Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I really don't know or understand where you get all this from.
What motivates criminals or vandals in the first place. Criminals are motivated by easy reward and their target selection is based on the weak and vulnerable. Who are the weak and the vulnerable computer users - sadly almost exclusively M$ users. They use the os as a tool and normally totally unaware of their own vulnerability. Easy targets.
Vandals - normally intelligent beings bored with their environment and envious of others. Again they will perpetrate their deeds in an environment that offers liitle exposure to being caught. Again the vulnerable - M$ users.
The vast majority of Linux users are technophiles. Aware of their environment and their own systems and generally not soft targets. This does not mean they are not attacked. I have an internet server which is attacked several times a day. If you make it hard attackers are not going to generally try very hard as they move on to softer targets where they don't have to work so hard. Don't blame Linux. The blame lies with the user in most instances since it is they who have failed to ensure their own security. If you have a house and leave all the doors and windows (excuse the pun) open you are bound to be the victim of a robbery at some stage.
Re: Well, there's bare facts and opinion. We're allowed a bit of both.
Quote:
Originally posted by penguinlnx From here, (3) and (3b) taken together support each other, and are self-evident. Not everyone needs to agree. But I pose the counter question: If crackers aren't using Linux servers as well as Windows platforms, what do you think they *are* using?
3a is not self-evident. Some parts of 3b might be... mainly those parts about most Linux user being honest well-meaning citizens. Now, please stop belaying the point and provide some hard facts backing up your assertions. Enough of this ambiguous BS... you are wasting the time of everyone who is at all interested in helping you see the truth.
(3) It is obvious even to a greenhorn that Microsoft Windows is under extreme attack, something of an all-out guerrilla war. Linux machines are 'never' attacked. Is that because there are more Windows machines than Linux? ha ha ha. Hardly. Who hates Microsoft? Those who are ideologically committed to Linux. Who has the skills to engage in massive internet warfare, and the resources? Large corporations and wealthy individuals who are committed to Linux. How do they launch their attacks? From Linux.
You really need to stop smoking that stuff. It is making you paranoid.
Windows is under attack because (a) it is everywhere and (b) it is, by default, vulnerable - although the moderately astute user can secure it quite adequately.
Linux/Unix machines are often higher value targets than Windows machines bercause they are used as servers and routers. They most certainly are under attack, and there are any number of exploits that work against them. Linux sysadmins most certainly do have to harden their systems.
It is clear that you really have no comprehension of how a modern OS works, and how it interacts with the hardware. Just keep in mind that DOS was primitive even by the standards of the day.
you are wasting the time of everyone who is at all interested in helping you see the
...well, sounds like someone has got a self-appointed task, in which case please don't complain about your 'time being wasted'. No one is being forced to read this thread or respond. You're all big boys, and if you want to play big boy games, you're playing by big boy rules, as they say in the SAS.
Tiger at least seems interested in discussing some key issues, like motivation.
True: (true) Criminals are motivated by easy money. Corollary: They commit crimes that make money.
Vandals: bored, intelligent (not always) envious (not always), don't want to get caught? (depends on the reward, i.e., peer praise, fame).
Who profits from attacks on Micosoft Windows users? Microsoft, hundreds of 3rd party 'anti-virus' sellers, security consultants etc. And there you have probably the largest group of conflicted and vested interests imaginable, adding up to a massive economic engine sucking people dry like vampires. Wel that explains alot of 'hackers, crackers, and attackers'.
And just like the mafia and all organized crime, they will lure and goad 'kids' and delinquents into doing much of the dirty-work so they can remain at arms-length and avoid legal culpability.
Vandals are used by Criminals to make money.
But doesn't explain the whole picture any more than 'lone gunman' explains John F Kennedy's assassination. Yeah, then another 'lone gunman' killed the 1st lone gunman. Yeah okay.
Re: you are wasting the time of everyone who is at all interested in helping you see
Quote:
Originally posted by penguinlnx ...well, sounds like someone has got a self-appointed task, in which case please don't complain about your 'time being wasted'. No one is being forced to read this thread or respond. You're all big boys, and if you want to play big boy games, you're playing by big boy rules, as they say in the SAS.
By the same token, you need to play by the big boy rules as well. These involve backing up what you say with facts not meaningless anecdotes about world war 2 and gym teachers.
We have invested time and effort into putting well worded responses together regarding your security concerns but you seem too wrapped up in your imagination to actually read and comprehend them.
Quote:
Who profits from attacks on Micosoft Windows users? Microsoft, hundreds of 3rd party 'anti-virus' sellers, security consultants etc. And there you have probably the largest group of conflicted and vested interests imaginable, adding up to a massive economic engine sucking people dry like vampires. Wel that explains alot of 'hackers, crackers, and attackers'.
Are you suggesting that MS, the antivirus companies, and security consultants are the primary manufacturers of viruses and worms? Because that sure seems to be your point. I think you'll find that even harder to backup than your rambling about the Linux crackers.
Quote:
And just like the mafia and all organized crime, they will lure and goad 'kids' and delinquents into doing much of the dirty-work so they can remain at arms-length and avoid legal culpability.
Nice to say but now back it up. Remember... big boy rules mean we can show facts which support our assertions.
Quote:
But doesn't explain the whole picture any more than 'lone gunman' explains John F Kennedy's assassination. Yeah, then another 'lone gunman' killed the 1st lone gunman. Yeah okay.
Your certainly right it doesn't explain the whole picture. It barely even explains your own statements.
Are you suggesting that vested interests like 'anti-virus/spyware' makers *don't* take an active role in creating and promoting viruses/trojans/spyware? These are well documented public facts.
Just go to the websites of Anti-Spyware makers and read all about them, as they blow the whistle on each other. Even SpyBot is making public allegations that their competitors are uploading spyware to their own customers and marking competitive products falsely as 'spyware' (or truly as spyware!)
There are warnings all over the net not to trust '3rd-party' anti-spyware. Even Yahoo's Toolbar, hailed as a fantastic 'anti-popup/spyware' shield is itself SPYWARE, and there are complaints all over the net.
I don't have to offer 'proof' or 'evidence' of such trivialities. They're freebees.
It's like watching the mob turn and testify against itself in a shark feeding frenzy.
So now we know who is doing a LOT of the cracking and hacking. Who are the others?
Everybody knows that the CIA and the spooks from every other country are also constantly inventing and testing hackware and 'simulating' attacks by ACTUALLY ATTACKING anything and everything on the net. Buyer beware. Your tax money is being spent directly on wrecking your system, in order to gather data on and hone the techniques of cracking and hacking for espionage purposes.
So lets see: you have Microsoft (and all its subsiduaries and spooks), All the 3rd-party coat-tail riders, security (anti-security) firms, and spies of every flavour. Who do they use and set up? kids, hackers, losers, misfits, snitches, witness-protection clients and anybody they can force to work for them.
And if you don't cooperate, there's always Ruby Ridge. Yeah they'll shoot your wife and kids, because in the modern world, there's no moral or ethical difference between the cops and the crooks.
Whoa... time to take your meds. I'm as paranoid and anti-fed as the best of them but I can see a nutcase when they pop out of the woodwork (hey, it takes one to know one).
You haven't provided facts... again you have slipped into anecdotes (Ruby Ridge) and rumor. On top of that, you have not shown in any way that these companies get kids and others to work for them and take the fall.
Worst of all, this doesn't even relate to your original statement about Linux users being the main bad guys out there.
[frob relaxes, starts to enjoy the fall, and calmly drinks his tea... wondering how deep this particular rabbit hole goes.]
yeah, thanks for reminding me: German drug companies supplying LSD to the CIA to derail the Anti-Vietnam protest.... four dead in Ohio. No reason to be paranoid.
English is such an imperfect language for communicating meaning, but so apt for starting fights:
I said (meant) ..."crackers are all Linux users." Wouldn't you want your own machine secure?
Not: "Linux users are all crackers." (although this is cuter.) 0
"criminals are all gun-owners." is not the same as "gun-owners are all criminals." (or is it?)
I never said you said all Linux users were crackers. That would be reversing what you actually said, which is that the crackers were using Linux. You've already pointed out this reversal but it was never made by myself or anyone else here. You have yet to show that the majority of crackers prefer Linux and attack Windows because they hate Microsoft (remember that was what you said... look back and check if you forgot).
What the hell does the CIA LSD test have to do with Linux and crackers? You keep pulling more random stuff in the path of your real argument to disguise the fact that it lacks substance.
Now, back up your statements in 3a. We are all waiting with baited breath to see this wonderful proof of the demons in our midst.
EDIT:
Quote:
It is obvious even to a greenhorn that Microsoft Windows is under extreme attack, something of an all-out guerrilla war. Linux machines are 'never' attacked. Is that because there are more Windows machines than Linux?ha ha ha. Hardly. Who hates Microsoft?Those who are ideologically committed to Linux.Who has the skills to engage in massive internet warfare, and the resources?Large corporations and wealthy individuals who are committed to Linux.How do they launch their attacks?From Linux.
Re: "I haven't spoken in 18 years..." (Life of Brian)
Quote:
Originally posted by penguinlnx This seems so important, that I'm going to spend a bit more time on it, even if I make a fool of myself (again):
I wouldn't go so far as to say that you're making a fool of yourself, but it is plain that you're missing some of the *nix fundamentals based on the assumptions you make. See below.
Quote:
Quote: "Sounds like you may not be totally familiar with how a computer is controlled."
This is precisely true. So I'll preface everything with this acknowledgement, and still ask some more questions and offer a few points:
Layers: Programs on disk/Net <--> Hardware <--> BIOS <--> OS <--> PROGRAMS in RAM
This may be the norm: program in RAM must go thru OS to BIOS to Hardware to Disk/Internet.
Not quite, even in the days of real-mode execution; in today's protected-mode operating systems, not even close.
Quote:
Quote: "There are viruses out there that can infect the BIOS but (they) are quite rare."
"rare" is a relative term. And clinical experience deviates WIDELY from the 'norm'.
For instance I have at least 5 friends who have had their motherboard BIOS 'FLASHED' by hostile malware. Sophisticated hackers? hardly! Every motherboard manufacturer pretty much only makes motherboards that have 'FLASHABLE' EPROM 'ROM's nowadays, and on their websites you can download hundreds of "FLASHWARE" programs that update your BIOS. Any idiot can modify one of these to trash a BIOS and upload it via an internet backdoor. Most users don't even bother to figure out what happened, but assume the motherboard just died and buy a new one.
There's an easy fix: NON-Flashable ROMS, but board-makers won't cooperate.
Actually, many (if not most) motherboards have a DIP switch or jumper to enable BIOS write protect.
However this is largely unnecessary under *nix. Here is the chain of events which must happen - and EACH point would have to be vulnerable:
1. You would first require a user who is stupid enough to click an executable attachment. Yes, I am using the charged word "Stupid" - intentionally. The reason: In the Windows world, no matter how many times IT says "don't open attachments unless you KNOW what they are AND are expecting it" users invariably click them. "Gee, what's this? Let me click it and find out." That is the epitome of stupidity. So now, for the sake of your argument, we will assume that your defined first line of defense will be compromised 100% of the time.
2. Assuming the attachment is a windows .exe, it will NOT run on Linux without an API thunking/translation layer. For the sake of this argument we will assume a) wine or a workalike is present b) .exe is associated with wine, allowing clickable-execution of Windows programs and b) wine is correctly installed, allowing Windows executables to run
The BIOS-overwriting virus is now dropped dead in its tracks. Wine does not allow direct access to the hardware because a) windows drivers are not implemented in wine and b) it is in protected memory c) the kernel itself blocks direct access to hardware and b) *nix permissions block it AND the umask further filters permissions
Now, for the sake of your argument, to play devil's advocate, we will assume that the attachment is a Linux or *BSD executable.
1. You would first require a user who is stupid enough to click an executable attachment. Yes, I am using the charged word "Stupid" - intentionally. The reason: In the Windows world, no matter how many times IT says "don't open attachments unless you KNOW what they are AND are expecting it" users invariably click them. for this example we will assume that your *nix users are equally clueless and go "Gee, what's this? Let me click it and find out" 100% of the time. That is the epitome of stupidity. So now, for the sake of your argument, we will assume that your defined first line of defense will be compromised 100% of the time.
2. Now the virus will attempt to copy outside of ~ to overwrite /bin/ls. It is stopped dead in its tracks.
3. For sake of argument we will further assume that your sysadmin gave clueless users write access to /bin. Okay, /bin/ls has now been compromised. Now someone will have to execute ls -- WITH ROOT PRIVILEGES -- in effort to overwrite the BIOS. We will assume it happens; the script is stopped dead in its tracks because it is not installed as a kernel module. Game over.
Quote:
Again I have to doubt: permissions may work if everyone is honest, like 'private property' signs. An OS may typically stop unauthorized commands if it recognizes them. Sorry, you don't have permission to FORMAT C: , please ask an adminstrator for assistance." Almost all users have permission to execute SOME program, and if a program is named 'LS', an OS isn't normally going to scan it to see if it is really a modified 'FDISK'. If the virus has gotten far enough to have itself stored as a file on the system, it surely would also be wearing a benign disguise effective enough to get past that kind of OS security and get executed eventually.
This is where you are falling short and your lack of *nix fundamentals is showing. Unless you have a VERY lazy sysadmin (such as often exist in the OS/X world, unfortunately, because users are UNWILLING to learn permissions. I've seen some environments where they "chmod -R 777 /" - a VERY bad -- and stupid -- thing to do) permissions are enforced by the filesystem driver, and by default the kernel.
Quote:
Quote: "A Linux vulnerability would be addressed with a security update."
(not preemptively stopped by the current design of Linux.)
Ah but now you're relying on non-updatable hardware for security. Once a vulnerability is found in hardware (nonflashable firmware), and the exploit is made known, all bets are off and infection is guaranteed.
Quote:
Quote: "...It is possble in a Linux environment but a lot more difficult."
(difficulty is like rarity. Who cares how difficult it was, once it happens?)
It takes a certain level of stupidity, such as the "chmod -R 777 /" situation I referenced above.
Quote:
Quote: "..that's why you NEVER surf as root"
(If Linux could stop a virus once it is in RAM and running, this wouldn't be a problem! You could surf as ROOT all you wanted. But if Linux IS vulnerable at that point, this is hopelessly inadequate! All this can do it seems is stop script kiddies from executing standard commands if they log on. But the danger isn't in failing to prevent remote control, its in malicious destruction.)
What is your proposed alternative?
Limiting root use to administration is a very reasonable solution; it has worked for ~30 years so far and you can count the number of *nix viruses on your fingers, and they tend to only spread in sloppy environments where sloth reigns supreme.
{snip}
Quote:
(4) The obvious:
a) change the design of the Operating System to be unaware of the hardware 'virtual machine/protected mode' aspects of the machine. You can't turn on a switch that doesn't exist.
Now you've just castrated one of the best features of most processor architectures out there.
Quote:
b) Have a complete hardware 'firewall' that prevents direct access to hardware all the time.
and prevent all hardware from being detected by the OS or the Software. A kind of a Super-GL cross-platform I/O.
1. Just exactly how slow do you want your computer to run? Thanks, but I'd rather my Pentium Xeons run like Xeons and not like an 8088.
2. If this is implemented in hardware, when an exploit IS found, what do you think the vendors' solutions would be? A free upgrade from Bill & Ted's Excellent Motherboards? Think again: they'll tell you the product is EOL and would you consider upgrading to the latest widget-based motherboard which can not only run your current program, but make you a tuna-fish sandwich while you wait for it to boot?
Forkbombing is still possible on many Distros.
That is, apparently Linux USER ACCOUNTS aren't secure at all,
and are quite capable of bringing down the system WITHOUT BEING ROOT.
penguinlnx, that comes down to sysadmin sloth (laziness) and it is dependent upon how the kernel is compiled. Choosing an outdated distribution (e.g., Debian), a poorly-managed distribution, or simply compiling the kernel with the vulnerability is not really what one would consider to be an inherent *nix flaw, but a Stupid User Trick™.
Should we point out that Windows is still very vulnerable to DDoS attacks and a variety of buffer overruns, despite numerous attempts by M$ to fix them?
Forkbombing is still possible on many Distros.
That is, apparently Linux USER ACCOUNTS aren't secure at all,
and are quite capable of bringing down the system WITHOUT BEING ROOT.
This is certainly a vulnerability, but one that can be fixed by the sysadmin. Which is not to excuse it.
Nonetheless, an exploit that crashes the server is a long step short of where you started, which was with malicious code that could take over the machine by gaining the processor after being loaded in RAM.
Here's a list of Linux vulnerabilities for last few months:
17-03-2005: Linux Kernel Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
15-03-2005: Linux Kernel PPP Driver Unspecified Remote Denial Of Service Vulnerability
15-03-2005: Linux Kernel Netfilter Memory Leak Local Denial of Service Vulnerability
09-03-2005: Linux Kernel SYS_EPoll_Wait Local Integer Overflow Vulnerability
08-03-2005: RedHat Linux Less Remote Buffer Overflow Vulnerability
19-02-2005: Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
16-02-2005: Advanced Linux Sound Architecture Libasound.SO Stack-Memory Protection Bypass Weakness
15-02-2005: Linux Kernel Multiple Local Buffer Overflow And Memory Disclosure Vulnerabilities
15-02-2005: Linux Kernel Multiple Vulnerabilities
14-02-2005: VMWare Workstation For Linux Local Privilege Escalation Vulnerability
07-02-2005: Linux Kernel ntfs_warning() and ntfs_error() Local Denial of Service Vulnerability
04-02-2005: SuSE Linux Open-Xchange Unspecified Path Traversal Vulnerability
03-02-2005: Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability
24-01-2005: Linux Kernel Device Driver Virtual Memory Flags Unspecified Vulnerability
21-01-2005: Linux Kernel Unspecified Local NFS I/O Denial of Service Vulnerability
20-01-2005: Advanced Linux Sound Architecture Library Stack Protection Disabling Weakness
19-01-2005: Linux Kernel Audit Subsystem Local Denial Of Service Vulnerability
13-01-2005: Linux Kernel User Triggerable BUG() Unspecified Local Denial of Service Vulnerability
12-01-2005: Linux Kernel Symmetrical Multiprocessing Page Fault Local Privilege Escalation Vulnerability
11-01-2005: Linux Kernel Multiple Unspecified Vulnerabilities
10-01-2005: Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
07-01-2005: Linux Kernel Random Poolsize SysCTL Handler Integer Overflow Vulnerability
07-01-2005: Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities
07-01-2005: Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
07-01-2005: Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial Of Service Vulnerability
07-01-2005: Linux kernel Uselib() Local Privilege Escalation Vulnerability
05-01-2005: Linux Kernel SYSENTER Thread Information Pointer Local Information Disclosure
The point is, Most Linux newbies install it right out of the box,
and haven't a clue how to tighten it down to the security level
of a server that's been running for 3 years.
A Linux New User would be lucky to even put together a shakey grasp
of security issues over a one or two year period, by which time
he could have been hacked a few hundred times.
Most Home Linux users don't have friends who happen to be
Server Administrators or Linux Security Experts, willing to come over for a few days.
Most current Distro kernels have their buns in the air as we speak.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.