In a recent discussion about the possible use of a virus checker in a linux distro (I have ubuntu in mind) it was suggested in another group that for example, a weakness may exist because a User may install software into their account which could modify their .bashrc file to allow some more malware to install a password sniffer to capture info the next time they typed 'sudo > xxx' ('sudo' could be redefined in the .bashrc file). Then the malware would be free to create chaos. Including the use of other accounts for browser or email activities.
I guess this is a well known possibility, although I am new to this area of experience. What would safeguards include? tia -- ac
Les réponses au message de Ac (aec$news@candt.clara.co.uk)
>In a recent discussion about the possible use of a virus checker in a >linux distro (I have ubuntu in mind) it was suggested in another group >that for example, a weakness may exist because a User may install >software into their account which could modify their .bashrc file to >allow some more malware to install a password sniffer to capture info >the next time they typed 'sudo > xxx' ('sudo' could be redefined in the >.bashrc file). Then the malware would be free to create chaos. Including >the use of other accounts for browser or email activities.
>I guess this is a well known possibility, although I am new to this area >of experience. >What would safeguards include?
Keeping people out of user accounts. The first rule is that if a cracker gains access to an account, any account, the chances of a root crack shoot way up. So your first defense is to keep everyone out of accounts that are not theirs.
Unruh wrote: > ac writes: >> In a recent discussion about the possible use of a virus checker in a >> linux distro (I have ubuntu in mind) it was suggested in another group >> that for example, a weakness may exist because a User may install >> software into their account which could modify their .bashrc file to >> allow some more malware to install a password sniffer to capture info >> the next time they typed 'sudo > xxx' ('sudo' could be redefined in the >> .bashrc file). Then the malware would be free to create chaos. Including >> the use of other accounts for browser or email activities. >> I guess this is a well known possibility, although I am new to this area >> of experience. >> What would safeguards include? > Keeping people out of user accounts. The first rule is that if a cracker > gains access to an account, any account, the chances of a root crack shoot > way up. So your first defense is to keep everyone out of accounts that are > not theirs. >> tia >> -- >> ac
Keeping people out of user accounts they are not supposed to be in?? If you read tia's post, he is not talking about people gaining unlawful access, he is talking about mailware attached to a program that would be executed by a genuine user already logged into the system. This is generally how mailware works, no? Which is why I am guessing that Tia is after a virus checker to scan for such mailware?
Although I don't use such a virus checker myself for binaries, I do peruse any cleartext shell scripts before executing them just to be on the safe side. This is at least some form of protection or peice of mind assuming you can dfollow the scripts in a basic intelligable manner. You don't really need to be an expert to do this.
On 5 Aug, 19:38, Unruh wrote: > ac writes: > >In a recent discussion about the possible use of a virus checker in a > >linux distro (I have ubuntu in mind) it was suggested in another group > >that for example, a weakness may exist because a User may install > >software into their account which could modify their .bashrc file to > >allow some more malware to install a password sniffer to capture info > >the next time they typed 'sudo > xxx' ('sudo' could be redefined in the > >.bashrc file). Then the malware would be free to create chaos. Including > >the use of other accounts for browser or email activities. > >I guess this is a well known possibility, although I am new to this area > >of experience. > >What would safeguards include? > Keeping people out of user accounts. The first rule is that if a cracker > gains access to an account, any account, the chances of a root crack shoot > way up. So your first defense is to keep everyone out of accounts that are > not theirs.
Virtual machine domains like Xen. Not making a compiler available to users. Restricting users only to web material acces for upload and download over secure protocols, like WebDAV over HTTPS. Not allowing users to use mod_perl for web pages or other scriptable serverside tools like PHP.
What about something that monitors .bashrc and some other important files in the system for changes? I think it already exists somehing like this... Well, noone minds but, I'm not english so don't kill me for the speech ;-)
Message de Unruh (unruh-spam@physics.ubc.ca) (05 Aout 2007)
