| |||||||||||||
|
| |||||||||||||
Follow up: How to write a Linux virusFollow up: How to write a Linux virusPosted Feb 13, 2009 10:19 UTC (Fri) by hppnq (subscriber, #14462)In reply to: Follow up: How to write a Linux virus by foo-bar Parent article: Follow up: How to write a Linux virus
What is unclear to me, is why this keeps cropping up as something even remotely connected to the problem. Yes, the fact that they are not real executables is extremely relevant, because like it or not, that is what the executable bit is supposed to indicate for all my other files. If the desktop launcher were not a file, it would have the exact same security problem, but we would not be having this discussion. What the desktop people have assumed, is that launchers do not automagically show up on the panel. And on my system, they never do. I don't double click them, I click them, and they launch something that I put in there. Icons on my desktop? You bet they have to have the executable bit set, at least on my version of Gnome.
(Log in to post comments)
Follow up: How to write a Linux virus Posted Feb 13, 2009 12:05 UTC (Fri) by foo-bar (guest, #22971) [Link]
They *are* real scripts. Because they can execute arbitrary code.
Follow up: How to write a Linux virus Posted Feb 13, 2009 13:15 UTC (Fri) by hppnq (subscriber, #14462) [Link] These launchers cannot execute arbitrary code. You can click on them of course. Whether something bad happens then is a different problem, and because a DE is nowadays getting more and more capable of turning code into a running process, this does require some attention from developers and users alike.But, since launchers are not only special files to the DE interpreter, but also files on my filesystem and therefore interpretable by my shells, I prefer them to NOT be ordinary executables, shell scripts, Perl files or anything that can be run outside of the desktop environment. Note that I am not saying that the typical desktop is a very safe place. Here, the problem seems to be that they can be run from different places within a desktop environment, which is not a brilliant idea. The solution is to keep things more separate: you will really not likely find ls(1) in /home/cracker. All this, of course, has very little to do with serious security threats and defense mechanisms.
Follow up: How to write a Linux virus Posted Feb 13, 2009 16:08 UTC (Fri) by jhardin (guest, #3297) [Link]
> they can execute arbitrary code.
Not quite. They can execute arbitrary _command lines_.
Perhaps this is a way to address the problem. Provide a list of the executables that the desktop manager is permitted to start via a shortcut.
"rm" for example would _not_ be on the list. Nor would "bash".
Follow up: How to write a Linux virus Posted Feb 13, 2009 17:28 UTC (Fri) by engla (guest, #47454) [Link]
And then what about python? it has to be allowed. Then python -c "arbitrary python code"...
Follow up: How to write a Linux virus Posted Feb 17, 2009 17:08 UTC (Tue) by gouyou (subscriber, #30290) [Link]
So no way to make a nice icon that I would double click for cleaning up my environment ... yeah right.
Follow up: How to write a Linux virus Posted Feb 13, 2009 17:01 UTC (Fri) by nix (subscriber, #2304) [Link]
Yeah. And if you have an interpreter for .desktop files, pointed to by a hashbang line, they will *become* real executables, just like shell scripts or Perl scripts are.
(Without said interpreter, the idea is useless.)
Follow up: How to write a Linux virus Posted Feb 16, 2009 8:57 UTC (Mon) by aleXXX (subscriber, #2742) [Link]
I think xdg-open can "start" desktop files.
Alex
Follow up: How to write a Linux virus Posted Feb 16, 2009 10:11 UTC (Mon) by hppnq (subscriber, #14462) [Link] Brilliant, it can open www.pentagon.gov as well as /tmp/britney.png.
Follow up: How to write a Linux virus Posted Feb 16, 2009 20:17 UTC (Mon) by nix (subscriber, #2304) [Link]
Can it? How?
(Anyway, shell scripts cannot be interpreters for other shell scripts:
|
|
||||||||||||