On Sun, 23 Jul 2000, David Luyer wrote:
>[of course a root-level remote-access hole in a shipping distro has the
>potential to do this and so much more, which is why we're lucky the major
>distro's seem to be moving towards not installing any daemons accepting
>remote connections by default... except samba seems to be popular, better
>hope nobody ever discovers a remote buffer overflow hole in that, because
>if a UDP packet on port 13x could destroy your hardware in a default Linux
>install it would be pretty devastating...]
The last sentence here is particularly interesting. Linux has
been clean of _real_ viruses so far, and will likely continue to
be so, because UNIX style systems although not immune to viral
action, are quite resistant to it, and to spreading. Worms on
the other hand are very viable a possibility. Morris showed
that in 1986 quite well. Only now it is 2K and there are
countless systems out there. I'd bet that there are more Linux
systems online than all other Unices combined, although I haven't
statistics for that - it is just total fabrication. A 'guess' if
you will.
Since Linux is quite spread though, it seems a good target for
someone looking to get big in the media. Perhaps trying to
become the author of "Internet Worm II". Any OS could be a
target, however Linux as a target would have some mystique
likely. It is highly plausible that someone will find a
collection of common exploitable holes in default Linux
distribution installs that are out there, and write a worm that
spreads around, and just waits for a covert tcp wakeup call, at
which time it wipes the BIOS, and all other known flash types,
and then wipes out the hard disk, and all copies of the
superblock, as well as any traces of partition table info on
other sectors by scanning the disk looking for them like gpart
does... Could be quite devastating. I'm sure worse could happen
as well.
This doesn't really have anything to do with the IDE topic, but
then the topic has been changed to viruses now, so I guess it is
ok to speculate... I hope nobody does anything like this, but
the fact that it is quite plausable makes me shudder.
I think in time though, once the filesystem has CAP support, and
we have a higher security model, and dists come configured more
securely by default, etc.. that things will be much better. Lets
just hope things get better before they get worse.
Take care,
TTYL
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocate... Our continuing mission: To seek out knowledge of C, to explore strange UNIX commands, and to boldly code where no one has man page 4.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST