subject: malware question
Archived from groups: comp>os>linux>security (more info?) |
|
|
In a recent discussion about the possible use of a virus checker in a
linux distro (I have ubuntu in mind) it was suggested in another group
that for example, a weakness may exist because a User may install
software into their account which could modify their .bashrc file to
allow some more malware to install a password sniffer to capture info
the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
..bashrc file). Then the malware would be free to create chaos. Including
the use of other accounts for browser or email activities.
I guess this is a well known possibility, although I am new to this area
of experience.
What would safeguards include?
tia
--
ac |
|
| Back to top |
|
 |
Unruh
External
Since: May 27, 2005
Posts: 2213
|
Posted: Sun Aug 05, 2007 6:38 pm Post subject: Re: malware question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
ac <"aec$news"@candt.clara.co.uk> writes:
>In a recent discussion about the possible use of a virus checker in a
>linux distro (I have ubuntu in mind) it was suggested in another group
>that for example, a weakness may exist because a User may install
>software into their account which could modify their .bashrc file to
>allow some more malware to install a password sniffer to capture info
>the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
>.bashrc file). Then the malware would be free to create chaos. Including
>the use of other accounts for browser or email activities.
>I guess this is a well known possibility, although I am new to this area
>of experience.
>What would safeguards include?
Keeping people out of user accounts. The first rule is that if a cracker
gains access to an account, any account, the chances of a root crack shoot
way up. So your first defense is to keep everyone out of accounts that are
not theirs.
>tia
>--
>ac |
|
| Back to top |
|
|
Dz
External
Since: Aug 06, 2007
Posts: 1
|
Posted: Mon Aug 06, 2007 8:10 am Post subject: Re: malware question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Unruh wrote:
> ac <"aec$news"@candt.clara.co.uk> writes:
>
>> In a recent discussion about the possible use of a virus checker in a
>> linux distro (I have ubuntu in mind) it was suggested in another group
>> that for example, a weakness may exist because a User may install
>> software into their account which could modify their .bashrc file to
>> allow some more malware to install a password sniffer to capture info
>> the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
>> .bashrc file). Then the malware would be free to create chaos. Including
>> the use of other accounts for browser or email activities.
>
>> I guess this is a well known possibility, although I am new to this area
>> of experience.
>> What would safeguards include?
>
> Keeping people out of user accounts. The first rule is that if a cracker
> gains access to an account, any account, the chances of a root crack shoot
> way up. So your first defense is to keep everyone out of accounts that are
> not theirs.
>
>
>> tia
>> --
>> ac
Keeping people out of user accounts they are not supposed to be in?? If
you read tia's post, he is not talking about people gaining unlawful
access, he is talking about mailware attached to a program that would be
executed by a genuine user already logged into the system. This is
generally how mailware works, no? Which is why I am guessing that Tia is
after a virus checker to scan for such mailware?
Although I don't use such a virus checker myself for binaries, I do
peruse any cleartext shell scripts before executing them just to be on
the safe side. This is at least some form of protection or peice of mind
assuming you can dfollow the scripts in a basic intelligable manner. You
don't really need to be an expert to do this.
Dz |
|
| Back to top |
|
|
Nico
External
Since: Jun 19, 2007
Posts: 29
|
Posted: Tue Aug 07, 2007 2:28 pm Post subject: Re: malware question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
On 5 Aug, 19:38, Unruh <unruh-s... RemoveThis @physics.ubc.ca> wrote:
> ac <"aec$news"@candt.clara.co.uk> writes:
> >In a recent discussion about the possible use of a virus checker in a
> >linux distro (I have ubuntu in mind) it was suggested in another group
> >that for example, a weakness may exist because a User may install
> >software into their account which could modify their .bashrc file to
> >allow some more malware to install a password sniffer to capture info
> >the next time they typed 'sudo > xxx' ('sudo' could be redefined in the
> >.bashrc file). Then the malware would be free to create chaos. Including
> >the use of other accounts for browser or email activities.
> >I guess this is a well known possibility, although I am new to this area
> >of experience.
> >What would safeguards include?
>
> Keeping people out of user accounts. The first rule is that if a cracker
> gains access to an account, any account, the chances of a root crack shoot
> way up. So your first defense is to keep everyone out of accounts that are
> not theirs.
Virtual machine domains like Xen. Not making a compiler available to
users. Restricting users only to web material acces for upload and
download over secure protocols, like WebDAV over HTTPS. Not allowing
users to use mod_perl for web pages or other scriptable serverside
tools like PHP. |
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
Linux