Slashdot Mirror

← Back to Stories (view on slashdot.org)

Damn Vulnerable Linux — Most Vulnerable Linux Ever

Posted by timothy on from the in-context-it's-barely-vulgar dept.

An anonymous reader writes "Usually, when installing a new operating system, the hope is that it's as up-to-date as possible. After installation there's bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different; it's shipped in as vulnerable a state as possible. As the DVL website explains: 'Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop – it's a learning tool for security students.'"

5 of 227 comments (clear)

  1. what about a weird-arch linux? by keeboo · · Score: 4, Interesting

    Something philosophically similar which could be created is some sort of "weird arch" Linux for code debugging purpuses.
    Like something with 16bit chars and ints, non-0 NULLs... Perhaps running under an emulated invented weird architecture with strange byte order (non-LSB/MSB) and weird alignment issues.
    I wonder how many software would break.

    1. Re:what about a weird-arch linux? by sconeu · · Score: 4, Interesting

      architecture with strange byte order (non-LSB/MSB)

      You mean like the PDP-11?

      0x11223344 was stored in memory as 0x33 0x44 0x11 0x22

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:what about a weird-arch linux? by mlts · · Score: 3, Interesting

      If you are feeling really insane, some UNIX operating systems can dispense with root altogether, even past having it disabled for logins (like how OS X has it present but not usable until explicitly turned on). AIX 6.x has the ability to completely chuck root (where stuff running as UID 0 is essentially running as nobody with no privs whatsoever), and what would have been handled by the superuser is handed off to other users as roles. Of course, if a critical role isn't defined before root gets stripped of its mantle of rulership, well, have fun rebooting to install media or to a NIM server and fixing that.

      Some UNIX variants don't care a bit if the user root is renamed. Others will choke and give up the ghost. Ideally it would be nice to rename the root user (and put a dummy user named root just for kicks, similar to how Windows admins worth their salt have a bogus Administrator user with insane amounts of logging enabled), but it is hard to tell which UNIX variants don't care, and which will be really unhappy.

      Maybe the best of all worlds is to have SELinux-like ACL policies be made into an easier pill to swallow. For example, a Web browser should not have access to a user's .xinitrc, .profile, .bashrc, or other files. If a policy enforces this, even if a Web browser is completely compromised, there is no way a blackhat can install software running in the browser's context that would start on a login, nor even with a valid su or sudo password, would ever get to a "#" prompt. By focusing on isolating applications, a system can be partially compromised, but not completely taken over, unless the security problem lies in a critical subsystem like ssh/sshd where it really can't be put into a fenced in playground.

      As for obfuscation, it does work against script kiddies, but a blackhat worth his salt will eventually go through the IP range and find that one randomly named server is listening on port 80 and 443, and communicating with some other box via some ports that are usually for Oracle. Security through obscurity is not a good solution in the long run.

  2. Re:Or by Co0Ps · · Score: 4, Interesting

    Seriously, I once attempted to see how long it would take to get a fresh install of XP hijacked on a virtual box. After about one hour of bad IE6 surfing on suspicious sites (would you like to download and run this? yes please) I had one or two pieces of malware installed that had taken over the computer completely, filling the screen with popups and disabling all kinds of system configuration tools.

  3. Re:Wait, so I shouldn't have used that at work? by Anonymous Coward · · Score: 3, Interesting

    Pretending you are secure using DSL is just stupid.

    Your PC will be owned in 24h or less(how many rootkits are installed by default?). My web and ssh servers get attacks searching for common vulnerabilities constantly since the day I started them and they aren't even live yet. If they had been running any vintage version of Linux it would have been automatic pwnage.

    I wonder if streaming a Tb or two of good quality PRNG data into a bot or a "security researcher"'s computer would get me into any problems. They always seem so sad when they find nothing to grab. They are the ones making the HTTP or SSH request it's not my fault they discover my RNG server ;)