LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2003, 11:04 AM   #16
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47

QUOTE: "and is the most important part of the system"

Ok, here's whats in my home directory...
a few scripts that load flight gear flight simulator with my fave parameters
a few MP3's
and my work (which is always backed up, with the backups access right set up, so only root can view, edit, or read them)

so if i lost my home directory i would lose a pointless script, my music, and my work, which is backed up.

i cant see the loss of a few mp3's crippling my system !!!!!

and if u are worried about losing your work, make a backup, and
su
[pass]
chmod 000 my_work
exit

that will keep it safe.
 
Old 08-24-2003, 11:11 AM   #17
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 47
Many computer users have very important data in their home directory. Don't assume that the way you work is the way everybody works.

The danger is more from having a machine turned into a spam relay by hackers/trojans than actually having your home data destroyed anyway.
 
Old 08-24-2003, 11:26 AM   #18
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
I agree with mhearn's post, at least mostly.

Most people are reciting the bofh viewpoint without thinking. If you are the system administrator, of course you don't care if your poor users are screwed as long as your system is safe. But most people using Linx as a desktop OS are *not* bofh and losing the contents of /home is the *most* catastrophic thing that can happen. And saying that you have to be root to install apps - well, yeah, that's where the viruses mostly live and when you're most vulnerable, now isn't it? No, Linux isnt as maliciously stupid as Microsoft with word processor documents and mail clients being turned into superb virus vectors. I don't think Linux will ever be as insecure as MS - but it's definitely a matter of slim degree. Linux produces better hackers, and, on average, would produce better crackers. In the long run, as and if Linux grows, the security of Linux is going to be less and less of an effective contrast. Especially as it has that rep. I'd gather a big reason crackers crack is ego-tripping and breaking a Linux box probably wins more points than an MS box. Security is better *now* but it's not my main reason for running Linux in the long run.

-- mhearn's earlier post. "Oh, there's a page 2?", digiot asks.

Last edited by slakmagik; 08-24-2003 at 11:28 AM.
 
Old 08-24-2003, 11:29 AM   #19
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68
Great discussion so far, I feel it'll be better furthered in Linux - Security, so that's where I'm moving it to...

Cool
 
Old 08-25-2003, 02:18 PM   #20
CodeHawk
LQ Newbie
 
Registered: Aug 2003
Location: chicago
Distribution: Redhat 7.x 8,9 win2k, Novell
Posts: 7

Rep: Reputation: 0
worried about security i found this security kernel for redhat linux, check it out if you have some time, i did.

http://www.nsa.gov/selinux/download.html

codehawk
peace.....
 
Old 08-25-2003, 11:50 PM   #21
redcane
Member
 
Registered: Aug 2003
Posts: 31

Rep: Reputation: 15
Quote:
Originally posted by mhearn
I disagree with most of what is said here. The home directory is extremely vulnerable, and is the most important part of the system. Also, it's possible to write viruses and worms which do not require root access.
The main difference in linux is seperation of priveledges.
I have all my different servers with open ports running as their own users. So if someone breaks into one, they only have access to that servers files. My home directories are not accessable to the servers, only root, and the owner of the files. As such the "most important part of the system", the home directories aren't very vulnerable.

for example, if someone breaks apache, they only see the chroot jail filesystem it's on, which is only the files it serves up. No access to home directories. Worms which don't require root access may be able to spread themselves, but they don't have access to other parts of the system.
 
Old 08-26-2003, 06:20 AM   #22
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 47
I was talking in the context of home user desktops, which outnumber servers by a very large number, and security wise are also the most vulnerable. Yes, on a well managed servers proper priviledge separations can be useful to contain a breakin, however for desktops that doesn't apply.
 
Old 08-27-2003, 02:03 PM   #23
Rumblefish
Member
 
Registered: Jun 2003
Location: Delaware
Distribution: Redhat 7.0, 7.2, 8.0, 9.0, FreeBSD 4.6.2
Posts: 51

Rep: Reputation: 15
In nearly every Linux distro, the day-to-day users that you create are still very well separated from the execution and/or installation users, regardless of the purpose of the box, be it as a Web server, an app server, a file server, a database server or a desktop. This is where you really start to see the separation of Linux and Windows as far as security goes, because of how things are executed. Most daemon-specific user accounts on a system are blind to every part of the file system that they don't have a vital need to see, and therefore are *theoretically* unable to do much damage. However, there are security holes in even the best piece of code that extends beyond "Hello World" and that makes for the *potential* to do damage to be increased. However, as it currently stands, and as it appears to be down the road for quite some time, these holes in the code are rarely if ever uncovered as an actual hole, and therefore don't lead to malicious attacks.

The code itself must be pretty doggone good though; the source code is freely available, so anyone with half a semester of a C class in college can write a virus or a trojan horse or a worm or whatever -- IF he or she can find the security hole, which just doesn't happen often at all in Linux.
 
Old 08-28-2003, 05:39 AM   #24
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 47
As SoBig has admirably proven, you don't need to find a security hole to create havoc, you just need a tiny bit of knowledge about social engineering.
 
Old 08-28-2003, 06:26 AM   #25
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 471Reputation: 471Reputation: 471Reputation: 471Reputation: 471
Quote:
The best approach to solving this problem IMHO is to have a community dedicated to wargaming, where people attempt to figure out ways to get malicious software onto systems and those holes are patched up quickly - and more important, when viruses/worms or spyware does start spreading, we have effective anti-virus and update mechanisms in place to ensure we can neutralise it quickly.
The beauty of Linux/Open Source software is that it is continually subjected to peer review. This means that as soon as a problem/hole is found, a patch can be written and distributed. I have read stories where a user has contacted a program's author with a bug and had a bug patch sent to them within an hour. Microsoft (to use them as an example) do not have this same speedy turnaround - if you find a hole, it is unlikely to be patched for at least a fortnight if at all. This gives the cracker at least 2 weeks to disseminate their trojan/virus.

As well as this, Linux products are hackable - if you are afraid your /home will be infected, save things elsewhere - create a new volume or directory and save there eg /saved

Linux, though not totally secure, is mostly secure due to the insistence on user rights/root rights. It would be inherently more difficult for a virus writer. Also, different distros do things in different ways even down to putting individual files in different places. What happens to a virus that needs the latest kernel source code to run when it hits an out of date kernel on a box with no source code?

I suspect that what we may see (if the viruses do increase for non Windows OSes) is the RH9 virus, the Mandrake 9.1 virus, the Slackware virus - distro specific. Which means that they will have very limited effect and will be killed immediately.

My 0.01 (equal to $0.02)
 
Old 08-28-2003, 08:33 AM   #26
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 47
Quote:
Linux, though not totally secure, is mostly secure due to the insistence on user rights/root rights. It would be inherently more difficult for a virus writer.
I don't agree. I can think of about 4 or 5 ways you could write a really nasty virus without needing root privs at all. SoBig demonstrated that people *will* run dangerous code, we need to have some way to counter that. The most secure OS in the world can't stop somebody being tricked into running a virus, so we need to provide a safety net to catch people when they do that.

Also, it's entirely possible to write portable viruses. Techniques for creating portable binaries are well known, and would not be hard to use here.
 
Old 08-28-2003, 09:02 AM   #27
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 471Reputation: 471Reputation: 471Reputation: 471Reputation: 471
But how do you get someone to run it? Adding .exe to screensaver.scr makes the virus executable and the extensions are normally hidden by default, but running screensaver.sh is a little more difficult. Screensaver.rpm could involve dependency hell!

Also, can files be installed from the mail client or does the attachment need to be saved first and the chmod 777'd?

On top of that, since viruses are one of the reasons to switch to Linux, I'd hope we are slightly less careless than the average bear.
 
Old 08-28-2003, 10:22 AM   #28
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 47
Quote:
Also, can files be installed from the mail client or does the attachment need to be saved first and the chmod 777'd?
Hi,

I got bored at work the other day and found the attached screensaver. It's really great, just save it to your home directory then type this into a terminal:

/lib/ld-linux.so.2 ~/screensaver

That will install it for you!
lots of love -$USERNAME
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Future of Linux, Future of BSD ? tarballed Linux - General 28 01-01-2012 04:04 PM
Trend Micro Server Protect for Linux AS 2.1 matam17 Linux - Security 3 03-31-2005 12:00 PM
Trend VirusWall on Fedora 3 bjoste@netsense Linux - Security 1 03-10-2005 03:55 PM
Trend Chipaway Virus AngelLucifer Linux - Newbie 6 10-30-2003 12:19 PM
need help on Trend Viruswall RAMILLY Linux - Security 3 08-06-2002 08:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration