basic - continued
Odd
iodine at runbox.no
Sat Feb 6 13:49:51 UTC 2010
Elizabeth Krumbach wrote:
> On Sat, Feb 6, 2010 at 7:54 AM, Odd <iodine at runbox.no> wrote:
>>> I know that I said there were no viruses but I did some research and
>>> found this!! READ THIS EVERYONE!!
>>> http://www.geekzone.co.nz/foobar/6229
>>> So the key here is not to be stupid and also only install from Ubuntu
>>> repositories!
>> But there is a difference between Linux and Windows here. This
>> will not give the malware root access, unless there are some
>> unpatched flaw it can leverage.
>
> Actually, while this particular one didn't, a command in a pre/post
> install script in the package (which you're running with root
> permissions through apt or synaptic) could easily do something like
> enable the root account for an attacker to access, change
> ownership/permissions of vital system files, delete things, phone
> home... anything root can do and which can be scripted.
Good point.
> Given this major risk, Paul Tagliamonte actually ran a whole session
> about using trusted software at our recent Ubuntu User Days on IRC:
>
> https://wiki.ubuntu.com/UserDays/01232010/TrustedSoftware
Yeah, as long as the repositories aren't compromised, like what
happened with Debian a few years back.
--
Odd
More information about the ubuntu-users
mailing list