[OLPC Security] A mom's worries
alien
alien at MIT.EDU
Thu Nov 29 17:07:53 EST 2007
> The notion of malware for *nix systems (including Linux) isn't all
> *that* far-fetched.
Totally. I've worked on lots of incident response cases involving hacked
*nix systems, from botnets to DDOS Trojans to straightforward data
thefts. The main different between these and Windows incidents is that
the Linux exploits were consistently more traditional-- ie they tend to
work by exploiting web servers or brute-forcing account passwords--
while in the Windows world the trend has been moving more toward
client-side exploits, phishing, etc.
Now that a large number of kids will be in possession of modified Linux
systems, I suspect we'll start seeing an increase in client-side Linux
exploits, too.
> Access as an ordinary user is all that's required (in general ) to
> set up outbound network connections, run processes in the background,
> etc. A spam-bot doesn't need root access.
Great point!
s
Marcus Leech wrote:
> Seth Woodworth wrote:
>> Yes, because there is such a thriving anti-virus industry for linux
>> systems.
>>
>> Maybe someone should explain the OLPC system a little better. The
>> idea is that malicious software (or any software for that matter)
>> isn't allowed to do anything. The worst that it could do is take up
>> resources until it was shut down.
>>
>> This is basically what anti-virus software does. It finds programs
>> that it thinks are malicious, and contains them from accessing things
>> that they shouldn't. It sounds like you are suggesting someone writes
>> a program to do this again.
>>
> The notion of malware for *nix systems (including Linux) isn't all
> *that* far-fetched.
>
> You *have* to assume that at some point, some piece of application
> software has a remote-execution vulnerability (that is, a
> vulnerability that allows an attacker to load and run code in the
> context of the targetted application). In *nix, this would
> be the "context" of an ordinary user, which means that the downloaded
> code can only muck with objects that the
> ordinary user has access to. But that isn't a guarantee that
> *nothing* bad would happen.
>
> Consider, for example, that on ordinary *nix desktop systems, the user
> usually (but not always) has root access via
> "su" or "sudo". Consider a remote-execution exploit that quietly
> mucks with the users .profile/.cshrc/.bashrc to
> point the user at slightly-modified versions of sudo that collect the
> password, and then call the "real deal".
>
> The code simply lies dormant until the users happens to do a "su" or a
> "sudo", and then "does interesting things".
>
> It's not inconceivable, it just hasn't happened on any kind of scale
> that's interesting.
>
> One should also consider that some types of malware are perfectly happy
> not to have "root" access. Access as an ordinary
> user is all that's required (in general ) to set up outbound network
> connections, run processes in the background, etc.
> A spam-bot doesn't need root access.
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Security mailing list
> Security at lists.laptop.org
> http://lists.laptop.org/listinfo/security
More information about the Security
mailing list