Re: What protects Unices from Virus like attacks ??

From: Barry Margolin (barry.margolin_at_level3.com)
Date: 08/25/03 

Date: Mon, 25 Aug 2003 17:43:27 GMT

In article <bib231$d1k$1@panix2.panix.com>, Al Dykes <adykes@panix.com> wrote:
>The fact that in the MS world just about everyone runs as root is a
>problem, but I'm afraid that more home Linux users are doing the same,
>making themselves very vulnurable to exploits.

I used to think that the root/non-root distinction was important, but now
I'm not so sure. Sure, if a virus wants to modify the system, it needs to
exploit a root-owned process. But consider all the viruses that propagate
via email -- you don't need a privileged process to make an outgoing
connection to another mail server.

What saves us from these is that few Unix mail readers have any scripting
capabilities that can be invoked automatically from the mail text.
Individual users may write procmail scripts that recognize particular
emails, but these are ideosyncratic. A virus needs to exploit a
vulnerability common to many systems in order to spread widely.

BTW, don't forget that one of the first worm attacks on the Internet was
the infamous Morris Worm in the early 80's, and it attacked Unix systems.
It exploited a debugging feature in sendmail and a buffer overflow in
fingerd (which typically ran as root in those days -- I'm not sure, but I
think in those days inetd.conf didn't have the "username" column to run
daemons as other users). 

-- 
Barry Margolin, barry.margolin@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Relevant Pages

  • Re: What protects Unices from Virus like attacks ??
    ... What saves us from these is that few Unix mail readers have any scripting ... Individual users may write procmail scripts that recognize particular ... don't forget that one of the first worm attacks on the Internet was ... fingerd (which typically ran as root in those days -- I'm not sure, ...
    (comp.unix.programmer)
  • Re: What protects Unices from Virus like attacks ??
    ... a normal user could propigate an e-mail virus without root ... Individual users may write procmail scripts that recognize particular ... don't forget that one of the first worm attacks on the Internet was ...
    (comp.unix.questions)
  • Re: What protects Unices from Virus like attacks ??
    ... a normal user could propigate an e-mail virus without root ... Individual users may write procmail scripts that recognize particular ... don't forget that one of the first worm attacks on the Internet was ...
    (comp.unix.programmer)