cross-platform virus

Alan McKinnon alan at linuxholdings.co.za
Sat Apr 8 18:30:10 BST 2006


On Saturday 08 April 2006 17:44, Daniel Robitaille wrote:
> On 4/8/06, Shawn McMahon <smcmahon at eiv.com> wrote:
> > On Sat, Apr 08, 2006 at 10:57:37AM +0800, Senectus . said:
> > >    6. su root
> > >    7. make install
> >
> > If we're going to install viruses, let's do it the "right" way:
> >
> > sudo make install
>
> I always wondered about the potential of a problem with sudo in the
> context of a linux virus/worm script.  Let's say that "virus" had
> the line "sudo rm -Rf /", and that script/virus was run
> automatically because of an action of the user in an application
> with a bug/security weakness  (by reading an email, clicking a link
> in firefox, whatever). Obviously it wouldn't work (sudo needs to
> ask for a password), unless the user had done a sudo command within
> the last 15 minutes, and the sudo command still has a token not to
> ask for a new password.
>
> Wouldn't making Ubuntu's sudo asking for a password every single
> time instead of the current once-per-15-minutes  make the OS more
> secure and immune to this type of simple script with a damaging
> payload?  But of course that would be annoying while using sudo in
> our day-to-day usage, but for an increased security I would
> consider doing it (and actually do on one of my system)

You raise an interesting point, and technically you are correct.

Security is always about finding that fine balance between safety and 
disruptiveness. Currently there are very few Trojan writers out there 
targeting *nix so for the time being we are relatively safe.

I predict that it's only a matter of time before the target of Trojans 
shifts away from Windows. After the first wave of them, distros will 
respond by changing their sudo default to no tokens

-- 
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five



More information about the sounder mailing list