The Free World: Linux Insecurities and Virii
Yes, I know that I can use ‘viruses’ instead of ‘virii’, but I prefer the latter. It makes me feel all academic or something.
We’ve just put up JaK Attack! show #5 (with Webcast!). In it, Kelly and I briefly discuss the January edition of Linux Magazine. For the record, this is the European Linux Magazine at http://www.linux-magazine.com and not the San Francisco-based Linux Magazine. One of the interesting things about Linux Magazine is that it has a regular column titled Insecurity News. In light of my recent conversation in the comments of this thread, I thought that it was prudent to talk about this.
Largely, the conversation is between Jeff and I. I think that we generally agree that GNU/Linux is typically more secure than a Windows box, but we diverge on how long we can rest on that secure posture. If I may be so bold, I think that Jeff feels that adoption rate plays a big role and as more people adopt Linux, more bad guys will focus their attention on it. I feel that the GNU/Linux security model is strong enough to withstand this attention better than I think Jeff does. I hope I have that right.
Anyhow, the point I want to get to is that I’m probably wrong. I think that Jeff might have the right stance after all.
In the January 2006 edition of Linux Magazine, the following applications are listed in the Insecurity News:
| phpmyadmin | cross-site scripting vulnerability |
| OpenSSL | man-in-the-middle attack can cause an SSL connection at a lesser security level |
| Unzip | may not warn users when extracting setuid and setgid bits which can elevate a local user’s access |
| Wget | buffer overflow bug |
| Ethereal | injection attack can potentially cause execution of arbitrary code |
| netpbm | attacker can change stack contents |
| Lynx (Wha??) | stack overflow bug |
| Ruby | attacker could possibly create script that would allow system bypass of certain safeguards |
| Sudo | alternate user could execute arbitrary commands |
Source: Linux Magazine. Jan 2006
Now, these are all applications and not parts of the OS or kernel itself, but I don’t want to be accused of splitting hairs. Regardless of how access is gained or how an exploit is used, the box can become vulnerable. Even if it’s GNU/Linux.
Ouch. That hurt.
Related Stories
POSTED IN: The Free World.
3 opinions for The Free World: Linux Insecurities and Virii
Mark Rais
Mar 1, 2006 at 12:56 am
A strong supporting note to your write up Jon, YES INDEED exploitations are now starting to appear focused on Linux.
The biggest one: a Linux system running as root with wireless connectivity active.
The exploits, though RARE, target the open sockets on the system (remember most flavors are not DESKTOP but SERVER based, meaning they include plenty of server applications).
I’ve seen people sitting at home “lose” their root password, because one of their friendly “neighbors” tapped into and hacked their system.
This REMAINS RARE, but growing a bit at a time and can easily be shut down completely by NOT USING ROOT account when on the internet.
just my 2 cents to a very good blog entry of yours.
Jon
Mar 1, 2006 at 6:23 am
Hi Mark,
Thanks for the comment. In retrospect, I feel kind of lucky that I started my whole foray into GNU/Linux by setting up a Debian box to run my mail, web, and telnet BBS. It was only after 6 months or so of running that box that I started to wonder how this Linux thing would fare on as a desktop OS. The rest is history, but that all-important start on the server-side left me with a healthy respect for two things: the power of the command-line applications and utter fear of running as root :)
Jeff
Mar 2, 2006 at 10:40 pm
It’s kind of coincidental that the Apple OS is beginning to see its first security breeches at this time as well.
The internet connects a whole lot of people together, and a certain percentage of them would like to get into our computers for one reason or another. I don’t know if there was ever a time when we didn’t have to worry about security, but, in my opinion, just as everyone who drives a car should know how to fix a flat tire, everyone who uses the internet should keep themselve informed on how to improve their computers security. If they practice good sense and understand where the vulnerabilities are, I think they can minimize the risk to any operating system.
And now, I’ve got to go and reformat my hard drive.
Have an opinion? Leave a comment: