Posted on 09/21/2005 7:57:22 AM PDT by general_re
Maybe on Linspire - a Linux for newbies that logs users on as root (like WinderzXP). Not on my Debian box.
The tripwire daemon should be monitoring the size of the executables in /bin, not the downloaded file. Those are the normal targets, all the regular Unix commands that are run frequently.
Assuming you're not running as a privileged user, sure. Of course, it'll still try to touch every file it can - run one as root later on, and you're hosed ;)
Ah, sorry - I thought you were asking about the moz/TB binaries. In that case, Tripwire would presumably sound the alarm if files started changing.
Surely it's not that simple.
You would normally su to root to install the software. While unzipping and untarring the executables wouldn't do anything, they probably contain executables will be owned by root and can therefore run as root if the suid bit is turned on.
So even if you're browsing the web as Joe Blow, you might not be safe.
Of course, most savvy Unix SAs install things like web servers under an account like 'nobody' that is deliberately designed to have no privileges at all. But many would unthinkingly su to root to install client software on workstation machines.
GNU Project's FTP Servers Hacked
Things like this happen when you let just anyone view your source code.
Seems to be a recurring problems for these Mozilla guys.
http://www.mozillazine.org/talkback.html?article=6771
Nice blimp.
ten or 10 in binary, which is a few less? :)
Shoot, I always favored my Radio Shack 2k TRS-80.
i...........
There's 10 kinds of people who understand binary... Those who do, and those who don't. :)
i=sqrt(-1).............
Just think. If IBM had chosen CP/M instead of MSDOS, Bill Gates would be just another computer geek..............
i=sqrt(-1)............. Very imaginative! :)
He says to the Bartender,"I just lost and electron!"
Bartender says,"Are you sure?"
Atom replies,"I'm positive!".......
Trash-80. OS in ROM. No viruses.
Since I'm a Suse user, not Debian, I had to check what 'apt' is, but probably yes. Certainly Yast only runs as root.
That's why these automatic installers are so dangerous. They run as root so they can update the startup/shutdown scripts, but this makes them vulnerable to attacks like this.
apt runs as sudo (when you install) but programs can't invoke root on their own.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.