LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How to write a Linux virus in 5 easy steps

How to write a Linux virus in 5 easy steps

Posted Feb 12, 2009 14:08 UTC (Thu) by hppnq (subscriber, #14462)
In reply to: How to write a Linux virus in 5 easy steps by nix
Parent article: How to write a Linux virus in 5 easy steps

When the launcher is invoked as an executable through the hash-bang mechanism with the executable bits off, it will refuse to run anyway, and when run by the interpreter you have the current situation.

So the problem remains the same: do you trust your desktop launcher or not? The traditional Unix security model can never be trusted in this respect.

I would think that it may even be more safe to have an external interpreter run the desktop launcher, because at least you then cannot accidentally run any Joe Random Hacker's setuid binary instead of an easy to parse script.

(Log in to post comments)

How to write a Linux virus in 5 easy steps

Posted Feb 12, 2009 20:47 UTC (Thu) by nix (subscriber, #2304) [Link]

Well, yes, the .desktop-launching interpreter would of course be a
specialized program that knew how to run .desktop files; and it checks the
executable bit on .desktop files that are passed to it as parameters
*itself* before launching programs named in them: it doesn't leave this up
to the kernel or anything like that.

How to write a Linux virus in 5 easy steps

Posted Feb 13, 2009 9:57 UTC (Fri) by hppnq (subscriber, #14462) [Link]

What I meant is that you cannot be sure that there actually is trusted content in that launcher file, so the DE would still have to verify that it would actually run the launcher interpreter, to start with. The executable bit would tell the DE to trust the content, because presumably the user has seen the content, and that is not such a great idea.

It might even add a risk if the launcher can also be seen from another environment, such as a shell, instead of being a file that can only be meaningfully interpreted by the DE proper.

All this has little or nothing to do with the ability to run files in a certain way, but with the level of trust given to a class of files.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds