Slashdot Mirror
Malware Threat To GNOME and KDE
commandlinegamer writes "foobar posted on his blog recently about 'How to write a Linux virus in 5 easy steps,' detailing potential malware infection risks in the .desktop file format used by GNOME and KDE. This is not a new threat, and it appears to still be a risk, as discussions in 2006 did not seem to come to any firm conclusion on how to deal with the problem." There's a followup on LWN.
The answer is the same one that has been valid for .. well, since the advent of computers. There will always be vulnerabilities. The best you can do is be aware, vigilant, and choose software that has less vulnerabilities and whose writers work hardest to correct the problems fastest. Arguments can be made for or against Linux based on those criteria but it remains a very strong choice over Windows or Apple. The more popular Linux becomes on the desktop, the more chances there will be vulnerabilities. Now is the time for F/OSS coders to start working extra to ensure there are as few as possible.
If you write code, you know that you've left open areas where an exception will cause a problem for any number of reasons. it happens. period. So far, GNU/Linux has cleaned up quickly and well on most things. The struggle continues. That is the answer.
Support NYCountryLawyer RIAA vs People
It relies on the user downloading saving and running a shell-script. The only trick here is that in this KDE/GNOME form the user does not need explicitly to add execution rights on the file.
Still hardly a virus, more like a gun without a safety switch. It is one step easier for someone to shoot themselves this way.
Interestingly if we wish to reinforce the 'chmod +x' scheme, desktop files should need a +x (or some other non-MIME property) to be treated specially by GNOME and KDE. Might be an idea.
Have a brain when using the PC.
It works for all operating systems. Viruses and Trojans require the user to not think and execute things willy-nilly. Having a brain reduces the infection vectors drastically.
Every "expert" I have met that has been infected was downloading and using warez unsafely. Every regular use I have met that was infected simply clicked yes to every dialog box they did not want to bother reading and understanding.
The OS does not matter, having educated and competent users does. Have to add that competent, I have seen educated users go and click on crap without reading or thinking.. It requires competence.
Do not look at laser with remaining good eye.
I am a bloody fool. I managed to read the article without reading the article. It works.
Well, the author here seems to emphasise that that won't help because on a single-user account, your priority is your data. If you lose your system but your data isn't compromised, you lose very little that can't be replaced. If you lose your data but your operating system is functional, you have lost nearly everything of value.
Having a brain reduces the infection vectors drastically.
I forgot sarcasm tags when starting this thread, but there's also many other problems outside of "not having a brain." Unpatched flaws in your operating system, people still running IE6 and opening a JPEG with a script embedded, etc. One can be very intelligent at something completely unrelated to computers and still get infected purely because of a popup and an unpatched system.
Not everybody knows to run windows update or to update their Ubuntu installation even if it warns them, because it's usually being inconvenient. Usually it's why I set it to do it automatically for users or they won't.
Posts not to be taken literally. Almost everything is sarcasm.
Everyone is trying to mimic the brain-dead M$ Way.
Just think of the idea. You click on the icon (who knows what the picture would suggest) and the file path is passed to an "interpreter" (be it oowriter, emacs or python or ld.so) you may not know. This is a terrible idea to begin with.
That's why I use file managers almost only for bulk copying / moving. And I still prefer the CLI if the file names are regular-ish enough.
Colorless green Cthulhu waits dreaming furiously.
Yes, I read it again after it struck me that it seemed rather odd that something so obvious would be called a 'security flaw'. You are right and I am wrong.
It does make a big difference in clean-up, though. With the malware not being able to get administrative privileges, it can't get into root's environment. That means that you can log in as root and the malware won't get a chance to take over, and then you can safely use all your scanning and clean-up tools without having the malware disable or circumvent them. Contrast this with how thoroughly rootkits can hide on Windows systems.
It's still dangerous, make no mistake. Once the malware's running locally, it can try local exploits to escalate to root access. But there's a lot fewer of those on Linux systems than on Windows, and they're a lot harder to exploit, and anything that doesn't successfully exploit them will be much easier to detect and remove. This is a significant win compared to Windows.
NB: nothing will protect a system from it's owner's stupidity. If the user insists on being willfully stupid, they're in a position to bypass any and all protections on the system. The only protection is to keep them away from the keyboard.
This has very little to do with user stupidity. Indeed, users should not execute things willy-nilly, but it's surely okay to open a file and look at its contents? If you think that is inherently unsafe then users must be prohibited from receiving email attachments (or downloading from web pages) altogether.
In this case there are no warning dialogues to click through, no unusual steps. All that happens is you save a file and then double-click to open it. There is no way to see in advance that the file is unsafe, and it can adopt any icon and name it wishes, so in the user interface it is *indistinguishable* from a legitimate desktop icon such as the trash can.
It gets a laugh on Slashdot to castigate 'stupid' users, but if the system does not provide users with the information needed to make an informed choice, then the system is at fault.
-- Ed Avis ed@membled.com
That would require a blacklist of script interpreters, which could only be a temporary solution. No blacklist is ever going to cover all possible attack vectors. Similarly, checking for particular parameter length will either have too many false positives or fail to catch potential attacks. E.g., what if the command was /bin/rm and the parameters were "-rf /"?
Requiring the executable bit would make for a more permanent solution to the problem.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Don't be so shortsighted. The issue isn't you losing your files. It is that others can obtain your files.
Just because malware doesn't have root privileges doesn't mean it isn't capable of stealing valuable information from you.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
The first problem is indeed that a desktop file does not require the executable bit to be executed (from Nautilus) by double-clicking it.
The second problem is that the file content specifies it icon, name and tooltip regardless of the filename of the desktop file.
For example, a very efficient way to fool people could be to disguise the desktop file into one of the default icons of the desktop (Trash, Computer, Home, ...)
For the virus writer the only problem is to get the desktop file to be saved in the Desktop directory.
Humm... Guess what is the default directory of most applications for saving uploaded files? I give you an hint. The name starts by a 'D'.
Even better, it is possible to specify that the Desktop is the HOME. I haven't checked recently but that I remember that this used to be the default in Ubuntu.
My advice is simple: Start gconf-editor and disable the configuration key /apps/nautilus/preferences/show_desktop to get rid of all desktop icons.
It is the equivalent of downloading a Picture.jpg.bat that deletes *.* from windows. Windows hides the extension (.bat) so it would be easy to double click on it and bam no more files. Yes the icon would look different.
I have previews turned on in Gnome so I can actually see the picture before I run the code.
Half of writing history is hiding the truth.
I get your humor, but this may be the only way for Linux to claim the "year of Linux on the desktop".
I mean bug-to-bug, bullshit-to-bullshit compliance to MS Windows. People are fed crap to grow up and they asks for more crap. At least this is what I think I got from GNOME.
I use to have a sig. saying "so this is how Linux dies -- with thunderous applause." I changed it after being protested by someone as AC (and partly in fear of being sued by LucasFilm ;) I've always feared that the year of Linux on the desktop would be the year of its death, because the line between "being popular" and "lowering standards to cater to the mass" is so easily blurred.
Luckily I've escaped to using minimal WMs and I'm not that dependent on the GUI.
Anyone can think I'm an elitist troll and mod me down accordingly. I'm open to mods and criticism because I know I may be wrong. OTOH I mean what I said. I like Linux and I'll be more than happy to see it prevailing. However, according to the current computer-literacy of your typical desktop user I can only say that the desktop market is not ready for Linux. Shovelling it down your average user's throat (and trying to prioritize "making it a less painful process") could result in the degradation of Linux.
Colorless green Cthulhu waits dreaming furiously.
With Linux patches are free.
And they are with Windows as well. Come on, it's more than a bit ridiculous to expect Microsoft to supply patches to people who pirate their software. If you've bought your copy of Windows, patches are free. There may be a bug with validating your copy, but that's also a mistake, not by design.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Data theft is much more nefarious and dangerous than data destruction and usually the primary goal of anyone attempting to exploit a system. Backups are great, but using personal data for financial gain is the name of the game nowadays.
Really though, especially if we're talking about my personal desktop or laptop, if I notice any kind of infection I'm just going to format->reinstall. It is not remotely worth my time to verify that the virus did not achieve root privileges when reinstalling will take care of the problem much more quickly and thoroughly.
I've used Linux for years, but I still don't get the "OMG don't run as root!" obsession. I don't run as root exactly (I like being under /home rather than /root) but I give myself nearly-root permissions and remove password prompts from everything that I can. Why? Because I'm the only one who uses my laptop, all the stuff I care about is in my ~/ folder, and the discovery of any virus of any kind whatsoever is going to mean an instant format->reinstall anyway.
On servers? Sure. Multiuser workstations? Sure. At home? Running as a regular user is just way more hassle than it's worth. Oh no! The virus got in to the /boot directory! So what? Who gives a shit about /boot? I care about ~/Music or ~/Downloads far, far more.
My poorly stated point is that those pirated copies are not being patched appropriately and thus represent a larger target for malicious software authors, making Windows a little bit less desirable from that point of view.
Support NYCountryLawyer RIAA vs People
I am dealing with a user at the moment who just isn't that bright. It is not that she is a moron, she just doesn't think. Somethings she does right, she gets her wallpapers through googles image search and uses firefox after my suggestion.
But she also wants animated cursors and finds them and happily installes them. Cursor Mania.
She just doesn't get, yet, that the internet has two kinds of free and that the more something shouts it is free the less likely it is. How do you explain that firefox is free and safe but cursormania is free and not safe?
The problem is not so much that some people are stupid but that they lack a healthy dose of cynasism, they forget to question things. And that is pretty to stupid.
The system can't protect against this unless you want to life in the nanny state. Women are free to go with convicted wife-beaters unless you want the state to decide your partner for you. People can install spyware unless you want the system to decide what you can install.
For some reason people like you want software to do things you would NEVER accept in hardware. Would you really want a powerdrill that constantly checked wether you where drilling in the factory approved substances, at the right angled, under the right conditions? A screwdriver that refuses to be used as a hammer?
At some point users must accept a responsibilty to operate their equipment responsible themselves and accept that if they make mistakes, they are the ones to blaim.
You know what my solution has been to fix 99% of friends requests to fix their windows PC? Re-install. Whipe the crap and sooner or later they either figure out that "mmm once I downloaded those free smiley's my computer starts to act like a piece of crap, maybe these two things are connected" or at least find someone else to help with their crap PC's.
Lets face it, after 30 years I have started to realise that no amount of suggestion is ever going to result in girls actually giving any of the sexual favors they seem to promise when they ask you to fix their laptop.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
When I think of a "virus", well, that's just malicious code, it's something designed to do some form of damage. It's malware-- software that's up to no good. That doesn't describe the delivery method.
I can see how folks want to draw a distinction based on the severity of the exploit (namely the extent of the potential damage to the system and the level of user interaction), but claiming this isn't a real virus is just silly. Maybe a new definition for the more severe sorts of malware is needed.
Actually, it makes people who are too cheap to pay for Windows, but to lazy or uninformed to use OSS less desirable, not Windows.
Come on, it's more than a bit ridiculous to expect Microsoft to supply patches to people who pirate their software.
Remember that story about vaccinations the other day? Herd immunity is vitally important, and patching illegitimate installations makes the world safer for legitimate users. This in turn goes a way toward improving Microsoft's security reputation to something greater than Swiss cheese.
Dewey, what part of this looks like authorities should be involved?
> There is no way to see in advance that the file is unsafe....
Right-click, open-with...kwrite. Or the operating system-independent method of, "Hmmm..some random, unexpected file appeared in my email. Maybe I shouldn't run it."
1) This is not a virus vector. This is barely classifiable as even a trojan (a program which advertises itself as performing X, but actually performs Y; with Y being something malicious), though can meet the definition under certain tortured logic.
2) This has everything to do with user stupidity. This is not like Windows, where merely clicking the email attachment from within the email program launches the attachment (hell, Outlook has code to automatically execute attachments at the time they're received). This requires the user to manually save the file, then manually execute it. There is no operating system protection that will prevent users from doing something as stupid as explicitly saving and running some random attachment received in email. And before someone starts the, "If this were about Windows..." nonsense, Windows gets a bad wrap because it automatically compromises machines (and does so to the entire system at once) in many, many different ways.
> but if the system does not provide users with the information needed to make an informed choice, then the system is at fault.
Is your blender at fault when you stick your hand inside and turn it on? This has nothing to do with any form of system vulnerability. This mountain-from-a-proton "issue" is the desktop carrying out the user's explicit instructions. I certainly don't want my desktop asking me two or three times whether I'm sure I want to run the application I just told it to run.
There is nothing to see here. This is, and always has been, a user-education issue: don't save and run unexpected attachments you receive in email. On Linux, at least, this kind of stupid user trick can be fixed by erasing the user account and going on with business as usual.
While Vista does sandboxing AFAIK it doesn't have templates for sandboxing (which to me are an important part for making them user manageable).
Does it provide the user with an accurate concise idea of what the program's required privileges are?
Does it allow the user to save the decision preferences for an app+template pair?
Vista's UAC as implemented seems more like a way for Microsoft to shift blame to the user for security problems.
To wit, in a file called blah.desktop:
Which would then open the door to other types of scripts being embedded within the .desktop file, such as Python or Perl (the latter of which is probably the even more widespread of the two!)
This method has a few benefits over the described one, including: offline execution of malware, no further download beyond the .desktop required; semi-easy modification of the embedded script (you can add or remove lines as you wish and even leave comments in thanks to the tail and sed commands used); and the embedded file could easily make the .desktop file it's contained in reach file size levels (something I, personally, look at with certain files) roughly equivalent to the file it's attempting to masquerade as. Theoretically, so long as you remembered to escape things properly, you could possibly even include binaries within the .desktop file in this manner(!!!!).
This of course comes no closer to the holy grail that is root, but still an interesting twist on the same process...
Well that's not actually a fix. If you're getting the file there by social engineering you can quite easily get the user to set permissions on the file to allow execution(you've already convinced them to download it haven't you).
If you've found a vulnerability allowing you to put the file there without user intervention, then you can easily change the permissions at the same time.
Actually it's not what Vista does. Vista says "application X is either requesting system access, or appears as if it might request system access do you want to grant it".
It doesn't allow you to define which types of system access you want it to have(I might want my screensaver installer to be able to access the settings which allow it to set the screensaver I just installed as my default screensaver, but not to arbitrarily execute code or access other system settings for instance), nor does it allow you to provide long term approval for known applications.
UAC is a massive improvement over the old system(it allows users to elevate permissions simply on demand), but it's got a whole bunch of flaws and isn't this system.
The only solution to social engineering of the user is to have a more knowledgeable system administrator. This just ups the ante on the social engineering.
No system can defeat social engineering.