Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 01 Sep 2014, 08:41
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Linux-Malware in Gentoo a Threat to Puppy?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [22 Posts]   Goto page: 1, 2 Next
Author Message
edoc


Joined: 07 Aug 2005
Posts: 4367
Location: Southeast Georgia, USA

PostPosted: Tue 15 Jun 2010, 10:48    Post subject:  Linux-Malware in Gentoo a Threat to Puppy?  

Is there any likelihood that the Linux-malware recently found in Gentoo might metasticize to Puppy and other distros?

http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malware-monopoly-is-over-gentoo-ships-backdoor-updated/2206?tag=nl.e539

Could this be the beginning of attacks on complacent Linux users?

I have observed that the recent releases of Quirky and Wary come with Firewalls by default - did Barry see this coming?

_________________
Thanks! David
Home page: http://nevils-station.com
Don't google Search! http://duckduckgo.com
Puppy upup Raring 3992 & Lighthouse64-b602
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 15 Jun 2010, 15:29    Post subject:  

Thanks indeed for telling about this.

Quote:
Update 12:30PM PDT 14-Jun-2010: It’s much worse than it appears. According to this report, the malware-compromised code was included in the official Gentoo distribution:

Would you consider it to be a big deal if it was found in a distribution? Gentoo just released an update to remove the backdoor.

http://packages.gentoo.org/package/net-irc/unrealircd

I’m sure there will be others, I believe the package is also available in Arch. I haven’t really looked to see if it was anywhere else.

http://www.zdnet.com/blog/bott/linux-infection-proves-windows-malware-monopoly-is-over-gentoo-ships-backdoor-updated/2206?tag=nl.e539

The text he write about comes from here
http://www.fewt.com/2010/06/linux-infected.html

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
edoc


Joined: 07 Aug 2005
Posts: 4367
Location: Southeast Georgia, USA

PostPosted: Wed 16 Jun 2010, 13:01    Post subject:  

Someone explained on another list ...

Quote:
It is specifically Unreal3.2.8.1.tar.gz on a small subset of mirror sites, and not particularly a Gentoo problem but any distro that includes the Unreal Tournament IRC server. The sad part is it has been there for several months and was just now noticed; the good news is that as soon as it was noticed, the corrupt version of that file was removed and replaced with a clean copy. So that's not a "shame on Gentoo" problem; it's a shame on the maintainers of the Unreal mirrors.


More technically literate details here

_________________
Thanks! David
Home page: http://nevils-station.com
Don't google Search! http://duckduckgo.com
Puppy upup Raring 3992 & Lighthouse64-b602
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 16 Jun 2010, 13:26    Post subject:  

So it was more a vulnerable server upload thing than Gentoo Linux as such?

That makes me feel a bit more secure. Hmm

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Wed 16 Jun 2010, 21:22    Post subject:  

If what I'm understanding is correct, the problem was with the people distributing the Unreal source code. It was some of their mirrors that were compromised, and they were the idiots that weren't signing their files with PGP. Without the PGP signature the people at Gentoo had no way of realizing that the source code was tainted. The Gentoo folks then distributed the compromised file from their trusted (but insecure) source code provider.

It should also be noted that this would only affect people that installed Unreal. It wasn't actually included with the base distro (with Gentoo the kernel isn't even included with the base distro, you have to compile it yourself). Since Gentoo distributes only source code and does not have binaries on their servers, there was no way for a virus scanner to catch the corrupted files.

I suppose the folks at Gentoo shouldn't have used an unsigned file, but I don't think that I would have considered the possibility of the official Unreal mirrors distributing bad code so I can't really bash them.

Constant vigilance!

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Thu 17 Jun 2010, 03:14    Post subject: Re: Linux-Malware in Gentoo a Threat to Puppy?  

edoc wrote:
I have observed that the recent releases of Quirky and Wary come with Firewalls by default - did Barry see this coming?

In fact ALL official releases since 4.12 (at least) have the firewall installed and on by default. That certainly was the case with 4.2x releases, and I'm pretty sure it is true of 4.3x too.

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 17 Jun 2010, 04:37    Post subject:  

firewall in puppy
Quote:
and on by default


Nope we have to activate it using the set up. That is how I get it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
otropogo


Joined: 24 Oct 2009
Posts: 702
Location: Southern Rocky Mt. Trench

PostPosted: Thu 17 Jun 2010, 11:36    Post subject:  

I've wondered about this lately myself. I always use the firewall wizard when configuring a new Puppy or using pfix=ram., but note that:

1. whether your use the "automatic" or the "default" method, the result seems to be the same

2. there's no indication whether it's running or not, as promised by the displayed messges.

3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.

So while I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?

There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.

_________________
otropogo@gmail.com facebook.com/otropogo
Back to top
View user's profile Send private message Visit poster's website 
otropogo


Joined: 24 Oct 2009
Posts: 702
Location: Southern Rocky Mt. Trench

PostPosted: Thu 17 Jun 2010, 11:38    Post subject:  

I've wondered about this lately myself. I always use the firewall wizard when configuring a new Puppy or using pfix=ram., but note that:

1. whether your use the "automatic" or the "default" method, the result seems to be the same

2. there's no indication whether it's actually running as promised by the displayed messages.

3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.

So I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?

There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.

_________________
otropogo@gmail.com facebook.com/otropogo
Back to top
View user's profile Send private message Visit poster's website 
tubby

Joined: 24 Jan 2009
Posts: 317

PostPosted: Thu 17 Jun 2010, 12:02    Post subject: firewall  

Take a peek in etc/rc.d/rc.firewall, open as text and see for yourself what you can alter. Smile
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 17 Jun 2010, 14:31    Post subject:  

This you can test in the urxvt, rxvt or console or terminal or CLI.

like this

Quote:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
TRUSTED all -- anywhere anywhere state NEW

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID

Chain TRUSTED (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
#


you write

iptables -L

if it says accept in all places then most likely it is not activated.


But more than than that I have no idea how to know how good it is.

But my experience is that if one don't activate it then it is active but of no use at all. It is active in the sense that it is there but it is allowing everything both in and out.

But if one run the set up then it activate the Drop things you can see there but I don't get what it means. Hopefully somebody explain it to us. Smile

what tubby refers to is how you can detail every little thing it can change.

While the set up allow what I quoted. A preset by the developer

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
otropogo


Joined: 24 Oct 2009
Posts: 702
Location: Southern Rocky Mt. Trench

PostPosted: Thu 17 Jun 2010, 15:50    Post subject:  

Quote:
Take a peek in etc/rc.d/rc.firewall, open as text and see for yourself what you can alter.


thanks tubby, will have a look, but I doubt I'll understand enough to make changes. I'm used to Zonealarm.

Quote:
This you can test in the urxvt, rxvt or console or terminal or CLI.


thanks Nooby. PS. do you ever regret your pessimistic choice of username? Wink

_________________
otropogo@gmail.com facebook.com/otropogo
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 17 Jun 2010, 16:00    Post subject:  

Hahah, if you have a good suggestion do write me a PM and I will consider it. Smile

Nooby is a crazy name but it is kind of very apt. I am like an eternal Newbie. Knowledge almost never get remembered due to my bad attention.

Should I call myself maybe Nobody?

Hmm

Promise to send me a PM with a good suggestion so nobody else take it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
otropogo


Joined: 24 Oct 2009
Posts: 702
Location: Southern Rocky Mt. Trench

PostPosted: Thu 17 Jun 2010, 18:50    Post subject:  

You mean you'd consider changing your username? Is that even possible.?

I guess you'd still be recognizable by your avatar.

I could certainly make some suggestions. Send me a pm or e-mail and tell me more about yourself. I have the impression you're in Sweden or thereabouts.

Your claimed memory deficit doesn't sound plausible though. You're forever posting references, while I have trouble just remembering not to waste my time with the BBS search engine.

_________________
otropogo@gmail.com facebook.com/otropogo
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 17 Jun 2010, 19:01    Post subject:  

Somebody complained about me writing Europe. But I failed to find where to correct it.

The mods told me it is allowed to change username as long as one don't use such change for trolling or anything bad.

As you say my avatar would reveal me but most revealing is my writing style.

None else are as naive in their posting as me. Unfortunately for me I have no way to pretend to be somebody else. my body automatically write in my style even if I try to be like everybody else. Hopeless case.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [22 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0860s ][ Queries: 12 (0.0036s) ][ GZIP on ]