| |||||||||||||
|
| |||||||||||||
Follow up: How to write a Linux virusFollow up: How to write a Linux virusPosted Feb 13, 2009 16:11 UTC (Fri) by droundy (subscriber, #4559)In reply to: Follow up: How to write a Linux virus by etienne_lorrain@yahoo.fr Parent article: Follow up: How to write a Linux virus Note that I still do not understand the general problem, if the .desktop file is executed under the "internet" user in the "internet" group, the virus can only modify "internet" files. In fact the problem is not downloading a random file from Internet, it is that doing so will silently change the ownership to the user - and so be trusted like any other file the user owns. Maybe all files downloaded from Internet should be owned by "internet" username until their signature is verified, then they would change ownership to "fedora" or "debian" if it is a verified package, or some smart management based on the username/group. The trouble is that the user of a process running an executable is not determined by the owner of the executable, but rather by the user who started the process. Changing this would have serious implications. What you're proposing really is more like what smack does than something you'd want to hack up using traditional users and DAC.
(Log in to post comments)
Follow up: How to write a Linux virus Posted Feb 13, 2009 17:08 UTC (Fri) by etienne_lorrain@yahoo.fr (guest, #38022) [Link]
> The trouble is that the user of a process running an executable is not determined by the owner of the executable.
Unless sticky bit is set, I thought it was obvious to set it.
Follow up: How to write a Linux virus Posted Feb 13, 2009 21:32 UTC (Fri) by quotemstr (subscriber, #45331) [Link]
You're talking about set-uid, not sticky. The sticky bit has no effect on non-directory files on modern systems.
Follow up: How to write a Linux virus Posted Feb 13, 2009 19:35 UTC (Fri) by tzafrir (subscriber, #11501) [Link]
What is "internet"? So the browser should not be allowed to save files on the disk? Any time you download a file you'll have to explicitly enable it? So you'll get used to that and enable it for that new "harmless" desktop file.
Follow up: How to write a Linux virus Posted Feb 14, 2009 11:34 UTC (Sat) by etienne_lorrain@yahoo.fr (guest, #38022) [Link]
The user/account "internet" has, like any user on Unix, a directory usually named /home/internet, it can do whatever it wants there (like installing any kind of virus, or doing rm -rf .*). You can set any limit for this untrusted user by ulimit.
The user "internet" has access to the local screen (if the real user didn't do "xhost -"), and the sound card. The browser downloads an untrusted executable file, keep it executable and set the set-uid bit and owner "internet", and put that on the desktop. The real user can click on this icon and run it without checks, the worst which can happen is that all "internet" user files will have a virus. That postcard with sound example can be viewed without problem.
Note that I do not know about downloaded data files, maybe it would be safer to to the same system (owner "internet") and open the viewer under the "internet" account in case the data tries to exploit a security bug of the viewer - but that is not the initial problem we were talking about.
Follow up: How to write a Linux virus Posted Feb 19, 2009 14:53 UTC (Thu) by mrshiny (subscriber, #4266) [Link]
So you're basically suggesting a user run their browser under a different user account, to sandbox it. One disadvantage I can see is that many people would never bother to change the ownership of the "internet"'s files and, if infected, would end up with a lot of data at risk for loss/theft. Also, if a file is not de-sandboxed in a timely fashion, a later infection can modify data the user has already "vetted". This increases the risk of infected files escaping the sandbox, when the user decides they finally want to copy that mp3 to their music folder.
|
|
||||||||||||