| |||||||||||
Linux: security through obscurity?Linux: security through obscurity?Posted Nov 5, 2004 10:06 UTC (Fri) by dps (subscriber, #5725)Parent article: Linux: security through obscurity?
Linux does win *some* security thorugh obsucrity. However most of the lack of worm I think is something else, with the most proninent being
1. There is no easy way of executing an attatchment within any MUA I
2. My normal user identity, which is all a email worm is likely to get,
Similar remarks apply to web browsers, which simply lack priledge and
(Log in to post comments)
Linux: security through obscurity? Posted Nov 5, 2004 15:32 UTC (Fri) by jaclu (guest, #7280) [Link] >2. My normal user identity, which is all a email worm is likely to get,>does not have write permission to the system binaries, boot scripts >and other things commonly targeted by windows virii and worms.
Simply not true.
If I could get Joe User to run a malware, it could install itself to be
Since he propably will login when he starts his system, the evil-daemon will be started, then it runs until machine is shutdown regardles if user is stil logged in.
So if you can get your malware to be run with or without userintervention, a daemon can an will be installed.
Linux: security through obscurity? Posted Nov 5, 2004 16:59 UTC (Fri) by oak (subscriber, #2786) [Link] yes, and then the user daemon can output somewhere in the net systeminformation and fetch back a root exploit specific to that version of kernel etc. Or listen to requests from network to test latest root exploits until one is found that gains the root rights...
|
|||||||||||