LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Follow up: How to write a Linux virus

Follow up: How to write a Linux virus

Posted Feb 13, 2009 12:05 UTC (Fri) by foo-bar (guest, #22971)
In reply to: Follow up: How to write a Linux virus by hppnq
Parent article: Follow up: How to write a Linux virus

They *are* real scripts. Because they can execute arbitrary code.

(Log in to post comments)

Follow up: How to write a Linux virus

Posted Feb 13, 2009 13:15 UTC (Fri) by hppnq (subscriber, #14462) [Link]

These launchers cannot execute arbitrary code. You can click on them of course. Whether something bad happens then is a different problem, and because a DE is nowadays getting more and more capable of turning code into a running process, this does require some attention from developers and users alike.

But, since launchers are not only special files to the DE interpreter, but also files on my filesystem and therefore interpretable by my shells, I prefer them to NOT be ordinary executables, shell scripts, Perl files or anything that can be run outside of the desktop environment.

Note that I am not saying that the typical desktop is a very safe place. Here, the problem seems to be that they can be run from different places within a desktop environment, which is not a brilliant idea. The solution is to keep things more separate: you will really not likely find ls(1) in /home/cracker.

All this, of course, has very little to do with serious security threats and defense mechanisms.

Follow up: How to write a Linux virus

Posted Feb 13, 2009 16:08 UTC (Fri) by jhardin (guest, #3297) [Link]

> they can execute arbitrary code.

Not quite. They can execute arbitrary _command lines_.

Perhaps this is a way to address the problem. Provide a list of the executables that the desktop manager is permitted to start via a shortcut.

"rm" for example would _not_ be on the list. Nor would "bash".

Follow up: How to write a Linux virus

Posted Feb 13, 2009 17:28 UTC (Fri) by engla (guest, #47454) [Link]

And then what about python? it has to be allowed. Then python -c "arbitrary python code"...

Follow up: How to write a Linux virus

Posted Feb 17, 2009 17:08 UTC (Tue) by gouyou (subscriber, #30290) [Link]

So no way to make a nice icon that I would double click for cleaning up my environment ... yeah right.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds