Linux security

[Toby Kelsey]

Daniel Carrera wrote:

> * Making a virus run requires a much greater lapse in judgement from
> either the user or the application writer. This is because you must go
> out of your way to alter the execute bit.
>
> * Viruses have a hard time propagating because they can't infect
> executable files in the system (separation of priviledge).

That applies to stuff you didn't intend to install, but some malware is trojan,
in that it claims to be something useful to install, but does something sneaky
instead/as well.  Linux helps against trojan software as well:

The default way for a Window user to install something is to run an unknown
executable 'randomprog_install.exe' which could do anything, while
installation on Ubuntu (apart from a few instances such as Sun Java) uses a
specific installer program which provides more control.

Install files originate from fewer sites and contain information about the
creator, providing more confidence they are genuine.

Installable files are less opaque - you can inspect a deb file or Makefile
to see what it will do before running any system-changing comand.

Anything which tends towards "one-click installs" will cause problems unless
there is secure (cryptographic) control/traceability of who can generate the
packages.  There is an argument for creating categories of packages based on
what they change (which the installer can verify), so that if installation of
a simple screensaver attempts to disable the firewall for example, the
installer will complain.

> On a second thought, there is a way to get around the inability to
> infect executables. A virus could create a $HOME/.local/bin directory,
> put a script there than runs the virus and then calls (say) Firefox, and
> then look for your Gnome panel settings and make your Firefox button run
> that script instead of Firefox.

More effective is to create a wrapper around a privilege-escalating command such
as sudo, so it runs the infect-executables program as well as the one you want.

Toby