|
|
Subscribe / Log in / New account

Linux malware: an incident and some solutions

Linux malware: an incident and some solutions

Posted Jan 5, 2010 0:10 UTC (Tue) by zooko (guest, #2589)
In reply to: Linux malware: an incident and some solutions by dlang
Parent article: Linux malware: an incident and some solutions

That's the part that is (at least partially) solved by techniques like Nix. It is also partially solved by GNU stow. You can't give me a package which will sneakily install a script into my /etc/profile.d when I install your package using GNU stow.

The basic idea is that you don't try to figure out what the code is going to do, you instead have a separate layer that has some (simple, easily verified) policy about the consequences of what the code does when you run it. In the case of GNU stow, that simple policy is that nothing gets written to outside of /usr/local . I don't understand Nix as well, but it seems like it enforces that nothing gets written outside of "/nix/store/22bharrqlcisnwa11a5qr0xazgvv64hk-firefox-3.5b4" where the big long random string is the secure hash of the actual contents of this particular version. (I'm copying this from http://lwn.net/Articles/337677/ .)

to post comments

Linux malware: an incident and some solutions

Posted Jan 5, 2010 5:47 UTC (Tue) by dlang (guest, #313) [Link]

but it is possible to install a script that when run by root after installation will modify /etc/profile.d


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds