Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-12-2007, 05:28 PM
|
#1
|
LQ Newbie
Registered: Jan 2007
Distribution: Ubuntu 7.04 Feisty Fawn
Posts: 28
Rep:
|
Could Linux be hacked through propietary applications?
Hi there,
I listen to a few of the TWIT.tv podcasts, including Steve Gibson's Security Now. On the most recent program, they interview security expert. Most of the porgram was about Windows security. However an interesting point was raised - Windows is now reasonably difficult to attack (according to them, but I'm not leaving linux any time soon ) but the point was that the "bad guys" are increasingly taking advantage of flaws in other applications.
Obviously, the whole point about Linux is that it is very hard to crack, because it is inherently secure and the availibilty of the source code. But, what about the propeitary applications that some people use.
For example the flash plugin or Skype (these were actually mentioned on the programme as being vunerable in Windows), what if there was a vunerability in this. Would Linux falsh users be vunerable.
I would appreciate it if someone could explain what would happen.
Thanks
Ben Webb
|
|
|
05-12-2007, 05:45 PM
|
#2
|
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075
Rep:
|
The basic principles are really the same on all modern OSes. If you inadvertantly run a piece of malware then it has the same privileges that you do yourself.
On Linux this means that it would be able to read and manipulate all of the files in your home directory, and attach to unprivileged network ports, because Linux user accounts can't run anything with root (Administrator) privileges unless the user explicitly invokes su or sudo. Windows user accounts frequently have Administrator rights, which means that any piece of malware can have unrestricted access to the entire system once it runs.
It's also worth noting that package managers like apt-get and yum will check the digital signatures of the packages that they install, and responsible vendors will publish checksums for isolated package files so that you can check what you download. Unfortunately some proprietary vendors don't sign their packages or publish checksums, which does expose their customers to the possible risks of fake packages carrying malware (since you then can't verify the authenticity of the package).
|
|
|
05-12-2007, 05:51 PM
|
#3
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
It depends on several factors.
First, the Linux distribution; some have more security than others. If security is important to you, then make sure you select a distribution that meets your requirements. Several of these features can prevent weak security in a network application from being exploitable. For example, there were two exploits of the Debian software servers which, after analysis, could have been prevented by Exec-Shield and/or SELinux. The Debian developers fast-tracked those features to prevent similar future exploits.
The second issue is user privilege separation. Since services and users do not run with administrator authority on Linux, even an exploit that successfully compromises security is limited to user accessible data (and only as further limited by SELinux). An example would be a malicious Makefile. In order to damage beyond the user or application space, a secondary exploit - a privilege escalation - would be needed. However, all such known would be prevented by the other available security enhancements (Fortify_source, fstack-protector, restricted kernel memory access, Exec-Shield, etc.).
In short, there's no question that almost any software can eventually be compromised, or the user socially engineered. However, with the many layers of protection a security-minded distribution employs, creating a successful exploit will be extraordinarily difficult.
|
|
|
05-13-2007, 04:20 AM
|
#4
|
LQ Newbie
Registered: Jan 2007
Distribution: Ubuntu 7.04 Feisty Fawn
Posts: 28
Original Poster
Rep:
|
Security is not a massive prioirty, as I am simply a home user. I know Linux is very secure, and things can only happen which you have priviliges for. However, I will be using programs liike flash.
Do I need any security programmes for home use? I am often told that anti-virus and firewall are not needed, wheras other people disagree. I know antivirus won't do much, as it only prevents known problems - and Clam AV is only useful for finding Windows viruses on servers. But, what about other things?
I am going to be using a ethernet modem, which will presumeably have a firewall built in, so do I need to worry?
|
|
|
05-13-2007, 05:45 AM
|
#5
|
Senior Member
Registered: Mar 2004
Location: Wales, UK
Distribution: Debian, Ubuntu
Posts: 1,075
Rep:
|
Modems don't have firewalls, but routers do. You only absolutely need a firewall if your computer is connected to the Internet and runs network services. For example, Ubuntu doesn't ship with a firewall because it doesn't run any network-accessible services.
If you don't run any network-accessible services then only ways to crack your system are for someone to get physical access to it, or to get a user to run something. Hence the importance of using digitally signed packages, and verifying the authenticity of stuff download yourself with checksums. Java applets effectively auto-install, so there are mechanisms that restrict their access to the host system. The kinds of defences that macemoneta talked about largely protect network services, and don't defend against these kinds of exploits.
|
|
|
All times are GMT -5. The time now is 06:01 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|