> There are two problems I see here. First, there are several known ways
> to elevate privileges.
Fixable, except from guessing the root password which is hard.
> If a virus can elevate privileges, then it owns
> you. Second, this is a multi-OS virus. If you dual-boot into Windows,
> any ELF files accessible can be infected. With this one, that isn't a
> prob, but when somebody codes in an ext2 driver to their virus, then
> we've got issues.
And the only cure then is not make your linux fs accessible from
windows. I.e. not on a disk for which windows have a driver
installed. Preferably not the same computer.
Or simply "don't run untrusted executables under windows". Do
so in linux only, where protection applies. Do anybody ever
_need_ to run a program they got in the mail?
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/