LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-19-2005, 02:40 PM   #31
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 66

Roots home directory is not in /home so if you need to run an install binary you can do it from there. Using things like rpm or any package management system wouldn't be effected since the binary that runs the package management system is the one executing and it doesn't (usually) exist in the /home directory anywhere.

Only time I find it a pain in the but that /home is noexec (which it is on my system) is when I am compiling a short program and want to test it... So I just make a /usr/jtshaw directory were I dump things temporarily for testing.

Quote:
Originally posted by DanielTan
But then how to install any software on it ?

Rgds
Daniel
 
Old 10-20-2005, 03:35 AM   #32
enyawix
Member
 
Registered: Sep 2003
Location: ky
Distribution: gentoo
Posts: 396

Rep: Reputation: 32
You guys are thinking much too hard. A web browser can only write to the same places as the user running it. On a properly secured system a normal user can only write to /home /tmp and /var. By mounting /home /tmp and /var noexe only a super user can infect the system. Also mount removeable storage noexe. If you run your system as root you NEED a virus!


my system

/dev/sda1 on / type reiser4 (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devfs on /dev type devfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/sdb1 on /boot type xfs (rw,noexec,nosuid,nodev,noatime)
/dev/sdb2 on /mnt/backup type xfs (rw,noexec,nosuid,nodev,noatime)
/mnt/var.img on /var type reiser4 (rw,noexec,nosuid,nodev,noatime,loop=/dev/loop0)
/dev/sdc1 on /home type reiser4 (rw,noexec,nosuid,nodev,noatime)
none on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /proc/bus/usb type usbfs (rw)

Last edited by enyawix; 10-20-2005 at 03:36 AM.
 
Old 10-20-2005, 03:54 AM   #33
springshades
Member
 
Registered: Nov 2004
Location: Near Lansing, MI , USA
Distribution: Mainly just Mandriva these days.
Posts: 304

Rep: Reputation: 30
Quote:
You guys are thinking much too hard. A web browser can only write to the same places as the user running it.
Spyware and especially adware doesn't have to be directly tied to the web browser to fulfill its function. Adware simply has to be able to pop ads up... perhaps a script which randomly calls a browser to a certain list of websites... doesn't have to be tied into the web browser though it could be and could fully function with only user permissions. Spyware doesn't have to write much of anything once it's installed. It needs to read and send. You install software as root, thus if something is packaged with a program you install, Linux doesn't really have anything built into it that can protect you from the spyware anymore than Windows does. It could very easily start itself up with root permissions at boot up and search your computer for information. By default the Linux firewall allows installed programs to connect to the outside, so the firewall wouldn't be any sort of an obstacle.

My main point is that the reason why spyware isn't much of a problem in Linux is that currently you can trust the available software much more than you can trust Windows software.

Last edited by springshades; 10-20-2005 at 03:56 AM.
 
Old 10-20-2005, 03:29 PM   #34
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
that noexec tip is really neat... thanks!

one question: what functionality is lost by mounting /home noexec (besides the obvious)?? like, for example, will users still be able to use things like javascript in the web browser??
 
Old 10-20-2005, 04:28 PM   #35
nelamvr6
Member
 
Registered: Oct 2005
Location: New London, CT USA
Distribution: Ubuntu 7.04
Posts: 49

Rep: Reputation: 15
Quote:
Originally posted by win32sux
that noexec tip is really neat... thanks!

one question: what functionality is lost by mounting /home noexec (besides the obvious)?? like, for example, will users still be able to use things like javascript in the web browser??
Well one of the things that I discovered is that a I can't even execute "cd ~" without permission. I took away exec permissions from /home /tmp and /var and several of the functions I use all the time simply would not work. Things like my calculator would not load. Konqueror in my home directory would not load.

This option is just not doable on my system. I seriously doubt that my system is uniquely configured, so this option is not likely to work for most people running SuSe 10.0.
 
Old 10-20-2005, 04:45 PM   #36
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally posted by nelamvr6
Well one of the things that I discovered is that a I can't even execute "cd ~" without permission. I took away exec permissions from /home /tmp and /var and several of the functions I use all the time simply would not work. Things like my calculator would not load. Konqueror in my home directory would not load.

This option is just not doable on my system. I seriously doubt that my system is uniquely configured, so this option is not likely to work for most people running SuSe 10.0.
oh man, that's exactly the kinda stuff i was afraid of...

all you guys that use the noexec mount option for /home have to put up with these kinda issues??

i don't think i would be able to do it either if programs would stop working and i couldn't even browse through my documents and stuff...
 
Old 10-20-2005, 06:32 PM   #37
Moloko
Member
 
Registered: Mar 2004
Location: Netherlands
Distribution: Debian
Posts: 729

Rep: Reputation: 30
It seems like overkill to me to use "noexec" on your /home directory. Using it on removable media sounds better, but apps and scripts don't start themselves. It's the user who has to start them. This step should be enough of a barrier to users.

Mind that the problem on Windows comes from self installing software using ActiveX and the ignorance of Windows to give everything executable rights (including text files...).

Don't use the Windows Newspeak to limit yourself on Linux. You don't need all those extra scanner software. That's still the beauty of it!

Rootkits are the only real danger currently. If there will ever be a virus or malicious program that runs itself for Linux you'll find the news on Slashdot.
 
Old 10-20-2005, 06:39 PM   #38
tuxdev
Senior Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 2,012

Rep: Reputation: 111Reputation: 111
use the "showexec" keyword instead. it makes sure all the permisions are sane and has the effect of turning .com .bat and .exe files executable. nice for DOS floppies and VFAT partitions.
 
Old 10-21-2005, 03:18 AM   #39
enyawix
Member
 
Registered: Sep 2003
Location: ky
Distribution: gentoo
Posts: 396

Rep: Reputation: 32
Quote:
Spyware doesn't have to write much of anything once it's installed. It needs to read and send.
springshades

Once the code hits an area mounted noexec the code dies.

I will have to test what happens on other distros. I tested my options on gentoo konqueror works here; I do not have a calculator installed. What calculator do you have so I can test it here?
 
Old 10-21-2005, 10:25 AM   #40
springshades
Member
 
Registered: Nov 2004
Location: Near Lansing, MI , USA
Distribution: Mainly just Mandriva these days.
Posts: 304

Rep: Reputation: 30
Quote:
springshades

Once the code hits an area mounted noexec the code dies.

I will have to test what happens on other distros. I tested my options on gentoo konqueror works here; I do not have a calculator installed. What calculator do you have so I can test it here?
Actually, my post has nothing to do with the whole mounting noexec thing. I was commenting on the dangers of spyware in Linux in general.

I don't think that mounting partitions noexec is a viable option as it would destroy too much functionality for me. Also, most programs (and so presumably spyware as well) is installed in the /usr directory tree. You aren't proposing that a viable options is to mount /usr as noexec are you? NOTHING would work. As long as spyware gets installed into the /usr directory... perhaps /usr/bin like most other software... then the spyware would be just as able to be executed as any other program. The only thing that mounting /home as noexec would do would be to stop executables in the user directories from running. How many programs get installed there? This is the fundamental problem of spyware. In 99% of cases, it is the user who has CHOSEN to install the program and therefore the ad/spyware. If that user has administrative rights AT THE TIME OF INSTALLING, it can go wherever it wants to. This is why I think that Linux as an operating system has no more built in protection against ad/spyware than any other operating system out there for the desktop. It is Linux as a community that is the protection. All those groups making trustworthy packages that we as users can then install and still feel safe about it.

Last thing, I don't think that there is anything that necessarily has to tie the spyware to an internet browser of any sort. Adware sort of requires it since the usual method of sending you ads is via popups, but spyware just needs to send information that it finds to somewhere it chooses. Perhaps limiting checks to only those things that might effect a web browser is an incomplete solution?
 
Old 10-21-2005, 12:57 PM   #41
Bremsstrahlung
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: Debian & Slackware
Posts: 77

Rep: Reputation: 15
The "just browse carefully, idiot" appraoch strikes me as very elitist and defeating the point. People should be able to use computers, and the internet, as they choose. That's, like, the entire point, isn't it? Yes, people sometimes go wayyy overboard with sketchy websites, and many people don't know anything about anything. And it makes those of us who work in IT to pay for college want to put our fists through a monitor when someone comes in with 300 virii and triple that much adware and you find out it's because of the extensive library of pornography that person seems to have downloaded.


Anyway, most Linux distros by nature have an edge over Windows in that, using Linux, you have far more control and monitoring ability over what your computer is actually doing. The simplest way to defend against spyware I see on Linux is with scripts that use process-monitoring tools. Just look at what directories the programs you're unsure about are accessing. It shouldn't be all that hard to find anomalies with such a script. Since many Linux distros have so many great system control options, protecting against spyware - should we ever really need to - should be EASY, since we have the option of looking for suspicious behavior instead of carefully maintaining a database of known threats and comparing a bunch of files and programs in your system to a list of suspects.


Rootkits are obviously harder to deal with, but the most common solution I've seen is a dedicated protected sector of the computer with its own separate tools and permissions. That means either making a superuser with enough root permissions for general use and making root special, or extending that even further to a separate partition with its own kernel.

And there's always live CD's.

Last edited by Bremsstrahlung; 10-21-2005 at 01:06 PM.
 
Old 10-21-2005, 01:28 PM   #42
enyawix
Member
 
Registered: Sep 2003
Location: ky
Distribution: gentoo
Posts: 396

Rep: Reputation: 32
Quote:
Also, most programs (and so presumably spyware as well) is installed in the /usr directory tree. You aren't proposing that a viable options is to mount /usr as noexec are you? NOTHING would work.

Yet agen you are not thinking. Only root can write to /usr so if you have spyware in /usr you logged in as root and put it their.
 
Old 10-21-2005, 01:34 PM   #43
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 66
Quote:
Originally posted by win32sux
oh man, that's exactly the kinda stuff i was afraid of...

all you guys that use the noexec mount option for /home have to put up with these kinda issues??

i don't think i would be able to do it either if programs would stop working and i couldn't even browse through my documents and stuff...
Absolutely not. Those issues make no sense. All noexec does is say any file on that physical partition can't be executed.

Things like cd are shell functions so there must be something else wrong with his permissions scheme. All your programs should exist in /bin, /usr/bin, /usr/local/bin, /opt/bin, or someplace like that. You really shouldn't have any executables anywhere in /home. Providing that is true, everything will work as normal.

I, myself, don't noexec /var as I actually have some programs that need to run that live there (qmail's entire bin directory for example). However, that isn't a big deal for me as I jail my users from access to /var anyway.
 
Old 10-21-2005, 02:42 PM   #44
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally posted by jtshaw
Those issues make no sense. All noexec does is say any file on that physical partition can't be executed.
okay, so noexec only affects files, right? like, directories will still be able to have the executable permission set, right?? (i know that technically directories are also files but you get my point...)

i ask cuz the "I can't even execute cd [when using noexec on /home]" issue that nelamvr6 mentioned sounds to me like it could be related to the execute permissions for directories??

i guess my question is basically: does noexec only affect files or does it also affect directories?? i assume only files are affected, as being able to browse through the filesystem is something most people would want unless the partition they are mounting noexec doesn't have any directories on it...


Last edited by win32sux; 10-21-2005 at 02:44 PM.
 
Old 10-21-2005, 03:43 PM   #45
springshades
Member
 
Registered: Nov 2004
Location: Near Lansing, MI , USA
Distribution: Mainly just Mandriva these days.
Posts: 304

Rep: Reputation: 30
Quote:
Yet agen you are not thinking. Only root can write to /usr so if you have spyware in /usr you logged in as root and put it their.
Haha, and once again you didn't read my post very well. Let me quote this from my last post:

Quote:
This is the fundamental problem of spyware. In 99% of cases, it is the user who has CHOSEN to install the program and therefore the ad/spyware. If that user has administrative rights AT THE TIME OF INSTALLING, it can go wherever it wants to.
Of course, if you've solely been a Linux user for quite awhile, it's possible you don't really know how spyware works in most cases. In Windows, spyware almost always installs itself ALONG WITH something else that the user has CHOSEN to install. For example:

Case 1 -- Windows:

Bob logs onto his computer administrator account on Windows XP, and downloads this cool new game which he finds called DreamBubble VI: The Wrath of Fluffy. It comes in this file called dbubble6.exe. Bob proceeds to double click this file because he wants to play the newest thing in Fluffidom. Soon he is playing this cool new game. However, unbeknownst to Bob, dbubble6.exe also installed a nasty piece of spyware. Now remember, Bob was computer adminstrator, so the spyware was able to install itself WHEREVER and HOWEVER it wanted to be installed. It can now proceed to take over his system.

Case 2 -- Linux:

Sally logs onto her normal user account on Linux and downloads this cool new game which she finds called Tuxia: The Last Penguin Warrior. It comes in this packages called tuxia-lpw-0.3.2.01ab.(insert your choice of rpm, deb, tgz, etc. here). In order to install this package, Sally must log in as root. So she goes to a terminal, uses the command su, puts in the root password, then installs the package. In absolutely no time at all, she's playing this awesome new game. However, unbeknownst to Sally, the package tuxia-lpw-0.3.2.01ab.(insert your choice of rpm, deb, tgz, etc. here) also installed a nasty piece of spyware. Now remember, Sally was su'ed to root account priviledges when she installed the package, so the spyware was able to install itself WHEREVER and HOWEVER it wanted to be installed. It could VERY EASILY be installed into /usr/bin. Furthermore, since she had root priveledges when she installed the package, the spyware was able to add a line to her /etc/rc.d/rc.local file so that it can start itself up with root priviledges EVERY TIME the system boots.

So my conclusion is, when you stated:

Quote:
Only root can write to /usr so if you have spyware in /usr you logged in as root and put it their.
you were absolutely right. And that is EXACTLY the way spyware works. And that is the very reason why Linux as an operating system does not CURRENTLY have any better protection against spyware than Windows does. And that is why I'm so happy that the Linux community is what it is.

@Bremsstrahlung

I read your post and enjoyed it very much. You made some great points. If we know that a user is going to do some stupid stuff every once in awhile (hey, I've heard people who've admitted to using Linux for dozens of years and then one day accidentally rm -rf ./* 'ing their entire system) why not protect them from their stupidity if we can?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
link dies intermittently-seemingly at random- between win<->linux not linux<->linux?? takahaya Linux - Networking 10 03-09-2007 10:37 PM
triple boot linux/linux/linux No Windows involved toastermaker Linux - Newbie 12 03-02-2006 10:40 PM
Microsoft Antispyware program Micro420 General 20 03-15-2005 12:41 AM
Redhat (rhel v2.1) bootup problem with linux (linux vs linux-up) namgor Linux - Software 2 06-24-2004 02:49 PM


All times are GMT -5. The time now is 11:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration