Linux security

Toby Kelsey toby_kelsey at ntlworld.com
Sat Apr 29 10:30:16 UTC 2006


Daniel Carrera wrote:

> I'm interested in this point. If you get a third-party .deb package, how
> will the fact that it's a .deb instead of a program protect you? I'd
> think that if the program itself is malicious, you're still stuffed.

I always list the files in a standalone package before I install.  This is just
a good habit and not enforced by the system, but .deb or .tar.gz format makes it
easy to check these things.  This security is undermined by obscured
pre/post-install scripts though.  Also the package manager can reverse the
install cleanly (the malware will probably subvert this, but it's another
hurdle).

The fact that Ubuntu tries to foist a backup policy on the user (in Dapper) is
in practice an important improvement in (data) security.

> But a related point is that most software you install on Ubuntu is open
> source, and is reviewed at least enough to make it to "universe". So,
> you could argue that an Ubuntu user will hesitate to install a third
> party binary because he's used to using Synaptic. That could be a very
> powerful factor, because it actually addresses the human factor. I
> didn't thik of that before. What do you think?

Currently it's important, but if Ubuntu becomes a base for 3rd-party software,
this distinction will erode.  If there was a mechanism for 3rd-party software to
get a Ubuntu "stamp of approval" (checked for during the install) which means it
has been audited for sensible behaviour that would help, but this would have to
be paid for and there would need to be a trustworthy auditing group.

>> There is an argument for creating categories of packages based on
>> what they change (which the installer can verify), so that if
>> installation of
>> a simple screensaver attempts to disable the firewall for example, the
>> installer will complain.
> 
> 
> Does Ubuntu do that? It would be a powerful argument if it did.

Not as such, although 'apt-get install' checks if files owned by another package
would be overwritten/modified, which is almost as good.  The difficulty with
this approach is that it requires the package manager to interpret/categorise
what sort of actions will happen during the install.

>> More effective is to create a wrapper around a privilege-escalating
>> command such
>> as sudo, so it runs the infect-executables program as well as the one
>> you want.
> 
> 
> Perhaps. Though the user might wonder why Firefox is suddenly asking him
> for a password. (this is an example of an attack made more difficult by
> Ubuntu's design).

Actually I was thinking more of modifying the menu item for Synaptic to start a
trojan wrapper program.  How often do you check what your Synaptic menu item
actually runs?

Cheers,
Toby




More information about the ubuntu-users mailing list