On Tue, 27 Oct 1998, Adrian Bolzan wrote:
> what about boot sector viruses? are they possible? i am not
> really up on viruses and how they work...
<big evil grin>
Log on as root.
dd if=/dev/zero of=/dev/hda
You have just incurably infected your boot sector and most of your
hard disk with the newly named "null virus".
Note the trick. You had to log on as root. (Unless some truly foolish
person changed the permissions of /dev/hda to something really silly)
When you're root, you are "SUPERUSER", you can do anything to your
machine. When a program is run by root, then it can do _anything_.
Therefore the first task of a linux virus writer is to get root
access. There are a number of hacks to do that, have a look at Satan
or its new incarnation. OK, so Satan mostly concentrates on
"over-the-net" attacks. Most such attacks are of the form, "Service
X gives me limited access under some username such as "nobody", how do
I get out of that box to su mode?"
Of course, long time linux users are hopelessly complacent, so long as
we keep our root passwords obscure and to ourselves and don't do
anything particularly stupid, we're safe, ja?
Look at the windoze world, most virii these days are document macro
virii. If you ever have someone bitch about the ms-word "concept"
virus scurry accross and have a peek. Its one of the really early ones
that didn't know how to hide it self. It's sooo bloody simple.
Umm, you did know that PostScript is a really a very powerful full
feature programming language didn't you? And you thought it was just a
funny sort of printer thing didn't you? When last did you actually run
ghostscript with the "safety" features on? What about gimp
script-fu's, little perl/python/guile scripties we keep passing about
eh?
Perhaps even more vulnerable is this scenario... slurp package Y off
the net, ja, ja, untar;configure;make;su;make install;exit; ja, ja,
done it hundreds of times....
Whoops, notice the little "su" there did you?
As I say. Virii on Linux are doable. Virii on M$ are easier. The
market for anti-virii progs on M$ is a _lot_ larger. Therefore the
protection racket hits M$ first. It will hit us later. Hopefully a lot
later. But I would suggest to package writers to start contemplating
how to do the install step without that nefarious little "su" step. I
would recommend some username per package approach.
John Carter EMail: [EMAIL PROTECTED]
Telephone : 27-12-808-0374x194 Fax:- 27-12-808-0338
<http://www.geocities.com/SoHo/Cafe/5947> or <http://iwqs.pwv.gov.za>
In a cluster of galaxies, one of many such clusters, there is a
galaxy. On the edge of this galaxy, is a star, one of millions of such
stars. Orbiting this star, is tiny ball of iron. On this tiny ball is
a very thin scum of lighter elements.
Some of which have delusions of grandeur.
