LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How to write a Linux virus in 5 easy steps

How to write a Linux virus in 5 easy steps

Posted Feb 12, 2009 12:43 UTC (Thu) by epa (subscriber, #39769)
In reply to: How to write a Linux virus in 5 easy steps by drag
Parent article: How to write a Linux virus in 5 easy steps

It's very irritating because double clicking is about the only way to interact with the system. And _no_shit_ attachments in email can be dangerous, but why does the system react to double click in the most dangerous manner possible?
Absolutely right. Double-clicking on an icon should and must be a safe operation. It should *open* the file, not execute it. The only things that can be safely executed are programs specifically installed as executable, either through the system package manager or by the user (or desktop environment) marking them as such.

(Log in to post comments)

How to write a Linux virus in 5 easy steps

Posted Feb 12, 2009 17:08 UTC (Thu) by drag (subscriber, #31333) [Link]

Well don't forget that opening malicious documents in applications can have the same effect as executing a binary.

For example a common attack vector is to use HTML email to exploit flaws in Microsoft's HTML rendering technology. Using javascript or other things like that to exploit weaknesses that were discovered and 'patched' in Internet Explorer.

Another one is using built in languages for applications to execute virus-like things. For example Word Macro viruses were very very popular.

-------------------------

So... say in Linux there is a flaw in Envice's PDF rendering method some were. So you could send a legal PDF over email that when executed by Evince it would exploit that flaw and run some shell code.

Since there is no security internal to a user account or desktop any program, even the most trivial and unimportant, with a exploitable flaw can be used to gain full access to anything and everything on that user's desktop..

This example is just targeting Nautilus or Konquerer to do a oversight in the .desktop standard... but any program that is commonly used to handle files downloaded from the internet has the same potential problems.

------------------------------

With Linux having a generic attack like with Word Macros or Win32 HTML rendering flaws probably won't work.

So worms and viruses won't spread. The environments are to diverse and are patched too quickly for a generic attack to work in that manner.

This is, in fact, what makes Linux resistant to viruses even though the Linux binary formats makes it very easy to write viruses.

HOWEVER this does not make Linux resistant against focused attacks. If a attacker knows what desktop your using and knows that there are flaws in some of the software your using on your desktop then they could create a focused attack that, if they are targeting a corporate desktop install (for example) with hundreds of users, then they can have a very high probability of success.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds