Linux security

[Daniel Carrera]

Toby Kelsey wrote:
>>* Viruses have a hard time propagating because they can't infect
>>executable files in the system (separation of priviledge).
> 
> That applies to stuff you didn't intend to install, but some malware is trojan,
> in that it claims to be something useful to install, but does something sneaky
> instead/as well.  Linux helps against trojan software as well:
> 
> The default way for a Window user to install something is to run an unknown
> executable 'randomprog_install.exe' which could do anything, while
> installation on Ubuntu (apart from a few instances such as Sun Java) uses a
> specific installer program which provides more control.

I'm interested in this point. If you get a third-party .deb package, how 
will the fact that it's a .deb instead of a program protect you? I'd 
think that if the program itself is malicious, you're still stuffed.

But a related point is that most software you install on Ubuntu is open 
source, and is reviewed at least enough to make it to "universe". So, 
you could argue that an Ubuntu user will hesitate to install a third 
party binary because he's used to using Synaptic. That could be a very 
powerful factor, because it actually addresses the human factor. I 
didn't thik of that before. What do you think?

> Installable files are less opaque - you can inspect a deb file or Makefile
> to see what it will do before running any system-changing comand.

Ah... good point. Even if you argue that "most users won't look inside 
the deb", there is a much greater chance that *someone* will, and the 
virus will be exposed. So, using .deb packages increases the visibility 
of a virus.

Excellent point, thank you.

> Anything which tends towards "one-click installs" will cause problems unless
> there is secure (cryptographic) control/traceability of who can generate the
> packages.

Like Synaptic.

> There is an argument for creating categories of packages based on
> what they change (which the installer can verify), so that if installation of
> a simple screensaver attempts to disable the firewall for example, the
> installer will complain.

Does Ubuntu do that? It would be a powerful argument if it did.

> More effective is to create a wrapper around a privilege-escalating command such
> as sudo, so it runs the infect-executables program as well as the one you want.

Perhaps. Though the user might wonder why Firefox is suddenly asking him 
for a password. (this is an example of an attack made more difficult by 
Ubuntu's design).

Cheers,
Daniel.
-- 
      /\/`) http://opendocumentfellowship.org
     /\/_/
    /\/_/   ...and starting today, all passwords must contain
    \/_/    letters, numbers, doodles, sign language and
    /       squirrel noises.