create a boot-able disk from an iso file

Nils Kassube kassube at gmx.net
Wed Jan 12 17:34:43 UTC 2011 

Joep L. Blom wrote:
> On 12/01/11 10:00, Nils Kassube wrote:
> > Joep L. Blom wrote:
> >> On 11/01/11 23:42, Nils Kassube wrote:
> >>> I think root access isn't necessary at all for doing serious
> >>> damage. For a "normal user" like me, the most valuable data are
> >>> stored in my home directory and malware running with my
> >>> privileges can delete all those files. That would probably be
> >>> the greatest damage that could be done to my system. 
> >>> Furthermore, as a normal user the malware can start applications
> >>> e.g. to join a botnet and send spam mails. That would also be a
> >>> major damage, this time for the network, not for my machine. And
> >>> again root access isn't necessary.
> >> 
> >> I tend to disagree. Malware has to enter. This of course can occur
> >> via port 80. However, to run a program an execute command must be
> >> given and the executable bit must be set. You can install as many
> >> programs as you want but a program that is not installed by you
> >> can not run as you and therefore cannot damage your home
> >> directory.
> > 
> > I tend to disagree as well. How does malware get into a Windows
> > system? Usually there is a vulnerability of the browser or email
> > client or whatever. The same is possible with Linux / Unix
> > programs. Granted, clicking on an email attachment under Linux
> > usually isn't as dangerous as it is under Windows because it isn't
> > automatically executable.
> 
> How? U agree java-beans and other java snippets have the possibility
> to execute but in their own memory-segment but can contain malwar.

I think you misunderstood what I wrote: An email attachment is not 
automatically executable with Linux.

> Therefore it is good practice to block it (an add-on for Firefox)
> and only allow it if you are sure it contains no malware.

Granted, it may be good practice to lock down a system, but a) that can 
be done with Windows systems as well and b) that has nothing to do with 
the initial point I tried to make: You don't need root access to do 
major damage.

> Again, block flash and only allow films you're reasonably sure they
> are safe or use only Adobe for reading .PDF-files.

No, reading PDF files with Adobe isn't safe either. The Adobe reader has
been vulnerable on Linux / Unix more than once [1,2].

Anyway, even though it may be quite interesting, I think we are getting
more and more off topic here. Therefore I'll refrain from further
comments. Feel free to contact me off-list if you want to continue this
discussion.


Nils

[1] <http://www.h-online.com/security/news/item/Adobe-warns-of-zero-day-vulnerability-in-Reader-and-
Acrobat-1075787.html>
[2] <http://www.h-online.com/security/news/item/Adobe-hole-closed-hole-open-1131232.html>

More information about the ubuntu-users mailing list