Re: security (malware) issues in Linux bases OSes

To: debian-user@lists.debian.org
Subject: Re: security (malware) issues in Linux bases OSes
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Sun, 15 Feb 2009 18:24:03 -0600
Message-id: <[🔎] 4998B223.6060004@cox.net>
In-reply-to: <[🔎] 200902151726.23977.bss@iguanasuicide.net>
References: <[🔎] gn9mmv$ks3$1@ger.gmane.org> <[🔎] gn9pdu$fkq$4@ger.gmane.org> <[🔎] 49988DB5.8010406@cox.net> <[🔎] 200902151726.23977.bss@iguanasuicide.net>

On 02/15/2009 05:26 PM, Boyd Stephen Smith Jr. wrote:

On Sunday 15 February 2009 15:48:37 Ron Johnson wrote:

[W]hat's to stop Joe Wannabe from doing this?

     $ sudo dpkg -i NakedBrittany.deb


What's to stop Joe Wannabe from doing this?
sudo rm -rf The Great American Novell / Movie

Neither is an actual security issue.

Depends, I guess, on your definition of "security". Both requireuser interaction, and while the "sudo rm" certainly would be adisaster, installing NakedBrittany.deb would/could install arootkit, keystroke logger, etc, etc.

and the
other thru a poorly-working (official) Debian patch to ssh. (Or was
it SSL?)


I don't recall this actually causing the Debian servers to be compromised.


Ah, you're right.  It was back in July 2006 that gluck got compromised.

--
Ron Johnson, Jr.
Jefferson LA  USA

Supporting World Peace Through Nuclear Pacification

Reply to:

References:
- security (malware) issues in Linux bases OSes
  - From: "H.S." <hs.samix@gmail.com>
- Re: security (malware) issues in Linux bases OSes
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: security (malware) issues in Linux bases OSes
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: security (malware) issues in Linux bases OSes
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>

Prev by Date: Re: rc.local is not executed
Next by Date: Re: Lenny?
Previous by thread: Re: security (malware) issues in Linux bases OSes
Next by thread: Re: security (malware) issues in Linux bases OSes
Index(es):
- Date
- Thread