Mailinglist Archive: opensuse (1728 mails)
| < Previous | Next > |
Re: [opensuse] Carelessness busts Linux security
- From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxxxxx>
- Date: Wed, 09 Dec 2009 21:07:47 -0500
- Message-id: <1260410867.3203.1.camel@linux-m3mt>
On Thu, 2009-12-10 at 12:29 +1100, Basil Chupin wrote:
Nope, only superuser can create a file in /usr/bin; so this has no
impact on "careless users", only careless admins.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I originally posted this in offtopic but think that this would be of
interest to more people than just those frequenting offtopic.
*No operating system can ever properly protect a computer from trojans
as long as users continue to do silly things. Just because Linux is
immune to your standard drive-by viruses it does not mean that it can
escape trojan horses.*
The latest reminder to be vigilant comes via the users unfortunate
enough <http://ubuntuforums.org/showthread.php?t=1349678> to download
and install a malicious screensaver from gnome-look.org
<http://www.gnome-look.org/content/show.php/WaterFall+Screensaver?content=116772>.
Although the malicious content is now removed, the code fragments left
show what the trojan's potential may have been.
The program inserted a bash script into |/usr/bin/| by using |wget| and
then executing the script. Originally the script's contents were a ping
command but this was later changed to:
Nope, only superuser can create a file in /usr/bin; so this has no
impact on "careless users", only careless admins.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |