LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-01-2019, 09:19 AM   #1
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Rep: Reputation: Disabled
How to enable a Hard Disk to read/write to a USB device but disable the USB device to read/write to the hard disk without user permission?


Rather than using antivirus/encryption etc to protect from viruses from a USB device, is there a way to enable a PC or Laptop Hard Disk to read/write to a USB device but disable the USB device to read/write to the hard disk without user permission?

One can read data from the USB device, use/process the data and write the data back to the USB device. But there should not be any automatic data read/written by the USB device to the hard disk.

The user is controlling the OS and the programs running on the hard disk. An external static USB device should not be able to read/write any data to the hard disk without user permission so as to prevent any infection.
 
Old 04-01-2019, 09:24 AM   #2
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware FreeBSD Win10 MX
Posts: 9,610

Rep: Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071
key word permission. got a have to to read/write/execute, that is not actually a device controlled item, but a user controlled situation. Because a device itself cannot automatically write to something even itself without outside intervention.

This means that a user be it root or someone else has to be logged into the system before anything can be written to a device or read from it. The device is just the medium that holds the data to be read from or written to.

I think you need to rethink your line of logic on how data is being written to and read from a device. your last statement tells how this is taking place already.

root can do anything, to anyone's system, if you get yourself to root user you can do anything to that system and whatever is attached to it. Encryption helps prevent this. It is just one more hurdle one has to jump over to gain access to the data that is encrypted.

Last edited by BW-userx; 04-01-2019 at 09:32 AM.
 
Old 04-01-2019, 11:37 AM   #3
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Original Poster
Rep: Reputation: Disabled
Hi BW-userx,
I have used Windows OS previously and have now moved towards Linux (Debian OS at the moment having a root account)

While running Windows I have experienced several autorun and other viruses from USB devices.

Now, I am trying to visualise the basic steps of how a virus in a USB device can actually infect a hard disk regardless of the operating system.
1. The USB device has to be mounted to the hard disk running the OS.
2. USB device needs to have read and/or write permission for enabling data transfer.
3. An executable file which is a virus has to run either automatically from the USB (through autorun enabled or something else) or manually run by the user.

Lets say, I mount all USB devices manually (no autorun/automount). Do Linux systems execute any code from a USB device when connected?

I got an answer saying: Linux systems usually (Not 100% sure) do not execute code from a USB stick when just connecting it. From the link: https://askubuntu.com/questions/4508...rive-in-ubuntu

One more suggestion I got was disabling the automatic thumbnailing of files on removable media. From the link: https://lwn.net/Articles/427135/
 
Old 04-01-2019, 11:59 AM   #4
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware FreeBSD Win10 MX
Posts: 9,610

Rep: Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071Reputation: 2071
windows = viruses
Linux != viruses

you basically have to run it yourself Linux uses scripts, and binary, but I've never seen an autorun until it is setup by user, say when they login to there desktop, they have setup a autostart script to start whatever they want stared.

viruses . Linux is not prone to viruses, whereas Windows is. This is why I do not even bother with antiviruses software for linux that some people do put out. As far as I see it to con unknowing people to feed off there fears.

That is not to say one cannot write a script or something into a binary that seeks and destroys someones data, or send back information to an outside source. But autorun upon mounting a drive. I've never seen anything like that.
 
Old 04-01-2019, 01:15 PM   #5
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
How to enable a Hard Disk to read/write to a USB device but disable the USB device to read/write to the hard disk without user permission?

Autorun exploits only work on badly configured Windows devices and, to my recollection, none of the Linux distributions I have used have even suggested I run a file from a connected device upon mount. Granted, some desktop environments will have options such as "always play media from this device" and autothumbnailing does mean that a process will read data on the device but that's step removed from running any code.
If you're truly worried (or paranoid, or both) you could even look into allowing only certain USB HID devices to control the mouse pointer and input keystrokes under Linux. something I keep meaning to test using my "mouse jigglers".
 
Old 04-02-2019, 01:58 PM   #6
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
How to enable a Hard Disk to read/write to a USB device but disable the USB device to read/write to the hard disk without user permission?

I was thinking of USBKill, by the way, which disables all but whitelisted USB devices.
 
Old 04-02-2019, 02:45 PM   #7
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,270

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Mount the USB device with the "noexec" option to disable running any executables on it. Note that isn't foolproof, though.
 
1 members found this post helpful.
Old 05-08-2019, 02:37 PM   #8
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
Quote:
Originally Posted by smallpond View Post
Mount the USB device with the "noexec" option to disable running any executables on it. Note that isn't foolproof, though.
this helps also.
Please, ce309 learn the difference between a device and a user: a USB device does not execute commands, the user plugging it in does.
If you're still here please actually read about things like autorun and permissions.
 
Old 05-09-2019, 06:22 AM   #9
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Original Poster
Rep: Reputation: Disabled
Thank you all.

I tried changing permissions of a usb drive.

I used the following commands to create a simple executable file:-
echo 'echo Hello World'>hello
chmod ugo+x hello

And to run the file I used the command:-
./hello

While executable permission was disabled, I got output: Permission denied
While executable permission was enabled, I got output: Hello World

Both times while executable permission was disabled and enabled, I was successfully able to execute and get output from a ".jar" file (a simple application giving output "Hi there"). Note: the ".jar" file was created outside of the usb drive and then copied to the usb drive.

I am going slightly off topic (I hope this is ok) towards files or file extensions that can be a virus on which I have done some research. I'll share the information I got so that one can confirm or reject any part of the information.

Linux Extensions: https://askubuntu.com/a/174356

Permission/file property set by a command to make an executable file:
chmod +x filename
(Discussion Link: https://askubuntu.com/a/831134)

So, my question is why did the ".jar" file execute but not the hello file while executable permission was disabled?
Is it because Linux had an interpreter for it or some other reason?
 
Old 05-09-2019, 02:37 PM   #10
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
Please actually read some information about this.
I have, in my pocket, a device which, should you plug it into your PC, could open a terminal and start a server process without being mounted in any way.
Yes, the files you can run which are set to non-execute are interpreted by an executable file which you, the user, chose to run.
Code does not execute itself, ever.
 
1 members found this post helpful.
Old 05-13-2019, 02:11 PM   #11
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Original Poster
Rep: Reputation: Disabled
I would like to discuss further on this. (respectfully)

I don't see the point in having something like an executable permission for a usb if the user can run executables anyway from a usb.
This is just like saying that one can write to a removable media even if only read permission is given to that removable media.

Quote:
Originally Posted by 273 View Post
I have, in my pocket, a device which, should you plug it into your PC, could open a terminal and start a server process without being mounted in any way.
I think one has to mount before accessing a file on Linux (https://en.wikipedia.org/wiki/Mount_(Unix)

Please correct me if any of the above is wrong.
 
1 members found this post helpful.
Old 05-13-2019, 02:16 PM   #12
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
Quote:
Originally Posted by ce309 View Post
I would like to discuss further on this. (respectfully)

I don't see the point in having something like an executable permission for a usb if the user can run executables anyway from a usb.
This is just like saying that one can write to a removable media even if only read permission is given to that removable media.



I think one has to mount before accessing a file on Linux (https://en.wikipedia.org/wiki/Mount_(Unix)

Please correct me if any of the above is wrong.
You are not executing something from the USB drive you are telling an executable to interpret and run that code. There are ways around it if you look into that rather than assuming it will work as you expect.
Simply put I referred to a "mouse jiggler" and that any USB device can expose any functinality the creator of it wishes. The key is to learn about that and plan.
 
Old 05-13-2019, 03:01 PM   #13
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
You are not executing something from the USB drive
I am actually executing from a USB drive. I created an executable jar file and it runs from the USB drive (through the terminal) even if executable permission is disabled.

While the hello file gave error "Permission denied" while running from the terminal and via graphical interface (renamed hello to hello.sh, single-clicked it and pressed on enter key).

Quote:
Originally Posted by 273 View Post
you are telling an executable to interpret and run that code.
I am just executing the .jar file not telling the executable to interpret and run.
I had installed JRE which has the interpreter. Linux uses the interpreter to run/execute that code.

This is why I had given a link for Linux file extensions earlier https://askubuntu.com/a/174356
which says that "Linux is capable of running any file that it has an interpreter for"


If I am mounting a usb with only read permission then I myself (as the root user having control over the operating system) cannot write to that usb unless I remount and give permission (or some other way to give permission) to write on that usb.

In the same way, if I am disabling executable permission on a usb then I myself should not be able to execute any file on that usb unless I enable executable permission for that usb.

Quote:
Originally Posted by 273 View Post
any USB device can expose any functinality the creator of it wishes
I am looking from the point of view of a person or group of people developing an operating system (not just an OS but even a simple application can be taken as an example).

I am defining very well the functionality, permissions, terms etc of an OS/application. After that if someone tries to do something illegal/unethical/bad like using a USB device for stealing/corrupting data then I or (group of people associated with that OS/application) have the right to act against that person or at least do something about it taking in consideration the damage/loss caused.

Last edited by ce309; 05-13-2019 at 05:24 PM.
 
Old 05-14-2019, 02:32 PM   #14
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,525

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
You are not executing from a USB drive you are running a program which envokes an interpreter which runs code from the USB drive. To learn how to prevent that, learn what that means and how it works. It's pretty-much the same on Windows or was from my recollection.

The secondary subject of just what a device can do when plugged in is best addressed by looking at things like "Bad USB". I would, actually, tend to rate the threat from a rogue HID as fairly low but circumstance could make it more of a threat.

Last edited by 273; 05-14-2019 at 02:33 PM. Reason: typo's
 
Old 05-15-2019, 04:23 AM   #15
ce309
LQ Newbie
 
Registered: Mar 2019
Posts: 15

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
You are not executing from a USB drive you are running a program which envokes an interpreter which runs code from the USB drive. To learn how to prevent that, learn what that means and how it works.
Of course, I am executing from a USB drive as the code is located on the usb drive. Running a code from a usb drive means executing code from a usb drive.

Execute = run = perform a set of instructions.

This is why it is called as an executable .jar file. Compiling java program(s) gives you .class files containing byte code. Class files can be packed into an executable .jar file. The .jar file needs an interpreter to run/execute the byte code. Installing JRE (which has the interpreter) in Linux means that Linux is now capable of executing .jar files.

Rather than trying to explain or dive into the terms "interpreter", "interpreted language", "compiled language" etc, I will simply say that there may be some default options for a user to execute files (such as .sh file or .deb file or using chmod command) after installing an OS. After that the user would need to do some additional work: install (or manually write etc) some other softwares/applications/tools/codes etc for other file types which have requirements not satisfied by the OS, so that those file types are capable of being executed by the user.

In both cases (default options and for other file types) when the user wants to execute some file, he/she would give some input like double-clicking on a file or write a command on a terminal. After that the OS would execute the file. The only difference is that additional work would be needed for other file types to be executed.

Again it is the user who controls the OS, who is actually giving some input resulting in execution of code.
In my case, I am a root user having full control over the OS giving some input resulting in execution of code from the usb drive.

If the executable permission is only for default options then in my opinion it is not useful at all. In fact, I am able to install .deb files even if I have disabled executable permission. (I checked file permissions via "ls -l /path/to/file" command).

Quote:
Originally Posted by 273 View Post
The secondary subject of just what a device can do when plugged in is best addressed by looking at things like "Bad USB". I would, actually, tend to rate the threat from a rogue HID as fairly low but circumstance could make it more of a threat.
I did read somewhat about things such as Bad USB and I am again looking from the point of view of a person or group of people developing an operating system/application rather than the attacker knowing what my rights are...... The reply I gave to "any USB device can expose any functinality the creator of it wishes".

Last edited by ce309; 05-15-2019 at 05:03 AM.
 
  


Reply

Tags
data, usb, virus


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] root denied permission to nfs mounted directory but user can read and write qajaq Linux - Networking 2 03-08-2016 09:53 AM
find files with at least read and write for user but not write for group (on Mac OS X) davedpss Other *NIX 11 09-09-2013 05:19 PM
Execute with group permission but write with other permission? Karmaflute Linux - Newbie 15 05-01-2013 08:00 PM
[SOLVED] Enable a user for FTP but disable for SSH? edsall57 Linux - Security 3 05-16-2012 03:06 PM
Disable/enable USB storage device @ run time Mr.J Linux - Kernel 3 08-03-2008 09:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 05:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration