[conspire] Autodowload a Virus

Carl Myers cmyers at cmyers.org
Tue Jan 5 15:06:58 PST 2010

This is the argument which is always made that computer security isn't a
technical problem (anymore), but a social one.  As long as users can't or won't
learn about permissions and what it means to run something as root, it will be
difficult or impossible to prevent this sort of thing.

Recently windows has made great technical strides by *having* a root user that
isn't "Everyone, all the time", but nobody (AFAIK) has made any progress on
solving this social issue.

On Mon, Jan 04, 2010 at 09:51:04PM -0800, Rick Moen wrote:
> Date: Mon, 4 Jan 2010 21:51:04 -0800
> From: Rick Moen <rick at linuxmafia.com>
> To: conspire at linuxmafia.com
> Subject: Re: [conspire] Autodowload a Virus
> Organization: Dis-
> Quoting Ruben Safir (ruben at mrbrklyn.com):
> > As per previous conversation between list memebers
> > http://lwn.net/SubscriberLink/367874/8f87d6dc7df4936f/
> It might be worth noting that the incident described doesn't involve
> "autodownloading a virus".  It was essentially a social-engineering
> attack that coaxed some number of Ubuntu users into shooting at their
> own feet.  Attack goes like this:
> 1.  Create a supposed GNOME screensaver.  Create a .deb package of it,
> that includes preinst and/or postinst scripts that, if run, cause the
> target system to do something the user wouldn't want.
> 2.  Upload the supposed GNOME screensaver .deb file to gnome-look.org,
> where it'll appear among countless other files with no meaningful
> information and showing as having been uploaded by nobody in particular.
> 3.  Wait for reckless people to download the file and feed it to their
> package-handling subsystems with root-user authority.  Scripts then run
> with root authority, because the user essentially said to do so.
> Please note that I've commented fairly extensively at the LWN news item.
> Just as it's really, really dangerous to assume that arbitrary Firefox
> extensions listed at http://addons.mozilla.org/ from nobody in
> particular are good for your system, the same applies for other
> arbitrary downloads from people you have no reason to trust --
> ESPECIALLY when you turn around and run them with root authority.
> There is no way to prevent users from destroying their systems, if
> they're willing to carry out unwise actions with root authority.  In
> fact, "viruses" are the least of their worries, in that case.
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

Carl Myers 
PGP Key ID 3537595B
PGP Key fingerprint 9365 0FAF 721B 992A 0A20  1E0D C795 2955 3537 595B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20100105/88f40ff1/attachment.pgp>

More information about the conspire mailing list