--- Ian Lynch <[EMAIL PROTECTED]> wrote:
> On Tue, 2006-08-15 at 19:30 +0000, [EMAIL PROTECTED] wrote:
> > Sander wrote:
> >
> > > And how is the user going to differentiate a well composed document that
> appears to
> > > come from an unknown and malicious source from one coming from a known
> > > source?
> >
> > i) Call everything from AOL, MSN, Yahoo, Hotmail, Juno, and two or three
> > other domains hostile documents.
> >
> > ii) Check the headers for all other domains.
> >
> > >What percentage of your mail comes with a s/mime or pgp signanature?
> >
> > In 1996, I received more messages, both numerically, and as a percentage
> > of my total email, that was signed with PGP, than I do now.
>
> In practice I have never inadvertently installed a virus even though I
> get a lot of mail including quite a lot of spam. I have on occasion
> deleted a good mail I shouldn't have. It seems pretty obvious from the
> sources which is good and which is probably bad. If in doubt I check it
> out. On linux the default is generally to make you put in the root
> password before doing anything that might be remotely dangerous. It can
> be a slight irritation at times but on balance that is probably a price
> worth paying to have a virus free machine and not have to shell out on
> anti-virus software.
>
The problem is that this is fundamentaly untrue. By the way, all that is needed
to
get to that root password you are typing is being able to execute code... say
via
some remotely exploitable hole. Because once you can execute code on your
machine,
the virus can:
1 tell x server to tell it the password when you type it (and it can then
type
the password on its own, btw ;-) )
2 overwrite your .bashrc or similar to ld_preload the virus (and if your
distro
does not handle ld_preload sensibly with setuid binaries...)
3 even if it does see 1... and the virus is now running ld_preloaded all the
time
4 which of course means it controlls all programs in arbitrary ways.
5 even if it doesn't have the root password, it still controls all of your
programs and files.
6 and has access to all of your imput and output and can do all the things
zombie
windows machines do ... precicely the same way
7 assuming you do have a really secure environmnet.. one in which you the use
can't edit the various dot files or change path and have your home
directory
mounted noexec, etc (yeah right... how many users total have that setup
anywhere?) it can still do many dangerous things as it now has access to
the
present process in which it executed and can continue to live on (even if
teh
"original" appeared to crash for a long time, provided the user has any
write
access to any file on the system at all - and lots of programns require
some
kind of temporray file access.
There is no security if there is a remotely explotable bug ... and remotely
executable includes "executing file simply due to a file was opened". Have you
ever
counted how many programs have a way to have arbitrary code loaded into the
address
space if a dot-file was changed or provided?
Unix security does not work the way people assume it works... and unfortunately,
that includes most unix programmers.
>
> Ian
> --
> www.theINGOTS.org
> www.schoolforge.org.uk
> www.opendocumentfellowship.org
>
Sander
.sigless
___________________________________________________________
All New Yahoo! Mail Tired of [EMAIL PROTECTED]@! come-ons? Let our SpamGuard
protect you. http://uk.docs.yahoo.com/nowyoucan.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
