[kwlug-disc] Linux viruses [was: Linus viruses]
Chris Irwin
chris at chrisirwin.ca
Tue Jul 27 21:59:42 EDT 2010
On Tue, 2010-07-27 at 20:50 -0400, Kyle Spaans wrote:
> You've got me there. Mostly I was posting that link because it's an
> interesting read and to show that there are least people thinking
> about this kind of thing. It certainly does _not_ help my (admittedly
> devil's advocate) argument much. :-)
Here's a common vector that could be used for Ubuntu:
"Hey everybody, I just made updated firefox/pidgin/etc packages in my
ppa! Let me know how they work!"
Adding a PPA is down to a single command, they are GPG signed so as to
avoid popping up security errors, and can provide any package (say,
firefox and gksudo). Furthermore, the firefox package may itself provide
extra files, or a postinst script that replaces gksudo (or any other
file) with a modified version. etc.
--
Chris Irwin <chris at chrisirwin.ca>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100727/982b7a98/attachment.sig>
More information about the kwlug-disc
mailing list