Re: Unix NOT secure against Viruses on home PCs

From: Renegade (not_at_t.all)
Date: 10/02/04


Date: Sat, 02 Oct 2004 15:54:59 GMT

On Fri, 01 Oct 2004 16:07:00 +0200, Daniel Mewes wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It is an often used argument that Linux/Unix machines are not affected by
> viruses, because most users do not work as root.
>
> But especially on home computers this argument does not really convince.
> Most users use either "su" to do their administration stuff or use
> graphical administration tools. The later often ask for the root passwort
> just when it is needed, but they do not provide any prove of their
> identity. Examples of those are the KDE control center or SuSE's YaST2.
> Sadly it is not really a big problem to spoof these logins. And I am sure
> that usage of this "flaw" will increase when Linux becomes more popular at
> home. Even a simulated crash or shutdown of the X server followed by a
> display of KDM, XDM or whatever could be possible without unmanageable
> problems.
>
> Just as a proof of concept I attached a simple "virus" code for bash based
> systems. Many things could be made "better" and more tricky with a binary
> virus, but the script shows how easy it actually is to code a *nux virus
> using login spoofing (do not forget that it contains a remove routine
> which makes it bigger).
>
> To avoid spoofed logins you could of course restart your X Server by
> pressing something like CTRL+ALT+Backspace if you use graphical logins
> everytime before doing something as root, but who want to do that?
>
> What I want to say is that there actually IS a threat to *nix by viruses!
>
>
> Best regards,
> Daniel Mewes

You are still overlooking the obvious. Your example still requires the
cooperation of a clueless user to execute the script after they save it.
And the "su" problem can be avoided with a simple "su -" which ignores the
user bashrc and uses roots' instead.

Now, if your system is so badly configured that users can overwrite roots'
files, then you deserve what you get.



Relevant Pages

  • Unix NOT secure against Viruses on home PCs
    ... because most users do not work as root. ... Sadly it is not really a big problem to spoof these logins. ... Just as a proof of concept I attached a simple "virus" code for bash based ... What I want to say is that there actually IS a threat to *nix by viruses! ...
    (comp.os.linux.security)
  • Unix NOT secure against Viruses on home PCs
    ... because most users do not work as root. ... Sadly it is not really a big problem to spoof these logins. ... Just as a proof of concept I attached a simple "virus" code for bash based ... What I want to say is that there actually IS a threat to *nix by viruses! ...
    (comp.security.unix)
  • Re: Why are there few viruses for UNIX/Linux systems?
    ... which often run as root. ... Viruses, which tend to enter ... ] some clue about system security. ... students screw themselves as badly as others if they crash the machine. ...
    (comp.os.linux.security)
  • Re: [AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
    ... run some linux distro or other, and there's not exactly an epidemic. ... making statements such as "no known viruses exist in the wild" ... This is where the difference comes in between Windows and *NIX OS's. ... The thing with Linux "viruses" is that the majority of them must be run as 'root' for them to do any real damage. ...
    (Ubuntu)
  • Re: aix shell script
    ... > I need a shell script to stop duplicate concurrent logins. ... auth1 = SYSTEM,auth_method ... "root" should be set as an exception to this rule: ...
    (comp.unix.aix)