Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I don't understand the question.
In order to work malware needs to be executed. It can be stored labelled as anything on any medium anywhere so long as it will be executed.
One thing I do find interesting are things like the jpeg library flaws found a few years back which, apparently, allowed data files (jpeg photographs) to to be executed by the opening program.
File extensions are irrelevant, even under Windows, it's getting the code to execute that counts.
Yeah how they execute I'm sure there's a million ways, but I was just wondering if malware code can hide in plain sight inside of these text files.. The jpeg thing you're talking about sounds like a "scriptless attack" where you can corrupt memory to execute arbitrary code in order to open a malicious file, all without a script (maybe this one was disguised as a wallpaper?). This happened just recently with Fedora's Gstreamer decoder, where the malicious file in this case was a malformed video file whom individual frames have been specially crafted to have specific values written to memory during the decoding of the video, which would allowed an attacker to take complete control of the system (so he could open his malicious file).. This could happen via drive by download, but you can detect such exploits by monitoring systems calls (I think Samhain does this) and using network based detection tools..
Last edited by linux4evr5581; 04-26-2017 at 02:17 PM.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by linux4evr5581
Yeah how they execute I'm sure there's a million ways, but I'm just wondering if malware code can hide in plain sight inside of these text files..
Yes, you could encode a whole OS inside a text file as harmless looking text. Not sure how you'd actually execute it though...
In other words -- method of execution is the only thing important to executable files and the rest is just a matter of patience.
It is irrelevant what you can or cannot "hide" in any given file what is relevant is what you can or cannot execute.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by linux4evr5581
I understand what you mean but I think getting malware on a system is half the battle, and I'd rather not have malware in my text files..
I'm sorry but this statement makes no sense.
Just what do you think that a "text file with malware hidden in it" will do and how?
You could download every piece of malware on the internet and store it on your hard drive but until you execute it it is all absolutely harmless data (I've downloaded my fair share).
What exactly is it you're worried about and why?
Well I must say it would suck to buy a brand new laptop only to have it presumably compromised as soon as you transfer seemingly harmless text files over to it. I wish to avoid such a situation like the plague. And perhaps my previous comet was exaggeration (but perhaps it could be true in certain scenarios..) as I realize different networks/systems require different approaches to gaining entry. But what if like a previous commenter replied, that it may be possible to execute a "harmless" text file when you go to edit it in a text editor like vim, and all it's plugins that could have bugs to allow for such a thing? Would it not be possible then?
Last edited by linux4evr5581; 04-26-2017 at 04:35 PM.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I give up. Please look up the differences between executable files and data files and the various ways of distinguishing between the two. Also the difference between storage and memory.
Please also read up on how computers can become infected with malware and what that means.
Really, your posts make no sense.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.