Re: [Hampshire] Linux.Lion worm

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMBenjamin M. A'Lee at <-
MMSteve Kemp at ->

Reply to this message
Author: Vic
Date:  
To: hampshire
Subject: Re: [Hampshire] Linux.Lion worm
> There is nothing to patch to fix this issue. If you can, for example,
> write to /bin/ls, or /home/$user/bin/script, the virus can update that
> binary to include a copy of itself.

[vic@goliath ~]$ echo "knickers" >> /bin/ls
bash: /bin/ls: Permission denied

Oh look. No way to start modifying stuff like that.

> So if you download untrusted code, run it as root, you're at risk of
> it.

If you deliberately circumvent the security of your system, you might do
something bad. There's a lesson there somewhere...

> And short of running SELinux,
> or similar system there is no magic cure or software patch that
> will protect you.

Well, some of us run SELinux anyway - but the basic protection is the same
as it always is - don't use root except for administrative purposes.
Pretty simple, really.

Vic.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Linux.Lion wormRe: [Hampshire] Linux.Lion worm->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)