an option for viruses?

vdboor · Posted: Mon Jan 05, 2004 2:16 pm Post subject: an option for viruses?

Hi,

As far as I know, viruses have very little playground on a linux system. Mostly because of the user separation, executable permissions, and diversity of software.

but there was one thing I was wondering about: can a virus, running with my user privileges, gain access to an xterm where I use 'su'? I mean, I can copy-paste between programs, and the virus could paste a few commands it it likes it.

it this possible, or have I missed something here? because imho this could make the virus thread more realistic on the linux desktops. ..even though it's a lot harder to get viruses for linux. I often compare this with the old ms-dos days, where you needed to start the virus from a floppy disk you got from someone else.
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer
[ screenies | Coding on KMess ]

The Mountain Man · l33t Joined: 03 Sep 2003 Posts: 643

I'm thinking this isn't really a concern, but I don't know much about this sort of thing.
_________________
I suck at signatures.

hopstah · Posted: Mon Jan 05, 2004 3:26 pm Post subject:

seems to me if it were a huge threat, it would have been done by now. it's not really a groundbreaking idea, you know?

teknomage1 · Posted: Mon Jan 05, 2004 4:35 pm Post subject:

I the virus was smart enough to know you used 'su' it's smart enough to just steal your root password anyway and by then you're hosed. So it's not really worth worrying about.

Genone · Posted: Mon Jan 05, 2004 8:06 pm Post subject:

Well,
- the virus has to get on your system first
- it has to be executed first (remember, we don't have buggy 'I-execute-all-attachments' e-mail clients here)
- it would have to check the processlist to find an xterm/aterm/eterm/gnome-terminal/konsole/... running a root-priviledged shell it could use
- hack into the clipboard, manipulate the windowlist and paste some pre-defined strings

So while it's not impossible it would have to be fairly advanced and still need to be executed. One reason Linux is a harder target for malicious software is that each system runs different software (from console-only to full KDE), so it's hard to have a common denominator to write the software for (unlike Windows, where everyone has basically the same system).
Of course, if the virus would use the package management it could depend on the required components :lol:

vdboor · Posted: Wed Jan 07, 2004 9:44 am Post subject:

You guys are absolutely right about the complexity required to create such virus... and I haven't been worrying about linux viruses really much too.

If people ask something about linux viruses, I show them this article:
http://www.theregister.co.uk/content/56/33226.html It sums up pretty much everything.

However, I found this article yesterday in a simple google search: http://www.virusbtn.com/news/latest_news/granneman.xml ...and it woke me up a little.. because either we're being blinded by a little naieve "Linux is the best, and can't have viruses" advocacy, or the article is just simple FUD.

any opinions?
_________________
The best way to accelerate a windows server is by 9.81M/S²
Linux user #311670 and Yet Another Perl Programmer
[ screenies | Coding on KMess ]

Jazz · Posted: Wed Jan 07, 2004 12:10 pm Post subject:

HEHEH ! on a funny thought, i would love to see the virus get entangled in a dependency hell while trying to execute itself

That would teach it to remain out of Linux World for good :wink:

Bye,
Jassi

nempo · Posted: Wed Jan 07, 2004 2:50 pm Post subject: