basic - continued
Elizabeth Krumbach
lyz at ubuntu.com
Sat Feb 6 13:30:08 UTC 2010
On Sat, Feb 6, 2010 at 7:54 AM, Odd <iodine at runbox.no> wrote:
>> I know that I said there were no viruses but I did some research and
>> found this!! READ THIS EVERYONE!!
>> http://www.geekzone.co.nz/foobar/6229
>> So the key here is not to be stupid and also only install from Ubuntu
>> repositories!
>
> But there is a difference between Linux and Windows here. This
> will not give the malware root access, unless there are some
> unpatched flaw it can leverage.
Actually, while this particular one didn't, a command in a pre/post
install script in the package (which you're running with root
permissions through apt or synaptic) could easily do something like
enable the root account for an attacker to access, change
ownership/permissions of vital system files, delete things, phone
home... anything root can do and which can be scripted.
Given this major risk, Paul Tagliamonte actually ran a whole session
about using trusted software at our recent Ubuntu User Days on IRC:
https://wiki.ubuntu.com/UserDays/01232010/TrustedSoftware
--
Elizabeth Krumbach // Lyz // pleia2
http://www.princessleia.com
More information about the ubuntu-users
mailing list