Re: Unix NOT secure against Viruses on home PCs
From: Renegade (not_at_t.all)
Date: Sat, 02 Oct 2004 15:54:59 GMT
On Fri, 01 Oct 2004 16:07:00 +0200, Daniel Mewes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> It is an often used argument that Linux/Unix machines are not affected by
> viruses, because most users do not work as root.
> But especially on home computers this argument does not really convince.
> Most users use either "su" to do their administration stuff or use
> graphical administration tools. The later often ask for the root passwort
> just when it is needed, but they do not provide any prove of their
> identity. Examples of those are the KDE control center or SuSE's YaST2.
> Sadly it is not really a big problem to spoof these logins. And I am sure
> that usage of this "flaw" will increase when Linux becomes more popular at
> home. Even a simulated crash or shutdown of the X server followed by a
> display of KDM, XDM or whatever could be possible without unmanageable
> Just as a proof of concept I attached a simple "virus" code for bash based
> systems. Many things could be made "better" and more tricky with a binary
> virus, but the script shows how easy it actually is to code a *nux virus
> using login spoofing (do not forget that it contains a remove routine
> which makes it bigger).
> To avoid spoofed logins you could of course restart your X Server by
> pressing something like CTRL+ALT+Backspace if you use graphical logins
> everytime before doing something as root, but who want to do that?
> What I want to say is that there actually IS a threat to *nix by viruses!
> Best regards,
> Daniel Mewes
You are still overlooking the obvious. Your example still requires the
cooperation of a clueless user to execute the script after they save it.
And the "su" problem can be avoided with a simple "su -" which ignores the
user bashrc and uses roots' instead.
Now, if your system is so badly configured that users can overwrite roots'
files, then you deserve what you get.