cross-platform virus
Sasha Tsykin
stsykin at gmail.com
Sun Apr 9 15:00:19 BST 2006
Lukas Sabota wrote:
>> Fair enough, it actually is quite a worrying scenario. If, for example,
>> the menu entry for synaptic were to be targeted, and changed to load a
>> virus instead, then you would type the password into gksudo without
>> realising you are activating a virus. This definitely needs to be fixed.
>> Maybe if there is the command being run in BIG LETTERS next to the place
>> where you type in your password.
>
> Yes, but if they are hacking the desktop entry, they could also hack the
> sudo command as well. They could create a "gksud" a psuedo-sudo
> program. This program could say /usr/bin/synaptic, but really
> run /usr/bin/VirusXXx. So I'm not sure how much emphasizing the command
> name would help.
>
Yes, but this program would not be an issue. The point is not some
random program to get you to type in your password. The point is to
authorise a virus for root access. A gksud command could not do that. It
could only get you to type you password in.
Sasha
More information about the sounder
mailing list