Newbie question on permissions
daniel.carrera at zmsl.com
Sun Apr 2 12:06:41 UTC 2006
>>If someone writes a Linux virus (difficult)
> Well.. most viruses these days aren't about destroying files or whole
> filesystems, they're about sending email to everyone in your address
> book, starting attacks on some site or server on the internet, and of
> course spyware/adware which are every bit as big a pest as viruses on
Yes I know, I said as much in another email.
> Those things don't require root privileges per say.
Sending email might not, but setting up a key logger, a spyware do.
Making your computer into a zombie would be doable because they could
edit your Gnome startup script (but they couldn't, for example, setup a
cron job or change your bootup scripts). So, here, priviledges just make
it more difficult but not impossible to setup a zombie. They just reduce
the number of tools available to make a zombie with.
There are other advantages Linux has that are unrelated to separation of
priviledges. For example, Linux is very diverse. Not everyone is running
Gnome. So if they made a zombie based on Gnome's startup scripts, it
would propagate slowly because the KDE machines would be inmune. The
things that all Linux systems do have in common (e.g. cron) are
protected by root.
I also keep hearing that a problem with MS is that applications have
"hooks" into the OS which allow them to do things that you normally
wouldn't expect a virus to be able to do. For example, there was
recently a Microsoft *Office* bug that caused an exploit when the user
visited a website with *Internet Explorer*. How that's supposed to
happen is beyond me. But in Linux, a bug in OpenOffice would not put you
at risk while using Firefox.
Of course, Linux also has the advantage of generally more secure
applications. Simply by not including ActiveX in Firefox and not having
Office macros in Thunderbird you remove the most common sources of
viruses. If you remove those, you actually have to trick the user into
running a program in purpose (e.g. "check out this cool program").
Linux has another advantage that is related to permissions but not
separation of priviledges per se. In Linux, a file is executable if it
has the +x permission. In Windows it's executable if it ends in a .exe
extension. What's the difference? The difference is that people outside
get to pick the name of the file you are downloading, but in Linux they
can't pick the permissions. That means that, in windows, you can send
someone a file called naughty_picture.jpg.exe and count on the user
clicking on the file and running th evirus. In Linux this wouldn't work.
As a demonstration, download this program:
This file has the Execute permission on the server. When you download
it, it won't have the execute permission.
> Also... I'd like to see the results of a test with 20-30
> 'regular' (non-Linux-Gods) Ubuntu users and see how many of them would
> type their password into a gksudo box when it pops up unexpectedly. The
> ones that do could conceivably be toast.
Very good point. I expect many would. Thankfully we still have the other
things I listed. A website or an email attachment can't call gksudo.
> Hm.. I like my home. :-) I'd still say that's pretty bad. :-)
Backups are your friends :) Ubuntu has a neat backup utility that makes
backups easy. I'm using it myself. I told it to make a weekly
incremental backup and a montly full backup. I don't think about it most
of the time, but Ubuntu diligently makes the backups for me.
The backups are also protected by root.
/\/_/ A life? Sounds great!
\/_/ Do you know where I could download one?
More information about the ubuntu-users