on Wed, Mar 28, 2001 at 10:53:33PM -0500, William T Wilson (fluffy@snurgle.org) wrote: > On Thu, 29 Mar 2001, Mark Devin wrote: > > > Surely this virus cannot overwrite executables that require root > > permission? Or can it? > > Like every so-called Linux virus, it requires the user to behave stupidly > - it's really a trojan horse. No, it's not a trojan, it's a virus. A trojan, classic definition, is a program that tricks you into running it, which allows it to run its majick, and generally transfer, in whole, to another system. The confidence game needs to be played each time the program is run. A virus actively infects other files. The confidence game needs to be played once. Afterward, you're running what should be good files, which have been modified in place. Systems such as md5sums should pick these out (you'd need a pretty sophisticated virus to catch that), but the roster of infected files on your system could change on a variable basis. > It has the same permission rules as any other program, so it can't > change root-owned files, unless they are world-writable or you are > running as root. The hard step is going from user-level executable to system-level executable. You'd need a user-owned binary which a root-owned process might run to make this transition. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpBRCO19pa22.pgp
Description: PGP signature