[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Michael B. Trausch fd0man at gmail.com
Thu May 19 15:30:51 EDT 2005


Jim Popovitch wrote:
> 
> No.  Malware is spread via non-root means every second. i.e. SPAM,
> phishing scams, viruses.  None of those require "root".
> 

When did phishing scams and spam become malware?  I think that you're
attempting to move the line in the sand.  Malware is malicious software,
and spam and phishing scams, by definition are not.  However, they can
distribute software which replicates itself, and it's mass replication
would be greatly limited in a world where the replicatory and hiding
means that are currently used would be harder to implement, because
they'd not be able to hide so easily.

Viruses, in effect, do require root, save the very annoying ones that
merely attack data, which aren't that frequent.  Viruses attack hard
disk structures, file system structures, operating system structures --
all of which are protected on a UNIX or Linux system that isn't running
as root.  Or did you ignore that, too?

Another thing is that it's harder to mass-send e-mails on a system that
is appropriately locked down and isn't being run as root.  The issue
there is that you can have quotas on CPU time, process counts,
filesystem usage, for a regular user, but you can't with root users
unless the limitation comes from the kernel, similar to what Microsoft
did with Windows.  They managed to get the kernel to throttle TCP
connections hoping that would help cut down on the virus/worm spread
that they've persistantly dealt with over the past couple of years in
one of their "security updates".

Those types of solutions do not belong in the kernel.  The fact that
they'd need to be there, that you must put a dirty, nasty hack into your
operating system's kernel, signifies that there is a far worse problem -
- the design of the system.

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list