VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Pages: [1] 2 3 4

Author Topic: Interesting Article. Is Vector safe from this?  (Read 9718 times)

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Interesting Article. Is Vector safe from this?
« Reply #1 on: September 05, 2013, 04:56:49 am »

This one is a Trojan, meaning that the attacker needs to trick you into executing it. We can protect ourselves from this one by just not executing untrusted programs (harder than it sounds.)
That said, looks like Vector does use the safe setting for ptrace mentioned in the article. You can check with:

Code: [Select]
$ cat /proc/sys/kernel/yama/ptrace_scope
0 is the more permissive setting, and 1 is the safer one (from https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace)
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

sledgehammer

  • Vectorian
  • ****
  • Posts: 1465
Re: Interesting Article. Is Vector safe from this?
« Reply #2 on: September 05, 2013, 08:07:50 am »

Quote
You can check with:

Code:

$ cat /proc/sys/kernel/yama/ptrace_scope



Rodrigo, I get a "command not found"

Do you know what I need to add or change in my system to enable ptrace?
Logged
VL7.0 xfce4 Samsung RF511

wigums

  • Packager
  • Packager
  • Vectorite
  • ****
  • Posts: 167
Re: Interesting Article. Is Vector safe from this?
« Reply #3 on: September 05, 2013, 08:57:46 am »

Quote
One question I wanted to have the researcher answer for me is this: Why did SELinux not stop the trojan from functioning on Fedora 19?

things that make you say hmmmmm
(dont forget who wrote selinux)
Logged
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Interesting Article. Is Vector safe from this?
« Reply #4 on: September 05, 2013, 09:52:07 am »

Quote
You can check with:

Code:

$ cat /proc/sys/kernel/yama/ptrace_scope



Rodrigo, I get a "command not found"

Do you know what I need to add or change in my system to enable ptrace?

Hi John,

Maybe you didnt remove the "$" character? Thats justva  convention that means "run the following command in a terminal". The command would be:

Code: [Select]
cat /proc/sys/kernel/yama/ptrace_scope
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

MarkGrieveson

  • Vectorian
  • ****
  • Posts: 531
Re: Interesting Article. Is Vector safe from this?
« Reply #5 on: September 05, 2013, 06:19:22 pm »

Like John, it also doesn't show up on my computer.  

Code: [Select]
vector:/~
mark:$ cat /proc/sys/kernel/yama/ptrace_scope
cat: /proc/sys/kernel/yama/ptrace_scope: No such file or directory
vector:/~
mark:$
« Last Edit: September 05, 2013, 06:22:42 pm by MarkGrieveson »
Logged
I am using VL7.0 standard with XFCE

CrazyDog

  • Member
  • *
  • Posts: 85
Re: Interesting Article. Is Vector safe from this?
« Reply #6 on: September 05, 2013, 07:14:41 pm »

Thanks for the replies everybody.  I appreciate it.  I do some financial stuff with my bank online and just wanted to make sure I was safe.  I believe that Vector is the safest choice out there.  :)
Logged

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Interesting Article. Is Vector safe from this?
« Reply #7 on: September 06, 2013, 04:04:34 am »

Like John, it also doesn't show up on my computer.  

Code: [Select]
vector:/~
mark:$ cat /proc/sys/kernel/yama/ptrace_scope
cat: /proc/sys/kernel/yama/ptrace_scope: No such file or directory
vector:/~
mark:$

Maybe. John was getting "Command not found". Your kernel doesnt seem to have ptrace scope enabled, whats the output of "uname -r" in your system? I am in 7.1 and it is enabled here. I will check it out, we could build a new kernel for 7.0 if needed. If anyone wants to experiment with this in 7.0 please let me know.
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

vincent2

  • Vectorite
  • ***
  • Posts: 412
Re: Interesting Article. Is Vector safe from this?
« Reply #8 on: September 06, 2013, 04:39:08 am »

Quote
$ uname -r

3.10.10


$  cat /proc/sys/kernel/yama/ptrace_scope
1

better install kernel 3.10.10, you'll be more secure!

kernel 3.11 could be more
Logged

retired1af

  • Packager
  • Vectorian
  • ****
  • Posts: 1310
Re: Interesting Article. Is Vector safe from this?
« Reply #9 on: September 06, 2013, 06:44:20 am »


kernel 3.11 could be more

And why should we do that when 3.10 is the stable tree? Hmmm?
Logged
ASUS K73 Intel i3 Dual Core 2.3GHz

MarkGrieveson

  • Vectorian
  • ****
  • Posts: 531
Re: Interesting Article. Is Vector safe from this?
« Reply #10 on: September 06, 2013, 08:34:06 am »

Code: [Select]
vector:/~
mark:$ uname -r
3.0.8

Logged
I am using VL7.0 standard with XFCE

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2305
Re: Interesting Article. Is Vector safe from this?
« Reply #11 on: September 06, 2013, 08:47:51 am »

Thanks Mark, we will have 3.10 packages to test in a couple of hours.
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

sledgehammer

  • Vectorian
  • ****
  • Posts: 1465
Re: Interesting Article. Is Vector safe from this?
« Reply #12 on: September 06, 2013, 10:59:40 pm »

I updated the kernel once and it worked, but forgot how.  I think I followed the instructions in:

http://forum.vectorlinux.com/index.php?topic=10385.msg66371#msg66371

Do they still work?  I see the new kernel in untested but I may not try it this weekend as I am pretty busy with the computer and don't want to screw it up.



Logged
VL7.0 xfce4 Samsung RF511

MarkGrieveson

  • Vectorian
  • ****
  • Posts: 531
Re: Interesting Article. Is Vector safe from this?
« Reply #13 on: September 07, 2013, 11:30:50 am »

Those instructions look like they're for a system using lilo rather than grub.  Perhaps they would work with just skipping the lilo step.  Anyway, I think I'll wait for the announcement that a new kernel has made it to testing, as rbistolfi mentioned.
Logged
I am using VL7.0 standard with XFCE

sledgehammer

  • Vectorian
  • ****
  • Posts: 1465
Re: Interesting Article. Is Vector safe from this?
« Reply #14 on: September 07, 2013, 12:37:32 pm »

I use lilo, but I think your suggestion to wait a good one.
Logged
VL7.0 xfce4 Samsung RF511
Pages: [1] 2 3 4