Anti-virus to protect against anti-virus vulnerabilities

Posted Apr 13, 2006 15:54 UTC (Thu) by bronson (subscriber, #4806)
In reply to: Anti-virus to protect against anti-virus vulnerabilities by zotz
Parent article: Anti-virus to protect against anti-virus vulnerabilities

Running a shell script without +x:

$ echo "echo Howdy" >> /tmp/tt
$ . /tmp/tt
Howdy

Running an binary executable without +x:

$ chmod a-x /bin/echo
$ /bin/echo hi # use fullpath to avoid bash builtin
bash: /bin/echo: Permission denied
$ /lib/ld-2.3.6.so /bin/echo hi
hi

Trivial. The +x bit is just for convenience. I'm really surprised that there are still people that think it adds any sort of security whatsoever.

Anti-virus to protect against anti-virus vulnerabilities

Posted Apr 13, 2006 16:05 UTC (Thu) by bronson (subscriber, #4806) [Link] (1 responses)

"I'm really surprised..." Sorry, zotz, that comment is not aimed at you. It's aimed at whatever is giving people the idea that ONLY files marked +x can be executed. A lot of people have this potentially dangerous misconception.

Anti-virus to protect against anti-virus vulnerabilities

Posted Apr 13, 2006 19:58 UTC (Thu) by cventers (guest, #31465) [Link]

The security comes from the fact that unlike the dominant desktop
operating system (Microsoft Windows), merely *clicking* on something (or
typing its path directly) will not invoke it as an executable.

It doesn't matter that you can beg the linker to load it for you -- to do
so requires explicit user action, ie, they must know what they are doing.

Change permissions before it runs

Posted Apr 13, 2006 21:49 UTC (Thu) by man_ls (guest, #15091) [Link]

We are not talking about theoretical mechanisms to execute random code using generic shell commands; if you are already running you can just chmod the script file and running. But when you want to dupe users into running the malicious code, imagine they receive the following message: "to see dancing pigs just download the attached file on your desktop, start a console and type at the prompt '/bin/ld-2.3.6.so ~/Desktop/dancing.pigs'". Not practical.

The issue here is precisely about the convenience that +x permissions represent: a user clicking on a file attached to a mail message. On Linux desktops any random file that you download needs to have its permissions raised before it can run; if you can do it, then you (hopefully) know enough to be careful.