CrazyDog
Member
Posts: 73
|
 |
« on: September 05, 2013, 12:12:49 am » |
|
|
|
|
|
|
Logged
|
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2236
|
|
« Reply #1 on: September 05, 2013, 03:56:49 am » |
|
This one is a Trojan, meaning that the attacker needs to trick you into executing it. We can protect ourselves from this one by just not executing untrusted programs (harder than it sounds.) That said, looks like Vector does use the safe setting for ptrace mentioned in the article. You can check with: $ cat /proc/sys/kernel/yama/ptrace_scope 0 is the more permissive setting, and 1 is the safer one (from https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace) |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
sledgehammer
|
|
« Reply #2 on: September 05, 2013, 07:07:50 am » |
|
You can check with:
Code:
$ cat /proc/sys/kernel/yama/ptrace_scope
Rodrigo, I get a "command not found" Do you know what I need to add or change in my system to enable ptrace? |
|
|
|
|
Logged
|
VL7.0 xfce4 Samsung RF511
|
|
|
wigums
Member
Posts: 39
|
|
« Reply #3 on: September 05, 2013, 07:57:46 am » |
|
One question I wanted to have the researcher answer for me is this: Why did SELinux not stop the trojan from functioning on Fedora 19? things that make you say hmmmmm (dont forget who wrote selinux) |
|
|
|
|
Logged
|
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2236
|
|
« Reply #4 on: September 05, 2013, 08:52:07 am » |
|
You can check with:
Code:
$ cat /proc/sys/kernel/yama/ptrace_scope
Rodrigo, I get a "command not found" Do you know what I need to add or change in my system to enable ptrace? Hi John, Maybe you didnt remove the "$" character? Thats justva convention that means "run the following command in a terminal". The command would be: cat /proc/sys/kernel/yama/ptrace_scope |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
MarkGrieveson
|
|
« Reply #5 on: September 05, 2013, 05:19:22 pm » |
|
Like John, it also doesn't show up on my computer. vector:/~
mark:$ cat /proc/sys/kernel/yama/ptrace_scope
cat: /proc/sys/kernel/yama/ptrace_scope: No such file or directory
vector:/~
mark:$
|
|
|
|
« Last Edit: September 05, 2013, 05:22:42 pm by MarkGrieveson »
|
Logged
|
I am using VL7.0 standard with XFCE
|
|
|
CrazyDog
Member
Posts: 73
|
|
« Reply #6 on: September 05, 2013, 06:14:41 pm » |
|
Thanks for the replies everybody. I appreciate it. I do some financial stuff with my bank online and just wanted to make sure I was safe. I believe that Vector is the safest choice out there.  |
|
|
|
|
Logged
|
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2236
|
|
« Reply #7 on: September 06, 2013, 03:04:34 am » |
|
Like John, it also doesn't show up on my computer. vector:/~
mark:$ cat /proc/sys/kernel/yama/ptrace_scope
cat: /proc/sys/kernel/yama/ptrace_scope: No such file or directory
vector:/~
mark:$
Maybe. John was getting "Command not found". Your kernel doesnt seem to have ptrace scope enabled, whats the output of "uname -r" in your system? I am in 7.1 and it is enabled here. I will check it out, we could build a new kernel for 7.0 if needed. If anyone wants to experiment with this in 7.0 please let me know. |
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
vincent2
|
|
« Reply #8 on: September 06, 2013, 03:39:08 am » |
|
$ uname -r
3.10.10
$ cat /proc/sys/kernel/yama/ptrace_scope
1
better install kernel 3.10.10, you'll be more secure! kernel 3.11 could be more |
|
|
|
|
Logged
|
|
|
|
retired1af
Packager
Vectorian
Posts: 1183
|
|
« Reply #9 on: September 06, 2013, 05:44:20 am » |
|
kernel 3.11 could be more
And why should we do that when 3.10 is the stable tree? Hmmm? |
|
|
|
|
Logged
|
ASUS K73 Intel i3 Dual Core 2.3GHz
|
|
|
|
MarkGrieveson
|
|
« Reply #10 on: September 06, 2013, 07:34:06 am » |
|
vector:/~
mark:$ uname -r
3.0.8
|
|
|
|
|
Logged
|
I am using VL7.0 standard with XFCE
|
|
|
rbistolfi
Packager
Vectorian
Posts: 2236
|
|
« Reply #11 on: September 06, 2013, 07:47:51 am » |
|
Thanks Mark, we will have 3.10 packages to test in a couple of hours.
|
|
|
|
|
Logged
|
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.
--
Jumalauta!!
|
|
|
|
sledgehammer
|
|
« Reply #12 on: September 06, 2013, 09:59:40 pm » |
|
I updated the kernel once and it worked, but forgot how. I think I followed the instructions in: http://forum.vectorlinux.com/index.php?topic=10385.msg66371#msg66371Do they still work? I see the new kernel in untested but I may not try it this weekend as I am pretty busy with the computer and don't want to screw it up. |
|
|
|
|
Logged
|
VL7.0 xfce4 Samsung RF511
|
|
|
|
MarkGrieveson
|
|
« Reply #13 on: September 07, 2013, 10:30:50 am » |
|
Those instructions look like they're for a system using lilo rather than grub. Perhaps they would work with just skipping the lilo step. Anyway, I think I'll wait for the announcement that a new kernel has made it to testing, as rbistolfi mentioned.
|
|
|
|
|
Logged
|
I am using VL7.0 standard with XFCE
|
|
|
|
sledgehammer
|
|
« Reply #14 on: September 07, 2013, 11:37:32 am » |
|
I use lilo, but I think your suggestion to wait a good one.
|
|
|
|
|
Logged
|
VL7.0 xfce4 Samsung RF511
|
|
|
|
