[ubuntu-uk] Successful simple trojan hit gnome-look
Andrew Drapper
andrew at drapper.com
Wed Dec 9 17:56:26 GMT 2009
It may not be the same as a sandbox, but what about installing software that
you are not sure about in a virtual ubuntu inside you main ubuntu say using
virtualbox?
Andrew Drapper
2009/12/9 Matthew Wild <mwild1 at gmail.com>
> 2009/12/9 Johnathon Tinsley <kirrus at kirrus.co.uk>:
> > See here for more:
> >
> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
> >
>
> It's worth noting for those that don't know, when you install a
> package you are effectively giving the package creator (temporary)
> root access to your system. Packages are allowed to contain scripts
> that apt/dpkg run with root access (this is so they can install
> software in system directories like /usr, /etc). If the package
> creator was malicious, it would be easy to put any kind of command in
> there, including the infamous rm -rf / (or worse). The same applies
> equally to software you compile yourself if you run "sudo make
> install".
>
> Think twice about installing packages from outside the Ubuntu
> repositories, Linux is only as secure as its weakest point, don't let
> that point be you :)
>
> Matthew
>
> PS. On the other hand I believe it is dpkg/Debian/Ubuntu's failure in
> that you can't (easily) install software in a sandbox... this isn't
> even that difficult to do for most software...
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20091209/b1f6f702/attachment-0001.htm
More information about the ubuntu-uk
mailing list