On Thu, Apr 28, 2005 at 09:11:18AM -0400, William Hooper wrote: > So it's on the same threat level as a bash script that does "rm -f /*". Oh come on. It's somewhat worse than that, since its effects aren't immediately obvious. If the original poster had done that, he would have realized immediately that Something Bad had happened. In this thread though, it was actually a virus scanner that told us -- the original poster realized something was wrong because the virus happens to have some flaws (maybe exec-shield is offering protection here) and caused some infected programs to fail, but didn't know what. This particular virus is basically a proof-of-concept -- it's not a stretch of the imagination at all to see that there could easily be ones which are more clever at hiding themselves. And I guarantee that as Linux becomes more popular, there *will* be more, *even* without a better means to spread than running in userspace and hoping for a shot at root access. > If you can get someone to run an executable as root, then you can do just > about anything you want. The only exception would be if they did a good > job with SELinux, but if they did a good job with SELinux they wouldn't be > running unknown executables as root. As Linux becomes more popular, there will be more and more 'inexperienced sysadmins' -- that is, people who heard that Linux was better than Windows and just want it to go on their system. Unless we start teaching good sysadmin practices in grade school (which I'm all for, honestly), this issue is going to become more and more of a problem. Education is part of the solution, and technical measures like SELinux and better end-user-targetted config tools definitely are too. But saying that this is just PBCAK and dismissing it as not a real threat is just burying our heads in the sand. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 75 degrees Fahrenheit.
