Linux Trojans And The Executable Bit

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Jun 16, 2010.

  1. Trojans can be written for any platform. All you have to do is trick the
    user into downloading and running an executable.

    One extra obstacle to achieving this on Unix/Linux systems is, for a file to
    be executable, it must have the executable bit set in its file protections.
    And it’s a long-standing convention among download programs NOT to let this
    bit be set in the files they save.

    So it’s not enough to end up with an icon on the desktop, because clicking
    that icon on its own will not really achieve anything.

    This reflects the difference in mentality between an inherently-secure
    system and an inherently-insecure one.
     
    Lawrence D'Oliveiro, Jun 16, 2010
    #1
    1. Advertisements

  2. Lawrence D'Oliveiro

    Gunnar Gren Guest

    Pan comes to mind.
    Pan sets all files downloaded to 755.
    That depends on the DE.
     
    Gunnar Gren, Jun 16, 2010
    #2
    1. Advertisements

  3. So who uses Pan?
     
    Lawrence D'Oliveiro, Jun 16, 2010
    #3
  4. Lawrence D'Oliveiro

    Sweetpea Guest

    I do. But I use it to read newsgroups not to download software. :)

    Is there ANY safe software that is downloadable from an NNTP server?
     
    Sweetpea, Jun 16, 2010
    #4
  5. Lawrence D'Oliveiro

    Ralph Fox Guest

    Ralph Fox, Jun 16, 2010
    #5
  6. Lawrence D'Oliveiro

    Gunnar Gren Guest

    Some do some don't
    Dosen't need to be software, one can disguise it as anything.
    Yes.
     
    Gunnar Gren, Jun 16, 2010
    #6
  7. Lawrence D'Oliveiro

    Gunnar Gren Guest

    I have no names, but I suppose panusers use pan.
     
    Gunnar Gren, Jun 16, 2010
    #7
  8. Lawrence D'Oliveiro

    Sweetpea Guest

    If its executable then it *is* software - unless you're talking about a
    person locked in a small room in Texas.
     
    Sweetpea, Jun 16, 2010
    #8
  9. Lawrence D'Oliveiro

    Gunnar Gren Guest

    But you can set the x-bit on any file.
    It does not become software by that bit.

    This have been discussed on the pan mailinglist 2008 i think.
     
    Gunnar Gren, Jun 19, 2010
    #9
  10. Lawrence D'Oliveiro

    Sweetpea Guest

    Yes - you can indeed mark any file as being executable.

    That doesn't mean that it actually is executable or not. But not marking
    a file as being executable means the OS won't attempt to run the file.
     
    Sweetpea, Jun 19, 2010
    #10
  11. Lawrence D'Oliveiro

    Gunnar Gren Guest

    Of course not, the only thing it means is that it CAN be executeable.
    True. But then there are users....
     
    Gunnar Gren, Jun 26, 2010
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.