I have been commenting on the following LQ thread:

http://www.linuxquestions.org/questi...or-so.-633192/

In doing some of the research to assist this poster I came to the conclusion that FUSE may allow a memory resident file infector type programs to operate with Linux.

I tried Google searching USB security risks in FUSE but came up with nothing useful.

Then I tried: Linux FUSE file infector and came up with these results:

http://www.google.com/search?hl=en&q...a+&btnG=Search

I just want to report this here so that someone with more experience maybe able to look into this further.

Cold you please support that with specific pointers? I mean Sajin was clearly VB, Silly-B is listed as ClippyOS-only and the URI you posted was for "Linux +FUSE +secunia". Thanks in advance.

Here are some links regarding the vulnerability:

http://secunia.com/advisories/16024/

http://secunia.com/advisories/17691/

(Watch out for this link it may have a malicious popup) securitydot.net/vuln/exploits/vulnerabilities/articles/15222/vuln.html

The links refer to older versions that have been reported as updated or patched.

However, that does not mean the vulnerability can not reemerge in distributions with FUSE.

Look at the History portion of the original advisary:
The description is of vulnerability is that some information wasn't cleared from memory before the memory was released which could potentially allow other local users access to the information. This isn't an "infection" as you indicated. The problem was patched the day after the discovery. This was almost 3 years ago.

I am aware of that. I am stating that another user has experienced a problem similar to this with a malware infection on a USB drive on a Debian Etch system.

For a history of this discussion see this link: http://www.linuxquestions.org/questi...or-so.-633192/

There is no evidence in the thread you are referencing that the problem is due to fuse. You brought up fuse in the post yourself. I looked through eight of the links from the google search page you posted and they all were dealing with a local exploit revealing information. The other links you provided deal with the same issue. If you found a different CVE notice following one of those links, then please post a link to the notice itself instead of a generic google search.

The OP of the other thread could easily unload the "fuse" module, then delete the partiton and repartition and format the flash drive. If after inserting the pendrive an exe file still appears, the user may have had a different kernel module modified. Or the user may have picked up a flash drive from hell which contains the smarts to reinfect itself when powercycled.

In the very least, the user should be validating all of his packages. Especially the kernel and kernel modules.

The "problem" is not in or even with FUSE. The Problem is that FUSE, doing what is it supposed to do, gives the malware an environment in which it can operate.

I posted this thread because while it may seem local and insignificant in the reported instance this issue may evolve as more and more users choose to use Linux.

With all due respect but I think you don't have a clear understanding of how some things work in GNU/Linux or at least are misinterpreting things. Mitigating circumstances enough, since the other threads OP posted his messages in a way which wasn't factual and detailed enough for it to be taken as "evidence" anyway. I'm afraid though this thread will remain inconclusive for you until somebody explains by either a: 0) theoretical explanation, walking the kernel, device and filesystem tree, 1) post-mortem of the OPs machine or 2) mimicking the OPs machine and the sick stick in a VM. Whatever the choice I am confident you will see there can be no (sign of) activation, infection or residual traces, proving it's impossible for those viruses to be activated in GNU/Linux.

OK Fair enough.