I recently posted a blog that details apotential attack malware can use to bypass Vista's User Access Control(UAC) protection. What the attack really comes down to, however, isthat if you run any untrusted code under a user account, that useraccount can no longer be trusted. Any shortcuts or programs in thataccount may be infected, waiting for an opportunity to seize control.The problem is, this isn't a mistake on Vista's part; it's an artifactof the entire concept of user-separation. This time, I'm going todetail a similar attack against UNIX and Linux operating systems.
"Sudo" (super user do) is a command that can be used on Unix-basedoperating systems to allow a user to run certain programs with thehighest possible privilege (root). Sudo is similar to UAC in that itallows users to easily run programs with elevated privileges.
If a user runs a malicious program with a regular account, theprogram cannot install in a system-wide directory. On a...
For those of you who don't know orremember, a "companion virus" is a type of computer virus that tookadvantage of MS-DOS's filename matching. The companion virus wouldcreate a program with the same name as the "infected" file, but with adifferent extension, such as .com. For example, to infect a programcalled "innocent.exe," the virus could create one called "innocent.com"that would be, ironically, malicious rather than innocent. Once thevirus had infected innocent.exe, typing "innocent" into the commandline would invoke the first program found alphabetically,"innocent.com." Typically, the virus would execute the real program inaddition to running its payload, so as long as the virus was quickenough, the user wouldn't even know what had happened.
A similar concept is creating a program called "c:\program.exe." Ifthe user executed "c:\program files\innocent\innocent.exe," the program"c:\program.exe" could be run with "files\innocent\innocent.exe" as...
