LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Follow up: How to write a Linux virus

Follow up: How to write a Linux virus

Posted Feb 13, 2009 8:53 UTC (Fri) by roblucid (subscriber, #48964)
In reply to: Follow up: How to write a Linux virus by foo-bar
Parent article: Follow up: How to write a Linux virus

May be because if people have a .pdf file, they expect it to be opened with a PDF reader, and not need to do any manual specification of an executable. Similarly with HTML, PostScript and media files. There's also ppl installing software packages via a double-click on Desktop.

(Log in to post comments)

Follow up: How to write a Linux virus

Posted Feb 13, 2009 9:46 UTC (Fri) by Tuxie (guest, #47191) [Link]

But HTML, PostScript, PDF and media files are content files.

.desktop files should really be treated as scripts because that's exactly what they are. There is no reason at all why someone would ever need to download a .desktop file and doubleclick it.

If such a need comes up though, just wrap it in a .tar.gz and let the user unpack it first, or require the user to right click the file -> properties -> make executable.

Follow up: How to write a Linux virus

Posted Feb 13, 2009 12:55 UTC (Fri) by roblucid (subscriber, #48964) [Link]

> But HTML, PostScript, PDF and media files are content files.
> .desktop files should really be treated as scripts because that's exactly what they are.

Do I need this feature at all? Sounds like something I would prefer totally disabled. If the DE is allowing scripts to masquerade as content, then it's a bug, and if the DE relies on arbitary code execution scripts to function it appears to me to be poor design.

The problem is, how do you avoid content file formats being extended, with facilities like scripting?

Relying on user's not being gullible to avoid giving execute permission, is of limited value. The real problem goes deeper, hence the discussion of sand-boxing.

The data is tainted, the way to untaint it is via validation by trusted code.

Follow up: How to write a Linux virus

Posted Feb 13, 2009 10:16 UTC (Fri) by forthy (guest, #1525) [Link]

There's also ppl installing software packages via a double-click on Desktop.

Of course. But then they know that they are going to install software by doing so, and they should be prompted by the distribution's system tool to install software. You can one-click install on OpenSuSE, and I think it's save enough. It will pop up an "install software" program, which displays what kind of software it wants to install, and even insist on importing a GPG key. I'm not that happy with this GPG key import stuff - they should have installed a signing chain so that you can trust GPG keys that have been signed by some OpenSuSE master keys, because otherwise, you can only blindly import it.

Follow up: How to write a Linux virus

Posted Feb 13, 2009 13:03 UTC (Fri) by roblucid (subscriber, #48964) [Link]

I agree with you, and it's made clear what will happen. The lack of any useful way to decide on trust for that key, is a weakness in the one-click install.

So now, we have double-click installing programs into the system, and it's OK, because the stuff is signed, and warnings like entering a password to be root, and a general bside covering warning about trusting repositories is given.

OTOH, we have DE which seem willing to run arbitary code, without any precuations.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds