User: Password:
|
|
Subscribe / Log in / New account

Linux malware: an incident and some solutions

Linux malware: an incident and some solutions

Posted Dec 30, 2009 1:56 UTC (Wed) by dlang (subscriber, #313)
In reply to: Linux malware: an incident and some solutions by zooko
Parent article: Linux malware: an incident and some solutions

does a screensaver need to be able to accept (or detect) input from the keyboard and/or mouse?

if so, then it is no longer good enough to lock things down as you describe, because the screensaver could pop up a image that looks like your desktop. with no other access it becomes a simple DOS (as opposed to a full trojan) but it would still be a nasty issue to troubleshoot.

and if it isn't allowed to accept input, how can you have a locking screensaver?

back in the c64 days I would do something similar. I could walk up to a machine on display in the store and a minute or so later walk away with the display looking the same (complete with the cursor moving), but anything you typed just responded with 'OK'

on a display machine that just needed a (fast) power cycle to get back to normal, this was a prank. as a 1% of the time I cause you to loose all open files because the the screensaver takes over and makes it look like your box is dead it becomes more significant.


(Log in to post comments)

Linux malware: an incident and some solutions

Posted Dec 30, 2009 14:02 UTC (Wed) by paulj (subscriber, #341) [Link]

The screensaver framework can handle keyboard input and locking. The only thing the
untrusted part needs access to is a drawing API to the window on which the screensaver
should appear.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds