[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux Virus



on Wed, Mar 28, 2001 at 10:53:33PM -0500, William T Wilson (fluffy@snurgle.org) wrote:
> On Thu, 29 Mar 2001, Mark Devin wrote:
> 
> > Surely this virus cannot overwrite executables that require root
> > permission? Or can it?
> 
> Like every so-called Linux virus, it requires the user to behave stupidly
> - it's really a trojan horse.  

No, it's not a trojan, it's a virus.

A trojan, classic definition, is a program that tricks you into running
it, which allows it to run its majick, and generally transfer, in whole,
to another system.  The confidence game needs to be played each time the
program is run.

A virus actively infects other files.  The confidence game needs to be
played once.  Afterward, you're running what should be good files, which
have been modified in place.  Systems such as md5sums should pick these
out (you'd need a pretty sophisticated virus to catch that), but the
roster of infected files on your system could change on a variable
basis.

> It has the same permission rules as any other program, so it can't
> change root-owned files, unless they are world-writable or you are
> running as root.

The hard step is going from user-level executable to system-level
executable.  You'd need a user-owned binary which a root-owned process
might run to make this transition.

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?       There is no K5 cabal
  http://gestalt-system.sourceforge.net/         http://www.kuro5hin.org

Attachment: pgptkjPSqlMNH.pgp
Description: PGP signature


Reply to: