On Wed, 8 Aug 2007, G T Smith wrote:- >David Bolt wrote:
<Snip> >> All of which makes for an ideal method of introducing a trojan onto a >> system[0]. And, just to make sure it works across the widest variety of >> systems, all that's required is to create a statically linked 32bit >> binary and it'll run on virtually any x86-32 or x86-64 based system. >> > >Err No... The file itself should usually be read only and only >changeable by root, Yes, it is: [EMAIL PROTECTED]:~> ls -l /usr/lib64/xscreensaver/bsod -rwxr-xr-x 1 root root 206648 2007-04-27 19:08 /usr/lib64/xscreensaver/bsod >and if you are allowing stuff like this to happen as >root more fool you.... I'd say it's more the fool that stupidly installs random software from ghod-knows-where. In this case, I was actually showing that the screen saver _is_ an executable rather than just data used by the X server. It also shows that the use of the screen saver is one of the many available infection vectors. The reason for this is that, for some reason, people like eye-candy and what better way to provide some eye-candy than to create a screen saver. As to what goes on at the same time as the user is getting their eye-candy "fix," well that is entirely upto the person writing the trojan. Regards, David Bolt -- Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]