Conversation
Notices
-
for those who think unix and linux are immune to malware, time to leave your fictional utopia: http://tinyurl.com/fah2v
Wednesday, 01-Apr-09 04:48:47 UTC from xmpp-
@atoponce Security is a journey. Non-windows has travelled further. Compare: http://en.wikipedia.org/wiki/List_of_computer_viruses
-
@atoponce: well we're certainly immune to *Windows* malware...and most (all?) of those were patched out years ago
-
@eythian windows has been down the road longer and is a larger target, but thinking 'anything non-windws is secure' just isn't true
-
@maco not entirely. cross-platform malware does exist
-
@atoponce very true, didn't the Morris worm propagate through BSD systems? *NIX has had more time to evolve I suppose.
-
@atoponce with the inclusion of confidence intervals, you can say you won't get a Linux virus. Different from secure though anyway.
-
@atoponce really? If you know of them, I hope you've filed them as security bugs.
-
@eythian 'sudo vim foo.txt> :shell' » root, copy a setuid root executable to an nfs server or usb thumb drive » root.
-
@atoponce no. If you have sudo, then you don't need a vuln. If you can insert a USB drive, you're not an external attacker.
-
@eythian if i can break a non-priv'd account that has sudo, i have root, even if they don't have 'ALL=(ALL) ALL'
-
@atoponce wrt NFS: ... /usr/local type nfs (rw,_nosuid_,nodev,nfsvers=2,tcp,soft,intr,...
-
@eythian the usb drive is external, you're right. but about nfs? 'nosuid' must be set, or you're a sitting duck
-
@eythian in other words, there are far too many ways to get to root, which was my point. each must be 100% locked down
-
@atoponce I could give you an ssh key for my machine, which I have sudo on, and you still couldn't get root without an unpatched vuln
-
@atoponce my point is ppl have been doing this for a while now. It's very secure. The holes mentioned aren't there unless you put them there
-
@eythian agreed. my point is, there's more than 'su -' to get to root, which is a subpoint of linux not being immune
-
@eythian nm the fact that malware can exist just fine without root. backup your /home dir recently?
-
@atoponce sure. and if my root password is 'root' that doesn't make linux less secure, it makes me a doofus.
Andy Kruger likes this. -
@eythian the only way linux could be immune, is if there were no bugs. but we see security patches all the time. they're fast, but exist
-
@atoponce it's more secure on that front too with less (hopefully no) avenues to allow it to execute in the first place.
-
@atoponce security is not a binary state. Never think that it is. There is no such thing as 'secure'. Only 'more' or 'less'.
-
@eythian bingo
-
@eythian i'll accept 'linux is more secure than windows' or 'linux isn't a major target'. if the tables were switched...
-
@atoponce it's also acceptable to say 'you won't get a virus on linux'. I'll also say 'you won't get hit by a comet'.
-
@eythian so this should make you nervous then: http://tinyurl.com/75ul9. bit too close for me
-
@atoponce not at all. A) it's not a comet B) it won't hit, C) if it does, nothing I can do about it anyway ;)
-
I like the concept of !LaTeX, but I sometimes find the markup distracting for the overview of the text. How do you do it?
-
All Identi.ca content and data are available under the