| |||||||||||||
Linux malware: an incident and some solutionsLinux malware: an incident and some solutionsPosted Dec 24, 2009 12:25 UTC (Thu) by tzafrir (subscriber, #11501)Parent article: Linux malware: an incident and some solutions
Just one comment regarding the dpkg command in the article: it lists the contents of a package. That, however, omits one very obvious place to hide malicious (or, well, buggy) code: the maintainer scripts.
I'm not aware of a simple dpkg equivalent of the command 'rpm -q --scripts foo.rpm', but it should be along the lines of:
dpkg --info foo.deb config preinst postinst prerm postrm
(Log in to post comments)
Linux malware: an incident and some solutions Posted Dec 24, 2009 16:34 UTC (Thu) by cortana (subscriber, #24596) [Link]
dpkg --info blah.deb will display which of the preinst, postinst, prerm, postrm scripts the .deb has,
and whether they are shell scripts, perl scripts, etc.
The question I want to ask is: why on earth did gnome-look not strip out all the scripts that
Linux malware: an incident and some solutions Posted Dec 25, 2009 6:51 UTC (Fri) by elanthis (guest, #6227) [Link]
An even better question is why screensavers are submitted as dpkgs at all. Of hmome-look
wants to use native packages for this, require them to be submitted as simplifed source balls and build the binaries and packages themselves, using a properly jailed build environment (or even a vm instance).
Linux malware: an incident and some solutions Posted Dec 26, 2009 14:21 UTC (Sat) by tzafrir (subscriber, #11501) [Link]
That's because you consider them as packagers.
|
|||||||||||||