Linux Virus Alert

marcjw writes: "I don't see many of these (Linux virus alerts). In fact none in the six months or so since I've switched from MS. Maybe that's why this story from newsbytes caught my eye. At any rate, I'm not sure if this poses much of a threat to the general Linux community but it's always best to be forewarned."

Re:Not via email you dont you wascally wabbit

[dkemist]

Russell makes an excellent point there. All you have to do is distribute a file that "lets you own M$ boxen!" and there will still be a large number of script kiddies that will download the file and run it as root. Sure, it's not going to be able to be auto-executed, but it's just like virii back in the DOS days.

Lest we dismiss this too lightly...

[CatherineCornelius]

A reminder is perhaps due here that the first internet worm program to cause significant damage (the Morris worm) was released in the 1988 and infected UNIX systems through a well known vulnerability (yep, good ole gets(3)) in the fingerd daemon.

And waddaya know, UNIX application programmers are _still_ using the occasional gets(3) call in setuid root programs, more than a decade later, despite the fact that we all know that it doesn't check for buffer overflow and that a buffer overflow _can_ be used (read: _has_ been used in the past) to make a program execute code of the worm writer's choice and bring a significant part of the internet grinding to a halt.

Worse than running something as root

[Raul+Acevedo]

It doesn't matter if it requires root privs to run. Most programs have to be installed as root, and that's all that is needed. The make install step can do something nasty without telling you (how many people fully read & understand the Makefiles in the above scenario?), or it can install a trojan version of ls or any other program.