| |||||||||||||
|
| |||||||||||||
How to write a Linux virus in 5 easy stepsHow to write a Linux virus in 5 easy stepsPosted Feb 12, 2009 22:11 UTC (Thu) by nix (subscriber, #2304)In reply to: How to write a Linux virus in 5 easy steps by flewellyn Parent article: How to write a Linux virus in 5 easy steps
DE = desktop environment.
(Log in to post comments)
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 22:16 UTC (Thu) by flewellyn (subscriber, #5047) [Link]
Alright, that makes sense.
So you would propose that the desktop environments include a ".desktop interpreter" whose job it would be to check for executable privilege on the .desktop files? That could work.
How to write a Linux virus in 5 easy steps Posted Feb 12, 2009 23:29 UTC (Thu) by nix (subscriber, #2304) [Link]
Well, its job is to exec() the programs specified in .desktop files: it's
just that the first stage of that is to check that the user can execute them. :)
I don't see any reason why anything else in the DE needs to know how to
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 1:02 UTC (Fri) by flewellyn (subscriber, #5047) [Link]
That does make sense. It could even be a desktop environment-agnostic tool, such that it would work with GNOME, KDE, XFCE, or what have you, without any changes. Make it depend on minimal libraries (I think you'd only need libc, actually), and make it universally available. For maximal adoption, I'd think you'd want it to be permissively licensed, ala the X.org license.
Y'know, this could work! Gonna write it yourself?
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 9:04 UTC (Fri) by nix (subscriber, #2304) [Link]
I'd like to, but to be useful it has to come out of one of the desktop
environment development groups, really, because it's useless unless they adopt it.
(... actually, not all that useless: it could be useful from the command
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 16:29 UTC (Fri) by flewellyn (subscriber, #5047) [Link]
Well, all it really has to do is examine a .desktop file's permissions and ownership, and return success if they're good, or failure if they're bad. That could be used from any environment.
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 17:03 UTC (Fri) by nix (subscriber, #2304) [Link]
I was expecting it to handle the Exec line itself: i.e., with this in place, running an executable-marked .desktop file from bash would exec() the command stated in its Exec line, by way of the interpreter.
Just having the interpreter return a return code without actually running anything seems profoundly counterintuitive. (Imagine if Perl scripts just returned 1 or 0 when you ran them, indicating whether 'perl $SCRIPTNAME' should be allowed to work!)
How to write a Linux virus in 5 easy steps Posted Feb 13, 2009 17:06 UTC (Fri) by flewellyn (subscriber, #5047) [Link]
Oh, right, I knew that. Just forgot.
Either way, though, I can see something like that being useful in any number of contexts. I can't help but think "If you write it, they will come."
Write the program, audit it carefully, release it under a permissive license, and push for the major desktop environments to start using it. I think they have an interest in better security.
|
|
||||||||||||