[SATLUG] Scarry stuff...How to write a linux virus in 5 easy steps
tweeksjunk2 at theweeks.org
Mon Feb 23 00:09:07 CST 2009
On Wednesday 18 February 2009 11:12:43 pm Travis Runty wrote:
> Really good stuff. I have always ran the noexec on my '/tmp', however, I
> think I'm considering adding it to my devices '/home' too. Assuming there
> are no unforseen negatives it certainly wouldn't hurt anything.
Uhh.. I wouldn't recommend that. Many X controls and scripts reside there...
as well as you bash files (.bash_login, .bashrc, etc).. not to mention many
user's ~/bin/ dirs.. Yeah.. that would be a nightmare on my system.
I would recommend putting some filesystem level restrictions on /tmp/ (have to
have a separate partition first though), and then "mount --bind" /var/tmp/
there also. Also lock down your /dev/shm/ (a not so well known ramdisk area
hacks write their backdoors to also). See here:
$ mount |grep shm
devshm on /dev/shm type tmpfs (rw)
On Thursday 19 February 2009 10:43:10 am ed wrote:
> As Linux grabs more market share on the home desktop, its only natural,
> a matter of time, before the bad guys start (if they haven't already)
> writing exploits for it
I disagree to some degree. The reason that windows has been so problematic is
not JUST because it's the biggest tartget.. but because it's SOOOOOO
homogeneous. It's cookie cutter.. A computer monoculture, if you will.
Take this virus/target-culture model into nature. It's just like a giant
domesticated animal farm. What happens in nature when you have a giant
monoculture (cows, banans, etc)? One ravenous disease comes along and wipes
them all out. So what even if you keep standing new animals back up
(reinstalling.. new models, etc).. The same monoculture problem exists and
viruses feed on monocultures.
This is why nature has differing species, breeds, and strains. In two words..
biological diversity. This is also why I believe that Windows will always be
the weaker OS "health wise" and why I believe Linux will never be as hard hit
with viri as Windows. Linux is a chaotic, heterogeneous mix of distros,
desktops and packages.. always changing. No virus can assume that all Linux
desktop is running Thunderbird.. or Kmail, Mutt or Evolution. I guess a
virus writer /could/ include vector-checks for the most common Linux mail
clients out there.. but you still have all the distro differences, seLinux,
iptables, filesystem differences, etc.. And that's a huge waste of energy
when the virus-yummy monoculture of Windows+Outlook is such a more attractive
target. Such an easier herd to own. :)
Some say that there's safety in numbers...
With regards to virus defense, this is not the case...
But even more importantly, I say the real safety is in diversity.
All for now.. nite nite.
> On Wed, Feb 18, 2009 at 9:40 PM, Todd W. Bucy
<toddwbucy at grandecom.net>wrote:
> > oops forgot to include the authors update to this article.
> > http://www.geekzone.co.nz/foobar/6236
> > Todd
> > On Wed, 2009-02-18 at 21:32 -0600, Todd W. Bucy wrote:
> > > ran across this and thought I would throw it out there for comments
> > >
> > > enjoy
> > > Todd
> > > http://www.geekzone.co.nz/foobar/6229
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> > Powered by Rackspace (www.rackspace.com)
> Travis Runty
More information about the SATLUG