Re: Why is su preserving the environment?
On Sat, 24 Jan 2009, Arthur de Jong wrote: > On Sat, 2009-01-24 at 11:07 +0100, Josselin Mouette wrote: > > The question is whether we can consider safe to pass authentication > > tokens as environment variables. Either we do, and we fix applications > > that pass environment where they shouldn???t. Either we don???t, and we have > > to find another way to pass them. > > You can easily get the environment of a process (of when the process > started or the actual value depending on the application) by giving ps > the e option. > > It seems this information is from /proc//environ but I don't think > all *nixes properly protect the environment. So in general I would say > not to put authentication tokens into the environment. > > However, most applications that do something like that put a reference > to the authentication token in the environment (e.g. > XAUTHORITY=/tmp/.gdm0QI8NZ) which is ok as long as the access to the > real token (socket mostly) is protected. Agreed. Authentication tokens in the environment have been banned as an acceptable practice from a security standpoint for a long time, now. They're immediately visible in way too many systems, and almost always the environment is considered public anyway and it is not subject to any kind of auditing, let alone access control... The other thing you absolutely must not do is to have autentication tokens anywhere in command lines, for the same reasons. There are two main safe paths to pass along authentication tokens: by reference to protected files, or directly through open fds shared by the processes (only works on parent/children stuff), through private pipes or sockets. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
2009/1/30 Tito Pelon :
>
>
> Eduardo M KALINOWSKI-4 wrote:
>>
>> Please keep replies on the list.
>>
>>
>> Rodrigo Hashimoto wrote:
>>>
>>>
I'd say the risk is very low. Most malware today doesn't even bother to
infect other windows files (they rely on the fake e-mails like the one
you clicked to spread) and also don't care much about the files you have
Hi,
For about 2 years i was collecting trojans/worms and stuff like this
from my email server (amavis + clamav filtering such shit to a
separate folder).
When tried to run 90% of those programs , very funny thing happened ,
like "you must run win32 environment in order to run this program" ;)
regards
--
Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Eduardo M KALINOWSKI-4 wrote: > > Please keep replies on the list. > > > Rodrigo Hashimoto wrote: >> >> >>>I'd say the risk is very low. Most malware today doesn't even bother to >>>infect other windows files (they rely on the fake e-mails like the one >>>you clicked to spread) and also don't care much about the files you have >>>(even on Windows). >> >> -- >> We don't know one millionth of one percent about anything. >> >> Eduardo M KALINOWSKI >> edua...@kalinowski.com.br >> http://move.to/hpkb >> >> > I usually like testing Windows virus and trojans in the Wine environment, > and as I've reached, the efects unchained by a trojan or virus only can > operate into the execution of the program you have called with wine. What > I wanna say is that there is no "windows environment" where the malware > can work, so the actions this malware can do are limitated to the > execution of the program in wich is launched. For example, a virus that > attacks trough IE, never can open another windows application, simply > because the malware is prepared to open a windows app, not an instance of > wine to a windows app. > > Just another thing, the same some windows software doesn´t run on Wine, > most viruses doesn´t do it. > I've think some bad things, but I prefer not to tell'em > sorry for my poor english > > -- > > Sergio Fernandez > titope...@proyectopqmc.com > http://www.proyectopqmc.com > > > > - http://counter.li.org http://counter.li.org/cgi-bin/certificate.cgi/472448 http://www.proyectopqmc.com Bienvenido al Proyecto PQMC -- View this message in context: http://www.nabble.com/Linux-infected---tp21724415p21747267.html Sent from the Debian Security mailing list archive at Nabble.com. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Linux infected ?
Please keep replies on the list. Rodrigo Hashimoto wrote: > Hi Eduardo, > > Yes, as I was afraid about this I removed everything under wine in > "~/.wine". > > Do you think this is a security risk for my Debian OS ? I'd say the risk is very low. Most malware today doesn't even bother to infect other windows files (they rely on the fake e-mails like the one you clicked to spread) and also don't care much about the files you have (even on Windows). -- We don't know one millionth of one percent about anything. Eduardo M KALINOWSKI edua...@kalinowski.com.br http://move.to/hpkb -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
