| Mental on Thu, 14 Mar 2002 18:00:41 +0100 |
|
On Thu, 2002-03-14 at 11:30, Timothy Lee Young wrote: > It alarms me that such a document would be created and distributed. > > However if it makes us system administrators (and users) more aware of > what avenues to watch for, and help close up the loopholes, then I guess > it isn't a bad thing to bring all this out in the open. > > But it's still kinda shocking to have this document in reality. > Why be alarmed? This isn't really news. One of the earliest worms exploited a bug in sendmail and propagated on guess what.... unix systems. There's always been buffer overflows in sundry services. How bout a self trojaning compiler ala Ken Thompson's gcc talk from 84? Check out this link: http://www.google.com/search?q=cache:tCUSCq7KZuoC:i44www.info.uni-karlsruhe.de/~verifix/pres/paper/Honnef99.ps.gz+gcc+self+compiled+trojan+bootstrap&hl=en&ie=ISO-8859-1 However, the reality of the situation is that despite the fact that viruses are possible on any platform, some are far more susceptible. The difficulty isn't in writing a "Unix virus" so much as writing a "Unix virus" that will reproduce prolifically enough that it will survive in 'the wild '. Besides the fact that office applications aren't embedded into the Linux kernel and heavily integrated into just about every corner of your system, the user/security model for *nix makes it harder for viruses to survive. It is generally taught early on Not To Run As Root. Following the 'howto'... Writing a virus that exploits elf weirdness is several orders of magnitude more difficult than writing an ALL_YOUR_BASE.jpg.vbs kiddie script. Anyone who really really wants to write a virus that needed to be architected in some pretty hairy assembler probably wouldn't bother. How do most viruses spread these days? Email. Who reads email and opens attachments? Users. Normal users pose no threat to the system (beyond being a danger to themselves and their home directory). Besides being very difficult to write, it would (by virtue of being written in asm) be horribly platform and possibly version dependent. In conclusion, I feel that while viruses on Linux are a technical possibility, they're essentially theoretical. I'd spend much more time worrying about the next buffer overflow in named or ssh than worry about somebody writing ILOVEYOU in sparc,x86,mips,alpha,arm and ppc assembly. :) Still, it was an interesting read, but I wouldn't let it keep you up at night. :) -- Mental (Mental@NeverLight.com) I got a new shadow. I had to get rid of the other one... It wasn't doing what I was doing. --Steven Wright GPG public key: http://www.neverlight.com/Mental.asc Attachment:
pgp1T1OUN1Mkp.pgp
|
|