| |||||||||||||
Crossplatform virus - the latest proof of conceptCrossplatform virus - the latest proof of conceptPosted Apr 8, 2006 15:30 UTC (Sat) by aleXXX (subscriber, #2742)Parent article: Crossplatform virus - the latest proof of concept
Hmm, if I'm logged in as normal user, which ELF file should it effect ?
(Log in to post comments)
Crossplatform virus - the latest proof of concept Posted Apr 8, 2006 17:50 UTC (Sat) by nix (subscriber, #2304) [Link] Any writable ones in the current directory.
Hence, net effect unless you run untrusted code as root, nil.
Crossplatform virus - the latest proof of concept Posted Apr 8, 2006 23:49 UTC (Sat) by smoogen (subscriber, #97) [Link] Which happens a lot on some systems. Download some tools, compile them, put them in your ~/bin/ because you dont have root access. Or if your OS follows the Mac paradigm for installing software.. it is installed in your tree etc. Now you may not hurt someone else.. but these days viruses really arent into breaking systems unless you are being ransomed. The real money is getting all those .doc/.swx /.abi documents and everything in ~/.gnucash to your friendly neighborhood extortionist.
Crossplatform virus - the latest proof of concept Posted Apr 9, 2006 10:19 UTC (Sun) by dwmw2 (subscriber, #2063) [Link] AFAIK it doesn't effect any files -- it only affects existing ELF files, if they're writable by the infected user.
But it's a proof of concept -- I suppose it _could_ be made to effect files in ~/bin which override system binaries. But that's not necessarily going to get it very far because they'd would generally only affect the user who's already infected.
Crossplatform virus - the latest proof of concept Posted Apr 9, 2006 22:06 UTC (Sun) by jwb (guest, #15467) [Link] What twisted distribution puts ~/bin in the path? It certainly isn't in my path.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 11:34 UTC (Mon) by NAR (subscriber, #1313) [Link] What twisted distribution puts ~/bin in the path?Debian. And actually this seems sane - I personally don't like to type ~/bin in front of each script that I'd like to run.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:03 UTC (Mon) by tomas2 (guest, #37038) [Link] Hmmm... Since when?echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
cat /etc/debian_version
Tomas
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:11 UTC (Mon) by NAR (subscriber, #1313) [Link] Check /etc/skel/.bash_profile.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:31 UTC (Mon) by tomas2 (guest, #37038) [Link] <copy-paste># set PATH so it includes user's private bin if it exists #if [ -d ~/bin ] ; then # PATH=~/bin:"${PATH}" #fi </copy-paste>
So, it's commented out, and I think this is the default, at least in Sarge?
Tomas
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:46 UTC (Mon) by AAP (guest, #721) [Link] Yes, IIRC, it's commented out, but it seems to me that it wouldn't be that unusual for someone to uncomment it.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 19:00 UTC (Mon) by NAR (subscriber, #1313) [Link] Maybe the local administrator modified the skeleton files. But I still think it's a sane default.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 19:54 UTC (Mon) by tomas2 (guest, #37038) [Link] Well, this is starting to get a little bit OT, but just for the record... :)On my DeMuDi 1.3.0 box here at home ~/bin is included in the path by default if the directory exists. DeMuDi 1.3.0 is based on Debian Etch, so either this is the default in Etch, or then the DeMuDi maintainer agrees with you that this is a sane default :) I personally think that the sane default is to have those lines commented out, and let root decide if he/she wants to change the default for all users or not, but maybe that's just me.
I didn't find anything about this in the Debian changelog, (maybe I didn't look carefully enough) and there is no DeMuDi changelog in /usr/share/doc/bash/
The system is DeMuDi 1.3.0, with a few packages installed from Debian Etch.
So, I don't know for sure about pure Debian Etch, but at least in DeMuDi 1.3.0 the default indeed is to include ~/bin in the path.
Tomas (/back to lurking mode, sorry for the noice guys :))
|
|||||||||||||