[plug] Bugbear/B (Kai/Ben)

Leon Brooks leon at brooks.fdns.net
Wed Jun 11 01:45:03 WST 2003


On Tue, 10 Jun 2003 20:08, Ben Jensz wrote:
> One thing to consider that if Linux became the dominant desktop
> operating system, do you think there wouldn't be any viruses roaming
> around?  Hell yes there would be.

The fly in this ointment is that Linux email programs don't run 
executables. And if they did (hello, Lindows, I'm sure), which version 
of which email client would you be hitting? KMail? Evolution? Mozilla? 
Pine? The same flaw isn't going to exist in all of them, and the code 
for every new version is going to live at different addresses, so your 
"market" is going to be, at best, a very small fraction of the Outlook 
virus-du-jour playground.

> But there would still be viruses being released,
> except they'd probably work by social engineering to get people to
> run them. Same as that "jdbgmgr.exe" hoax that went around, totally
> reliant on social engineering, it was pretty effective.

Would it be so effective if by default the user had no write access on 
the file in question? For example:

rm -f /lib/libc*
rm: cannot remove `/lib/libc-2.3.1.so': Permission denied
rm: cannot remove `/lib/libcom_err.so.2': Permission denied
rm: cannot remove `/lib/libcom_err.so.2.0': Permission denied
rm: cannot remove `/lib/libcrypt-2.3.1.so': Permission denied
rm: cannot remove `/lib/libcrypt.so.1': Permission denied
rm: cannot remove `/lib/libc.so.6': Permission denied

I routinely set up my systems so important files live on a readonly 
partition (and in extreme cases also chattr them +i and rename the 
chattr program). How is social engineering going to cope with stuff 
like that?

Cheers; Leon



More information about the plug mailing list