Mirai malware infects Linux with Busybox

For discussions about security.
Message
Author
belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

#91 Post by belham2 »

Mike7 wrote: I don't think you quite realize what you're saying. I've never compiled anything. I don't even know what compiling is.

Mike,

If a bungling dunderhead old fart like me can have a few compiling successes, then you can to! Seriously, it is intimidating at first, but then once you start banging on the keyboard telling it to "MAKE" and stuff like that, you start to think "hey, I can do this!' Seriously, it is not hard to give it a go and doesn't take that much time. You spend more time typing out replies here than you would if you'd give compiling a go (but, hey, maybe that is all of ours' secret intent---to connect with others across this blue orb of ours). Anyhooot, when compiling, the only question is not only whether it (the compiling) succeeds, but more importantly if your creation works how it is supposed to lol! :lol: And you'll know that lickety-split once you load it in and see. That's the fun, and when it does work, my Lord, the beer tastes that much sweeter that night 8)

Compiling an executable for Puppy is as easy as learning to swim: you dive in and you do the dog paddle! Wink
....and don't worry, Musher (and Geoffrey & others) says this reply to everyone. They throw us in the big darn compiling ocean and then sees if we sink or swim. They haven't let many of us drown...at least not yet :wink:

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#92 Post by musher0 »

You missed the pun between compiling on Puppy and doing the dog paddle? :lol:
Anyway, it's not the Big Blue, probably more like the local frog pond!
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

#93 Post by belham2 »

musher0 wrote:You missed the pun between compiling on Puppy and doing the dog paddle? :lol:
Anyway, it's not the Big Blue, probably more like the local frog pond!
Musher,

As a side note to this thread (plz excuse me, original author, Mike7, but the topic did come up concerning compiling), is there any plans for a, say, brand spanking-new complied Puduan 7.0 or such....maybe with your security busybox script (and any others) included by default.....helping protect us poor, wretched puppy souls from mirai malware :lol: :wink:

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#94 Post by Mike7 »

musher0-
Compiling an executable for Puppy is as easy as learning to swim: you dive in and you do the dog paddle!
My air-conditioning is on the blink and it's 98 F. in Buenos Aires today. I don't think it's the right moment for experiments.

For now, I have disabled "World" in the bash and busybox permissions as you suggested.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#95 Post by Mike7 »

musher0-

I jumped the gun and spoke too soon. Carolite has Thunar, not ROX-filer, and the Permissions tab in Properties gives only these four choices for each group: Read Only, Write Only, Read & Write, and None. There is no Execute choice for each group. At the bottom of the tab there's a tick box that says "Allow this file to run as a program". That's all there is on the Permissions tab.

So, how do I disable "World - Execute" while leaving "Owner - Execute" enabled? Can it be done with the terminal?

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#96 Post by musher0 »

Mike7 wrote:(...)how do I disable "World - Execute" while leaving "Owner - Execute" enabled? Can it be done with the terminal?

M.
Hello Mike7.

Sorry for the lateness in replying.

Open a terminal and type

Code: Select all

cd /bin
chmod 774 busybox
(Permission "774" means "read-write-execute" for "user" and "group", but
"read only" for "world".)

The above I tested many times, by shutting down and rebooting after
attributing that new permission to busybox, and the Puppy boots and runs
like it always has.

However, please hold off doing it on the bash interpreter until I have
conducted more tests. Thanks. (I'll edit my previous post as well.)

Besides, busybox has the ash interpreter, so it's unlikely "kiddo" would
need both the ash and bash interpreters to do his mischief.

I'm playing it safe here. It's just that in my Puduan Pup, I have a
permission problem with geany and editors generally since I changed
some permissions on various directories. I have done some back-tracking
on the Puduan, but I haven't found the source of my bug yet.

On the other hand, I've changed only the busybox permission to 774
on the Slacko Slim 6 that I use now, so I am sure that the busybox
permission can be changed to 774 without problem.


IHTH. BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#97 Post by Mike7 »

musher0-
Open a terminal and type

Code: Select all

cd /bin
chmod 774 busybox
(Permission "774" means "read-write-execute" for "user" and "group", but
"read only" for "world".)
Okay, will do. What's the chmod code number for putting the permissions back to their previous state (just in case there's a problem)?
please hold off doing it on the bash interpreter until I have
conducted more tests.
Okay.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#98 Post by Mike7 »

Hi, belham2.
once you start banging on the keyboard telling it to "MAKE" and stuff like that, you start to think "hey, I can do this!'
I'm usually wrong.
They haven't let many of us drown
I'd like to see the statistics and a few comments from those who drowned. But they probably didn't leave their memoirs.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#99 Post by musher0 »

Mike7 wrote:(...) What's the chmod code number for putting the permissions back to their previous state (just in case there's a problem)?
(...)
M.
775
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
drunkjedi
Posts: 882
Joined: Mon 25 May 2015, 02:50

#100 Post by drunkjedi »

Mike7 wrote:What's the chmod code number for putting the permissions back to their previous state (just in case there's a problem)?
First... To know what permissions a file have do

Code: Select all

stat -c "%a %n" yourfile
Note the number in output.
Use it with chmod if you want to revert back to it.

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#101 Post by slavvo67 »

Just a quick note, some of these tips won't work on puppy derives, such as Quirky. Quirky has a different directory structure than Puppy.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#102 Post by musher0 »

slavvo67 wrote:Just a quick note, some of these tips won't work on puppy derives, such as Quirky. Quirky has a different directory structure than Puppy.
Oh well. "You can't please everyone and your dad," can you? ;)
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#103 Post by Mike7 »

musher0-
775
Thanks. What do the digits stand for?

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#104 Post by Mike7 »

drunkjedi-
To know what permissions a file have do

Code: Select all

stat -c "%a %n" yourfile
Note the number in output.
Use it with chmod if you want to revert back to it.
Thanks, dj. Very helpful.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#105 Post by Mike7 »

slavvo67-
some of these tips won't work on puppy derives, such as Quirky. Quirky has a different directory structure than Puppy.
Is there a list somewhere of these "different" puppy derivatives?

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#106 Post by musher0 »

Mike7 wrote:musher0-
775
Thanks. What do the digits stand for?

M.
Hi Mike7

4 means read
2 means write
1 means execute

You add them up to get the permissions you want for a file.
4 + 2 + 1 = 7 = read + write + execute
4 + 2 = 6 = read and write
4 + 1 = 5 = read and execute.

There are three columns:
First colum is for user
Second column is for group
Third column is for world

So

Code: Select all

chmod 775 my-script.sh
means
the script my-script.sh has read, write and execute permissions for user
and group, but only read and execute permissions for world.

This article nicely sums it up:
https://www.cyberciti.biz/faq/unix-linu ... on-command

But you'll find many other similarly good explanations through a search
engine such as ask.com:
http://www.ask.com/web?qsrc=1&o=0&l=dir ... archTopBox
searching for "chmod" or "linux file permissions".

~~~~~~~~~
Personal note:
AFAIK, 1 by itself is never used, since a file needs to be read by the
system to be executed. Same reasoning for 2 by itself.

Also, 777 should be a no-no. We never want the whole world to have
access to our files.

~~~~~~~~
Puppy specific note:
I notice that the permissions in Puppy's
/initrd/pup_ro2/bin are typically -rwxrwxr-x i.e. 775.

As a reminder, the "ro" in /initrd/pup_ro? means "read only". The files in
/initrd are in the main Puppy sfs or a regular sfs, and if you query the
permissions of those sfs files, you get (using my slim-6 Puppy as ex.)
cd /initrd/mnt/dev_save/slim-6
ls -Al *.sfs
-rw-r--r-- 1 root root 52224000 mai 13 2016 adrv_slim_6.sfs
-rw-r--r-- 1 root root 119922688 mai 14 2016 devx_slim_6.sfs
-rw-r--r-- 1 root root 142274560 mai 13 2016 puppy_slim_6.sfs
-rw-r--r-- 1 root root 3706880 jui 29 17:42 tcltk-8.6.6_6.sfs
-rw-r--r-- 1 root root 81416192 mai 13 2016 zdrv_slim_6.sfs
In chmod's numeric code, rw-r--r-- means "644". Which means in plain
English: user has read and write permissions, group and world have only
read permissions. Please note that the "execute" permission is NOT there.

To come back to our safety concern, that means that only you, the user,
can edit Puppy sfs files. Even if some kiddo from outside would
apparently (to his /her eyes) manage to change, say, the permissions on
the "busybox" executable within the main sfs while your Puppy is in
operation, it wouldn't register because only you can edit the sfs
housing it; indeed, this sfs is "read only" to the outside world and even to
another member of your group.


~~~~~~~~

IHTH
Last edited by musher0 on Sun 15 Jan 2017, 18:46, edited 1 time in total.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#107 Post by Mike7 »

musher0-
4 means read
(etc.)
Thank you for this clear and very helpful explanation of permission notations. I never understood them clearly before.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#108 Post by musher0 »

My pleasure!
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#109 Post by greengeek »

Sounds like they caught the guy that hijacked the German routers:
http://www.bbc.com/news/technology-37510502

User avatar
Mike7
Posts: 400
Joined: Tue 19 Feb 2013, 00:31

#110 Post by Mike7 »

greengeek-
Sounds like they caught the guy that hijacked the German routers
One. But these hackers divide and multiply like amoebas.

M.
Carolite-1.2 w/FF38 on bootable 16G flash drive; Asus eeePC 1000HA, Atom CPU, 2G RAM, 160G HDD.

Post Reply