On Wed, 8 Aug 2007, G T Smith wrote:-
>David Bolt wrote:
<Snip>
>> All of which makes for an ideal method of introducing a trojan onto a
>> system[0]. And, just to make sure it works across the widest variety of
>> systems, all that's required is to create a statically linked 32bit
>> binary and it'll run on virtually any x86-32 or x86-64 based system.
>>
>
>Err No... The file itself should usually be read only and only
>changeable by root,
Yes, it is:
[EMAIL PROTECTED]:~> ls -l /usr/lib64/xscreensaver/bsod
-rwxr-xr-x 1 root root 206648 2007-04-27 19:08 /usr/lib64/xscreensaver/bsod
>and if you are allowing stuff like this to happen as
>root more fool you....
I'd say it's more the fool that stupidly installs random software from
ghod-knows-where.
In this case, I was actually showing that the screen saver _is_ an
executable rather than just data used by the X server. It also shows
that the use of the screen saver is one of the many available infection
vectors. The reason for this is that, for some reason, people like
eye-candy and what better way to provide some eye-candy than to create a
screen saver. As to what goes on at the same time as the user is getting
their eye-candy "fix," well that is entirely upto the person writing the
trojan.
Regards,
David Bolt
--
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
