[ubuntu-uk] Successful simple trojan hit gnome-look
Matthew Wild
mwild1 at gmail.com
Wed Dec 9 16:47:13 GMT 2009
2009/12/9 Johnathon Tinsley <kirrus at kirrus.co.uk>:
> See here for more:
> http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
>
It's worth noting for those that don't know, when you install a
package you are effectively giving the package creator (temporary)
root access to your system. Packages are allowed to contain scripts
that apt/dpkg run with root access (this is so they can install
software in system directories like /usr, /etc). If the package
creator was malicious, it would be easy to put any kind of command in
there, including the infamous rm -rf / (or worse). The same applies
equally to software you compile yourself if you run "sudo make
install".
Think twice about installing packages from outside the Ubuntu
repositories, Linux is only as secure as its weakest point, don't let
that point be you :)
Matthew
PS. On the other hand I believe it is dpkg/Debian/Ubuntu's failure in
that you can't (easily) install software in a sandbox... this isn't
even that difficult to do for most software...
More information about the ubuntu-uk
mailing list