I'm linux user and I'm thinking about it's vulnerabilities to malware.
Can I get any malware if I run only trusted applications from distro's repository?
2
-
Define malware.Nils– Nils2012-10-08 20:53:16 +00:00Commented Oct 8, 2012 at 20:53
-
1Use google: en.wikipedia.org/wiki/Malware :)kravemir– kravemir2012-10-09 13:16:35 +00:00Commented Oct 9, 2012 at 13:16
Add a comment
|
3 Answers
This is a question likely to generate better feedback at Security SE.
Packages are generally signed; if the signing key has been compromised (by breaking in into the computer where private key is stored), all bets are off. Then an attacker may craft a package with malware inside, sign it with the key, hack one or several mirrors, replace the packages and wait for infection to spread before it is found out.
A threat may come as a source-code patch that is committed without due review process and introduces a vulnerability into a piece of software, and then this attack vector is exploited in the wild.
Existing applications may have a score of vulnerabilities that allow malware to install itself on a given computer.
As a bottom line, there is no such thing as a "trusted application" anywhere, anytime. You as computer owner and maintainer bear the ultimate responsibility for the overall safety and security of your system, especially if you keep it connected to the 'Net where there be dragons. Would suggest starting reading on computer security, and again, a nice starting point is the Security StackExchange site.
HTH
-
1Apart from that the signature-check has to be activated to discover badly signed packages.Nils– Nils2012-10-08 20:54:19 +00:00Commented Oct 8, 2012 at 20:54
Yes, you can get malware.
Imagine combining a PNG-library-flaw like CVE-2007-5259 with a glibc-problem like CVE-2011-1089. Into an execution under your normal user account with a priviledge escalation triggerd by - lets say viewing a PNG-picture in the konqueror browser from your OS.
There might even be a backdoor programmed into your OS by a regular programmer.
The other side of what @Deer Hunter has said, and what I think you are getting at, is "can malware install itself and get executed like so many similar malware programs Windows gets?". The answer to that is no. Without direct user involvement giving permissions for installation and, then, execution, this cannot happen.
-
3There are enough privilege escalation problems with linux. So yes - malware is possible.Nils– Nils2012-10-08 20:55:48 +00:00Commented Oct 8, 2012 at 20:55
-
@Nils - Correct me if I'm wrong but privilege escalation comes from software that was installed by the user and given access to the system. I'm talking about drive by attacks where, say, you visit a web page that downloads/installs/executes without user intervention.Rob– Rob2012-10-08 21:31:18 +00:00Commented Oct 8, 2012 at 21:31
-
The software installed might be a png-picture that gets downloaded by the browser provided by the operating system. Now a flaw in the png-library will execute code just because you look at that picture (user-context). That code will use another glibc-fault in combination with a OS-provided suid-root-script to elevate the rights further to the root-account. So yes - it is possible.Nils– Nils2012-10-09 21:08:00 +00:00Commented Oct 9, 2012 at 21:08