Announcement

**GreyGeek** · Jul 07, 2010, 09:23 PM

Re: This is quite interesting

I run FIreFox 3.6.6.

The only problem I have with it is that on occasions, when I click a link, it refuses to activate. I can click the link repeatedly with no effect. If I right-mouse and chose "Open in a New Tab" the link immediately opens.

As far as the vulnerabilities of FireFox is concerned, UNLIKE WIndows, an attacking program MUST save the proper code (ELF binary or bash script) to a file before it can be executed because ONLY FILES are executed in Linux, which is one reason why email malware attachments are ineffective in Linux. Secondly, the save file MUST be marked as executable. Only then can it be executed. Generally, the worst the exploit can do is erase your home account, or steal files from it. You do keep valuable personal information in encrypted files, don't you, and you do regular backups as well?

In 12 years of running Linux I have never met anyone who was running Linux and got infected or hacked. For the last two years I have been watching over more than a dozen elderly friends of mine and NONE of them have ever gotten a bug or hacker intrusion.

**Ole Juul** · Jul 07, 2010, 09:47 PM

Re: This is quite interesting

Originally posted by GreyGeek

In 12 years of running Linux I have never met anyone who was running Linux and got infected or hacked. For the last two years I have been watching over more than a dozen elderly friends of mine and NONE of them have ever gotten a bug or hacker intrusion.

Thanks GG, that's what I wanted to hear - real world experience.

I have noticed the same, and am still waiting to hear (or read) about others getting hacked.

**Telengard** · Jul 07, 2010, 09:56 PM

Re: This is quite interesting

Edit by Telengard

I want everyone to understand that GreyGeek edited this post without my permission. The words he inserted into this post are not mine and do not reflect my views. He clearly has the power to do this as a forum moderator, but I don't believe it is right and good for his word to be credited to me.

GreyGeek has since explained his actions and apologized for his mistake, and I have accepted. I have decided to allow the edited version to remain in place because it contains GreyGeek's response to my post. You can read the reconstruction of what was originally here in reply #24.

Originally posted by GreyGeek

.....

As far as the vulnerabilities of FireFox is concerned, UNLIKE WIndows, an attacking program MUST save the proper code (ELF binary or bash script) to a file before it can be executed because ONLY FILES are executed in Linux, which is one reason why email malware attachments are ineffective in Linux.

True enough, but then Wine is installed on many Linux systems and it allows automatic execution of files with PE headers AFAIK.

Except that wine creates a virtual engine which operates within a nested hidden directory that uses Windows-like directory aliases so that commands like CD C:\something can be understood. A "Del *.*" command would have no effect outside that wine environment. For sport I used to download Windows malware and run it inside a WINE installation just to see what they would do. To restore the WINE environment I'd delete it and reinstall it.

Secondly, the save file MUST be marked as executable. Only then can it be executed.

Not true. Interpreters on Linux systems such as Bash may be invoked on files which do not have the executable flag set. Such scripts don't even necessarily require the #!/bin/bash header to be executable. You can demonstrate this on your own Kubuntu machine by invoking Bash with a here string:

Code:

$ bash <<< 'touch $HOME/virus'
$ ls virus
virus

What the code above demonstrates is that Bash will happily execute scripts which do not have the executable flag set and which do not contain the traditional shebang header. In case you don't quite understand, Bash sees the here string as a script just as if it were reading it from a physical file on the disk.

That is an example of classic "sourcing" of a script file, executing valid bash commands listed in the file, not the execution of an ELF binary or an executable bash script. That source file has to be saved in order to be sourced.

Generally, the worst the exploit can do is erase your home account, or steal files from it. You do keep valuable personal information in encrypted files, don't you, and you do regular backups as well?

Indeed, but I would still cry buckets if my data were ever compromised. Also neither of those things protects me against possible keyloggers or network sniffers.

In 12 years of running Linux I have never met anyone who was running Linux and got infected or hacked. For the last two years I have been watching over more than a dozen elderly friends of mine and NONE of them have ever gotten a bug or hacker intrusion.

I understand and completely believe what you say is true. Even so, my data is mine to protect and my system is mine to administer. As such, I feel my paranoia is not completely unjustified. GG please don't forget that I am a convert from the Windows world. I know how it feels to lose data to viruses, bugs and having my system rooted.

I've been running computers since 1968 (and old IBM tabulators since 1959), PCs since 1978, and PCs running MSDOS since 1983 and PCs running Windows since 1987. Since Win95 in 1996 I've had plenty of experience with the instabilities and vulnerabilities of Win9x, NT, W2K, XP and VISTA through my programming for both my consulting business and my final employer. That's what makes the contrast between the vulnerability of Windows vs. that of Linux so startling.

**zlow** · Jul 08, 2010, 07:18 AM

Re: This is quite interesting

Originally posted by GreyGeek

I run FIreFox 3.6.6.

The only problem I have with it is that on occasions, when I click a link, it refuses to activate. I can click the link repeatedly with no effect. If I right-mouse and chose "Open in a New Tab" the link immediately opens.

As far as the vulnerabilities of FireFox is concerned, UNLIKE WIndows, an attacking program MUST save the proper code (ELF binary or bash script) to a file before it can be executed because ONLY FILES are executed in Linux, which is one reason why email malware attachments are ineffective in Linux.

huh, what? All you need is an unchecked buffer to overflow and execute code on Linux just as with Windows. Email malware attachments could be a problem in Linux too.

Originally posted by GreyGeek

Secondly, the save file MUST be marked as executable. Only then can it be executed.

This isn't true, it could be hooked through a script executed with 'bash script' or an executable that is executed by ld-linux.

For example, I just executed gedit on my PC here at work after removing the execute bit.

Code:

cp /usr/bin/gedit ~
chmod -x ~/gedit
cd
/lib64/ld-linux-x86-64.so.2 ./gedit

How did I know that I could use ld-linux-x86_64.so.2 to execute it? Simple.

Code:

~ $ strings gedit | head -n 1
/lib64/ld-linux-x86-64.so.2

Originally posted by GreyGeek

Generally, the worst the exploit can do is erase your home account, or steal files from it. You do keep valuable personal information in encrypted files, don't you, and you do regular backups as well?

Data theft is far worse than the destruction of a system, this could easily lead to theft of your identity. It is much easier to repair a computer than it is to fix your identity after it has been stolen.

Originally posted by GreyGeek

In 12 years of running Linux I have never met anyone who was running Linux and got infected or hacked. For the last two years I have been watching over more than a dozen elderly friends of mine and NONE of them have ever gotten a bug or hacker intrusion.

Sure you do, perhaps just not face to face. I had a server that was hacked allowing entry through an exploit in BIND in 1999. After that I spent a lot of time learning about Linux security. How do you know that there isn't anything bad on your computer right now? Unless you have a deep understanding of security in software development and have gone through the source of every application and script line by line you can't know.

**Telengard** · Jul 08, 2010, 08:47 AM

Re: This is quite interesting

The content of this post was removed by me, Telengard, because it does not concern the topic of this thread.

**zlow** · Jul 08, 2010, 09:14 AM

Re: This is quite interesting

Originally posted by Telengard

I object to GreyGeek editing my post #17. He edited my post without asking. As a mod he is empowered to do so. In my opinion the information GreyGeek inserted into my post is fasle and misleading. I especially object to the fact that those false and misleading remarks are attributed to me in post #17.

This is a sad abuse of power in my opinion.

Edit

I can't even report this abuse because the forum says the post is my own. I think I may be stuck with no recourse here.

I saw that it said edited by GreyGeek when I replied earlier. If you report it, it should show in the moderator log.

**Telengard** · Jul 08, 2010, 09:24 AM

Re: This is quite interesting

The content of this post was removed by me, Telengard, because it does not concern the topic of this thread.

**Telengard** · Jul 08, 2010, 09:32 AM

Re: This is quite interesting

The content of this post was removed by me, Telengard, because it does not concern the topic of this thread.

**zlow** · Jul 08, 2010, 09:33 AM

Re: This is quite interesting

Send a PM to "Open Source" linking to your post with an explanation of your issue. His profile shows he is an administrator, so he should be able to help you.

http://kubuntuforums.net/forums/inde...on=profile;u=2

I wonder who else's posts this guy has edited..

**Telengard** · Jul 08, 2010, 09:51 AM

Re: This is quite interesting

Edit by Telengard

The original text of reply #17 was editied by global moderator GreyGeek. This file is my best effort to reconstruct the contents of reply #17 as I had originally written it. I originally wrote reply #17 in direct response to GreyGeek's reply #16.

GreyGeek has since explained his actions and apologized for his mistake, and I have accepted.

*** BEGIN RECONSTRUCTED TEXT ***

True enough, but then Wine is installed on many Linux systems and it allows automatic execution of files with PE headers AFAIK.

Originally posted by GreyGeek

Secondly, the save file MUST be marked as executable. Only then can it be executed.

Not true. Interpreters on Linux systems such as Bash may be invoked on files which do not have the executable flag set. Such scripts don't even necessarily require the #!/bin/bash header to be executable. You can demonstrate this on your own Kubuntu machine by invoking Bash with a here string:

Code:

$ bash <<< 'touch $HOME/virus'
$ ls virus
virus

What the code above demonstrates is that Bash will happily execute scripts which do not have the executable flag set and which do not contain the traditional shebang header. In case you don't quite understand, Bash sees the here string as a script just as if it were reading it from a physical file on the disk.

Originally posted by GreyGeek

Generally, the worst the exploit can do is erase your home account, or steal files from it. You do keep valuable personal information in encrypted files, don't you, and you do regular backups as well?

Indeed, but I would still cry buckets if my data were ever compromised. Also neither of those things protects me against possible keyloggers or network sniffers.

Originally posted by GreyGeek

In 12 years of running Linux I have never met anyone who was running Linux and got infected or hacked. For the last two years I have been watching over more than a dozen elderly friends of mine and NONE of them have ever gotten a bug or hacker intrusion.

I understand and completely believe what you say is true. Even so, my data is mine to protect and my system is mine to administer. As such, I feel my paranoia is not completely unjustified. GG please don't forget that I am a convert from the Windows world. I know how it feels to lose data to viruses, bugs and having my system rooted.

*** END RECONSTRUCTED TEXT ***

Some of the original content of the reply #17 had been deleted. I had definitely written something about Firefox's DOM. I also think there was more said about executable files and Wine, but I just can't remember it because I wrote it before going to bed. I'm afraid it is impossible for me to reconstruct exactly what I had originally written. This was my best effort.

**Telengard** · Jul 08, 2010, 10:37 AM

Re: This is quite interesting

The content of this post was removed by me, Telengard, because it does not concern the topic of this thread.

**zlow** · Jul 08, 2010, 10:39 AM

Re: This is quite interesting

Originally posted by Telengard

Not true. Interpreters on Linux systems such as Bash may be invoked on files which do not have the executable flag set. Such scripts don't even necessarily require the #!/bin/bash header to be executable. You can demonstrate this on your own Kubuntu machine by invoking Bash with a here string:

Code:

$ bash <<< 'touch $HOME/virus'
$ ls virus
virus

What the code above demonstrates is that Bash will happily execute scripts which do not have the executable flag set and which do not contain the traditional shebang header. In case you don't quite understand, Bash sees the here string as a script just as if it were reading it from a physical file on the disk.

You can substitute Bash with Perl, Python, Ruby, etc. The list goes on and on. This makes Linux distributions very powerful, but is also very dangerous in a desktop setting.

Originally posted by Telengard

Indeed, but I would still cry buckets if my data were ever compromised. Also neither of those things protects me against possible keyloggers or network sniffers.

I only store data in an unmounted encrypted volume. I mount it, use the data, then unmount it. It is paranoid for sure, but this significantly reduces the risk of data theft.

Originally posted by Telengard

I understand and completely believe what you say is true. Even so, my data is mine to protect and my system is mine to administer. As such, I feel my paranoia is not completely unjustified. GG please don't forget that I am a convert from the Windows world. I know how it feels to lose data to viruses, bugs and having my system rooted.

The paranoia is completely justified. There were several proof of concept exploits released for "Linux" this month including a suid root polymorphic shell exploit. Linux users preaching "I am safe, you are safe" are just idiots with no understanding of risk or security.

**Telengard** · Jul 08, 2010, 10:49 AM

Re: This is quite interesting

Originally posted by zlow

You can substitute Bash with Perl, Python, Ruby, etc. The list goes on and on. This makes Linux distributions very powerful, but is also very dangerous in a desktop setting.

I suspected as much, but Bash is the interpreter I know best on my own Kubuntu system.

The paranoia is completely justified. There were several proof of concept exploits released for "Linux" this month including a suid root polymorphic shell exploit. Linux users preaching "I am safe, you are safe" are just idiots with no understanding of risk or security.

I think it is too harsh to call people "idiots" just because they hold to false beliefs. Free and open source software is all about making as much information and power available to users as possible. If some people chose to ignore the facts they have access to then that makes them willfully ignorant at worst, or uninformed at best.

It was never my intention for this thread to dissolve into a debate about security on GNU/Linux systems. If you read the thread linked in the OP you will see that there are many other opportunities for discussion opened by that fascinating exchange.

**zlow** · Jul 08, 2010, 11:35 AM

Re: This is quite interesting

Originally posted by Telengard

think it is too harsh to call people "idiots" just because they hold to false beliefs. Free and open source software is all about making as much information and power available to users as possible. If some people chose to ignore the facts they have access to then that makes them willfully ignorant at worst, or uninformed at best.

It was never my intention for this thread to dissolve into a debate about security on GNU/Linux systems. If you read the thread linked in the OP you will see that there are many other opportunities for discussion opened by that fascinating exchange.

I would agree except that in some cases it is an utter refusal to accept reality. That is why I used the word idiot. Sorry your thread got jacked.

**Telengard** · Jul 08, 2010, 12:01 PM

Re: This is quite interesting

A related thread in another forum shows that I'm not the only user who thinks Firefox updates should be provided more promptly for non-EOL releases.

http://www.linuxquestions.org/questi...9-10-a-818243/

Announcement

This is quite interesting

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment