OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: body checks against harmful code...
From: Craig Sanders (castaz.net.au)
Date: Thu Dec 07 2000 - 18:53:16 CST

On Fri, Dec 08, 2000 at 12:29:33AM +0000, Franck Martin wrote:
> PS: a great Linux Virus:
>
> Create a perl script, that save itself in the tmp directory then
> execute itself, scan the entire drive to look for strings of the
> format regexp:<.*.*\..*> and send itself as attachment to each string
> found... Is it that simple to create a deadly Linux virus?

no, because very few linux/unix mail clients are broken enough to
execute attachments(*). in fact, i don't know of any.

even if there were one, then you could mount the /tmp and /home
partitions with noexec....from the mount(8) man page:

    noexec Do not allow execution of any binaries on
                the mounted file system. This option might
                be useful for a server that has file systems
                containing binaries for architectures other
                than its own.

it could possibly work as a trojan, somehow tricking the user to execute
it ("run this script to MAKE MONEY FAST and get FREE PORN")...but it
wouldn't spread very far because every recipient would also have to be
tricked. wouldn't be able to do much, if any, damage either because
ordinary users don't have write access to sensitive parts of the system.

at worst it could delete the user's home directory with "rm -rf ~/".

if a user is dumb enough to run it, perhaps they deserve it: think of
it as evolution in action :)

(*) IIRC, there was a recent bug in ghostscript, which allowed arbitrary
code to be executed if the user viewed a postscript file. it's fixed
now.

craig 

--
craig sanders