| |||||||||||||
Crossplatform virus - the latest proof of conceptCrossplatform virus - the latest proof of conceptPosted Apr 9, 2006 10:19 UTC (Sun) by dwmw2 (subscriber, #2063)In reply to: Crossplatform virus - the latest proof of concept by aleXXX Parent article: Crossplatform virus - the latest proof of concept
AFAIK it doesn't effect any files -- it only affects existing ELF files, if they're writable by the infected user.
But it's a proof of concept -- I suppose it _could_ be made to effect files in ~/bin which override system binaries. But that's not necessarily going to get it very far because they'd would generally only affect the user who's already infected.
(Log in to post comments)
Crossplatform virus - the latest proof of concept Posted Apr 9, 2006 22:06 UTC (Sun) by jwb (guest, #15467) [Link] What twisted distribution puts ~/bin in the path? It certainly isn't in my path.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 11:34 UTC (Mon) by NAR (subscriber, #1313) [Link] What twisted distribution puts ~/bin in the path?Debian. And actually this seems sane - I personally don't like to type ~/bin in front of each script that I'd like to run.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:03 UTC (Mon) by tomas2 (guest, #37038) [Link] Hmmm... Since when?echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
cat /etc/debian_version
Tomas
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:11 UTC (Mon) by NAR (subscriber, #1313) [Link] Check /etc/skel/.bash_profile.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:31 UTC (Mon) by tomas2 (guest, #37038) [Link] <copy-paste># set PATH so it includes user's private bin if it exists #if [ -d ~/bin ] ; then # PATH=~/bin:"${PATH}" #fi </copy-paste>
So, it's commented out, and I think this is the default, at least in Sarge?
Tomas
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 12:46 UTC (Mon) by AAP (guest, #721) [Link] Yes, IIRC, it's commented out, but it seems to me that it wouldn't be that unusual for someone to uncomment it.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 19:00 UTC (Mon) by NAR (subscriber, #1313) [Link] Maybe the local administrator modified the skeleton files. But I still think it's a sane default.
Crossplatform virus - the latest proof of concept Posted Apr 10, 2006 19:54 UTC (Mon) by tomas2 (guest, #37038) [Link] Well, this is starting to get a little bit OT, but just for the record... :)On my DeMuDi 1.3.0 box here at home ~/bin is included in the path by default if the directory exists. DeMuDi 1.3.0 is based on Debian Etch, so either this is the default in Etch, or then the DeMuDi maintainer agrees with you that this is a sane default :) I personally think that the sane default is to have those lines commented out, and let root decide if he/she wants to change the default for all users or not, but maybe that's just me.
I didn't find anything about this in the Debian changelog, (maybe I didn't look carefully enough) and there is no DeMuDi changelog in /usr/share/doc/bash/
The system is DeMuDi 1.3.0, with a few packages installed from Debian Etch.
So, I don't know for sure about pure Debian Etch, but at least in DeMuDi 1.3.0 the default indeed is to include ~/bin in the path.
Tomas (/back to lurking mode, sorry for the noice guys :))
|
|||||||||||||