Re: Reporting missing package during install

To: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
Cc: debian-user@lists.debian.org
Subject: Re: Reporting missing package during install
From: "Gian Uberto Lauri" <saint@eng.it>
Date: Tue, 10 Dec 2013 08:47:33 +0100
Message-id: <[🔎] 21158.50965.22307.269961@mail.eng.it>
Reply-to: "Gian Uberto Lauri" <saint@eng.it>
In-reply-to: <[🔎] 1386610474.14806.166.camel@archlinux>
References: <[🔎] CAO7q0mn82WxbO_1fL3o1P_X5qz8brA2kZruVb6JG8Nz6LYAZnA@mail.gmail.com> <[🔎] 20131207200143.GJ3239@sid.nuvreauspam> <[🔎] 20131207213630.GB6685@hysteria.proulx.com> <[🔎] 201312090001.50206.lisi.reisz@gmail.com> <[🔎] 21157.31399.63135.88312@mail.eng.it> <[🔎] 20131209094043.GQ3239@sid.nuvreauspam> <[🔎] 21157.37830.879558.114857@mail.eng.it> <[🔎] 20131209164451.GR3239@sid.nuvreauspam> <[🔎] 21157.64035.378332.381679@mail.eng.it> <[🔎] 1386610474.14806.166.camel@archlinux>

Ralf Mardorf writes:
 > On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
 > > Think about this scenario: someone devises a clever way to slip a
 > > Trojan in a user account.
 > 
 > Than the trojan has got user privileges only. If it's a key logger it
 > can read what password you type for sudo, but also what you type for su.

What I fear is a fiendish tool that hijacks your bash stdin and stdout
and injects sudo commands. Not a keylogger, some stealty bastard that
stays hidden, hits, and returns hidden.

 > I know they hack servers, but was the Linux home PC of anybody on this
 > list ever hacked?

How could you detect? Are you sure you have the skills to detect this?
Do you feel safe because you are on a dynamically assigned IP?

Linux home PC are not yet a direct target because the user base of
Linux desktop users. Give them a good reason to write a stuxnet for
GNU/Linux and they will write a stuxnet for GNU/Linux.

-- 
 /\           ___                                    Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____               African word
  //--\| | \|  |   Integralista GNUslamico            meaning "I can
\/                 coltivatore diretto di software       not install
     già sistemista a tempo (altrui) perso...                Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO

Reply to:

Follow-Ups:
- sudo security Was: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

References:
- Reporting missing package during install
  - From: Troy Engel <troyengel@gmail.com>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: Bob Proulx <bob@proulx.com>
- Re: Reporting missing package during install
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: trackball not working after sid upgrade
Next by Date: x fonts : /etc/fonts/conf.d/70-no-bitmaps.conf being re-added automatically on sid upgrade
Previous by thread: Re: Reporting missing package during install
Next by thread: sudo security Was: Reporting missing package during install
Index(es):
- Date
- Thread