From: eoliver@venus.haverford.edu (Oliver Erik L) Subject: Re: viruses? Date: 7 Jun 1993 20:40:35 GMT
In article <1v04inINNeqa@senator-bedfellow.mit.edu> hutchinson%wrrsch.decnet@wrair-emh1.army.mil writes:
>
>jpo@kappa.informatik.tu-chemnitz.de (Joerg Pommnitz) says:
>
>| How the hell should a true virus do some damage under Linux ?
>| Linux goes into protected mode immediately after the booting.
>
>Boot sector/mbr viruses infect the hard disk *before* booting. After
>the hard disk is infected, the virus will load the original boot sector
>and proceed with an otherwise normal boot.
>
>| After this, all the OS security checks are active!!!!!!
>
>That's right. AFTER the infection.
>
BINGO!
Boot sector viruses are a problem because they come in below the belt so
to speak and cut the operating system out of the action.
On the other hand, while running a *NIX like operating system it should
NOT be possible for a non priviliged user to modify the boot sector, so
if you have a clean boot sector and all you run is a *NIX, it should be
safe.
Secondly, if file protections/permisions are correctly set, a virus
created by a normal user shouldn't be able to do more than destroy that
user's stuff.
On the other hand, if there is a security hole in the system which a
virus/trojan horse can take advantage of to gain super-user privileges,
then you are SOL.
I think a bigger concern in *NIX is a trojan horse which is a program
that appears innocuous, but has bad side-effects. Ex. if root has '.'
in its PATH and goes into a users directory and types 'ls', well then
that users version of ls will run. So, if I rewrite a version of ls to
take advantage of your UID 0, I can get some real damage.
The bottom line should be to use the super-user account sparingly and
this can block off a lot of trojan horse paths.
-Erik