[lugm.org] Old security problems and new solutions
selven
pcthegreat at gmail.com
Thu Apr 2 06:38:23 UTC 2015
:p MIU MIU kidz started talking other stuffs other than Defi media's
website :D
@beach samurai, note that Even linux has got its share of
virus/worm/trojan etc. But as Ajay pointed out (... see what he pointed
out..), the nature of opensource makes it easier to detect and faster to
fix by simply anyone who has got the skills, this increases your
probability for quick fixes.
When you are uncompressing something, the inputs are actually the
compressed files, and if there's a hole somewhere in the xz application
that is performing the decompression, the "inputs" in this case, the
compress files if that was carefully crafted to exploit this whole will
eventually lead to in the worst case scenario, giving the attacker the same
permission as whoever is running xz, and from that point he could escalate
from such vulnerability into something even more dangerous.
What you could do was in simple terms, decompress inside a virtual machine
(i know that's overkill but for those who are paranoid there are very good
reasons why one might want to do that), or in a lighter version of a
virtual machine, i.e in a chrooted environment though it would only be a
filesystem restriction in such a case.
Now it is highly not practical to go in a vm or a jail to uncompress
something that is simply inefficient, now from what i can grasp on what
logan did, he has placed his decompressor and compressor in a restricted
environment similar to a chroot (but ofcourse WAYYYYY lighter) giving you
another layer of security while at the same time saving you the trouble
from having to use a full fledged virtualized environment for just
decompressing or compressing a file.
^^ this doesn't mean a sandbox cannot be broken, but you need big balls and
big brains to do that and time also, but the simpler the sandbox is, the
tougher it will get for anyone to break out of it as you don't have much
syscalls that you can even make in it.
Thanks,
Selven
On Wed, Apr 1, 2015 at 7:25 PM, z.coldplayer at yahoo.co.uk <
z.coldplayer at yahoo.co.uk> wrote:
>
> > On Wed, Apr 1, 2015 at 8:06 AM, Beach Samurai
> > <beach.samurai at gmail.com>
> > wrote:
> > > Are linux users prone to such attacks?
> > > I moved from windows to ubuntu because i thought linux was
> > > impervious to such attacks unless something got installed on the
> > > kernel....>
>
> Having a rootkit installed is a different beast to tackle, but this kind
> of exploitation is using a kind of buffer overflow to run arbitrary code ,
> ie the xz program had access to a particular RAM address it should not
> and then making that RAM address accessible to malicious code. In the
> end the OS policies/capabilities are not controlling that area so it can
> do anything .
>
> __________________________________________________________
> Linux User Group of Mauritius (LUGM) Discuss mailing list
> Website: http://lugm.org
> Mailing list archive:
> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
> Forum: http://lugm.org/forum/
> IRC: #linux.mu on Freenode
>
--
*Pirabarlen Cheenaramen *| $3|v3n
L'escalier
mobile: +230 549 24 918
<god at hackers.mu>
blog <http://thegodof.net> || fb <http://godify.me> || pgp
<http://hackers.mu/pgpselven.txt>
/*memory is like prison*/
(user==selven)?free(user):user=malloc(sizeof(brain));
P Save electricity & disk space. Cat this mail to >/dev/null 2>&1 after use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20150402/929984f8/attachment.html>
More information about the Discuss
mailing list