You are here: CrunchBangTagssecurity

Wednesday, November 28th, 2007

Malicious Linux Instructions

Tom Dryer offers some good advice to novice Linux users concerning the execution of malicious terminal commands/shell scripts:

Don't run a command if you don't understand what it is doing and don't run commands from untrusted people or places. Check with someone you trust if you are not sure, or check out the command's manual page.

Tom's advice is sound, but I fear he's shouting into the wind. I read the same Ubuntu forum announcement as Tom and while I've always been aware of the issue, it's worrying to read about it on such a high-traffic site as Ubuntu Forums — more so considering the site is heavily used for system support/help requests.

I find it funny that some Linux advocates proudly shout about the fact that Linux is near enough immune to virus attacks, yet rarely mention the negative aspects of running such a powerful system. Some of the malicious commands mentioned in the announcement are far more destructive than your average Windows virus.

The most worrying aspect to all this is the potential future implications for Linux on the Desktop. If When Linux finally gains real market share, then this type of maliciousness could really explode on the community [quite literally.]

Not a solution, just an idea

There isn't an immediate solution to this problem, there may never be a solution. However, I have come up with an idea that might help Ubuntu Forums to combat it:

The idea would involve Ubuntu Forum users [those wishing to post code or instructions] applying for a "seal of approval". The application would be looked at by a board/council and a seal issued when the applicant had shown enough evidence to warrant receiving it. Applicants could also submit testimonials from other forum members to backup their application.

Once a seal is approved it would be prominently displayed as an image link within the users profile bar. Clicking on the image would send the visitor to a notice page informing them that the message had been posted by an approved user.

All forum users should be made aware of the seal and its meaning. This could be done on registration for new users and via an announcement for existing members.

I'd be interested to know what people think of this. Please feel free to post a comment saying why it's either good or bad idea. Any technical suggestions about how it would work would also be welcome :)

Tagged with: security, ubuntu | Comments [11]

Browse Posts by Tag

13th advocacy antispam artwork bash bbc bcs bittorrent bloggers blogs boobs bookmarklets cli code colour commands comments conduit crontab crunchbanglinux debian design development email fluxbuntu fonts fun gedit gimp gnome google gos hack hacks hosting images javascript language launchpad life lincslug linux lugradio madness memes misc monkeys motu mysql n95 networking nokia openbox openoffice opensuse packaging penguins php phpmyadmin podcast ppa progbox programming projects puppy python random rants realplayer revu scripts security shell software ssh terminal terminator themes tools twitter typography ubuntu ubuntucse unitedhosting video virtualisation webdesign whird wiki windows woot zombies

CrunchBang - A weblog & personal resource about coding, design & GNU/Linux.

  1. Home
  2. Archives
  3. Tags
  4. Projects
  5. Wiki
  6. About
  7. Contact

Subscribe to RSS feeds | | Interesting stuff elsewhere on the interweb

Archives

Ubuntu - Linux for Human Beings!

Ubuntu is an operating system consisting of free and open source software. With Ubuntu you can surf the web, read email, create documents, spreadsheets and more!

Copyright © 2008 Philip Newborough. Some Rights Reserved.
Licensed under a Creative Commons Attribution-Share Alike 2.0 UK: England & Wales License.