[svlug] LoveLetter reporting -- Microsoft, not computer, virus

dfox@belvdere.vip.best.com dfox at belvdere.vip.best.com
Fri May 5 18:00:03 PDT 2000


> Hands up, everyone who has installed a third-party .rpm or .deb which
> you did not download directly from your distributor or someone you trust
> with root access on your system.

Both hands up on this one. :)

I've installed several things as rpm's directly as root. Many times, I've
gotten the equivalent tar.gz source and installed it as root. Sure, rpm's
conceivably could contain script commands that could wreak havoc if run
as root -- so could configure scripts. Sure, I've looked at them, but
they're usually way too complex for the casual admin to expect them to
look closely for naughtiness before running them. At least with configure
you can do that more safely as a user, but you still have to become 
root to make install -- and the perp could put the dangerous stuff in
low-level make files.

But I suspect that if someone managed to do this they would be discovered
relatively quickly, and the word would be out fast that 'somepackage-1.2'
is a 'trojan' or 'virus' or what have you. After all, on the relatively
no-protection DOS BBS systems out there that I used to use, there were
relatively few actual viruses -- I've never managed to be bit by one when
downloading a DOS program -- and those that were found to be trojans were
things like new versions of PKZIP, and the word got around *fast* that
people knew to steer clear of them, and the BBS sysops would delete them
as soon as they got them.

> Er, no. /usr/doc takes forever to list because ext2 does not scale well
> to lots of files in a directory. ls uses extentions, not file magic.

ls also has to sort the filenames, format them into a listing format, and
format them, and since it has to get all filenames in a directory, it's at
least an N-process thing; the more filenames you have, the longer 
(linearly) the process will take. ext2 in and of itself has minimal
impact, beyond finding the directory in question, and being able to feed
the directory names to ls.

> see shy jo
------------------------------------------------------------------------
David E. Fox                     Census         Thanks for letting me
dfox at belvdere.vip.best.com        2000          change magnetic patterns
Be Counted: http://www.census.gov               on your hard disk.
-----------------------------------------------------------------------





More information about the svlug mailing list