When will M$-like attacks hit linux too ?

Here's just one of the scary reports [from the BBC]:-
} A visit to this website prompted an immediate re-direct to another
} site which popped up a box asking if we wanted to download the bogus
} security program.
}
} Sneakily this was an image rather than a Windows dialogue box so
} clicking anywhere on it, even the "cancel" button, got the download
} going.
}
} The download installed automatically and kicked off a tsunami of
} background downloading. The forensic software we had installed on the
} honeypot saw it connect to three or four other sites and start
} downloading from them - one was from a Thai hospital that was
} doubtless acting as an unwitting host.
}
} The software was so sneaky that it tried to stop this traffic being
} seen by injecting it into the processes usually used by the Internet
} Explorer. We knew this was the case because IE's homepage had been
} set to be blank - ie when it was running there would be no net traffic.
}
} The result of the installation was new toolbars on the IE browser, a
} whole list of new unwanted favourites, all web searches were hijacked
} and redirected plus pop-up adverts populated the desktop.

Whenever I've logged in as non-root, its been just a few minutes
before I've needed to do some thing which requires root permission.
So I always login as root.

These days I use FC1. My main inet use is doing a script of repeated
" lynx -dump <url> > <file> ", from an mc-terminal.
And sometimes gmail via live browser.

Can I just set the minimum 'something' to root permission to provide
some protection, and still log-in as root ?

Thanks for any info,

== Chris Glur.

In comp.os.linux.misc no-top-post:
> Here's just one of the scary reports [from the BBC]:-
[ doze sucks ]

> Whenever I've logged in as non-root, its been just a few minutes
> before I've needed to do some thing which requires root permission.
> So I always login as root.

Which does nothing else then pointing out your incompetence, use
'sudo', 'su' or even 'kdesu' or alike as anyone else does and
simply stop logging in as root to your wm.

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 430: Mouse has out-of-cheese-error

no-top-post wrote:
> Here's just one of the scary reports [from the BBC]:-
<snip>
> Whenever I've logged in as non-root, its been just a few minutes
> before I've needed to do some thing which requires root permission.
> So I always login as root.
<snip>
> Can I just set the minimum 'something' to root permission to provide
> some protection, and still log-in as root ?

What wrong with sudo or gksu, or even su -? What do you do that
requires constant root privileges?

On Thu, 25 Jan 2007 04:50:53 -0600, I waved a wand and this message
magically appears in front of no-top-post:

> Whenever I've logged in as non-root, its been just a few minutes
> before I've needed to do some thing which requires root permission.
> So I always login as root.

Incompentent sysadmins always log in root. Incompentent sysadmins don't
back up.
--
http://www.munted.org.uk

Fearsome grindings.

no-top-post writes:

> Whenever I've logged in as non-root, its been just a few minutes
> before I've needed to do some thing which requires root permission.
> So I always login as root.

You either have a very unusual usage pattern, or there's something
wrong with your configuration. You should only need root access when
doing system maintenance.

> These days I use FC1. My main inet use is doing a script of repeated
> " lynx -dump <url> > <file> ", from an mc-terminal.
> And sometimes gmail via live browser.

These certainly don't need you to be root.

> Can I just set the minimum 'something' to root permission to provide
> some protection, and still log-in as root ?

I don't understand what you're asking here.
--
Joseph J. Pfeiffer, Jr., Ph.D. Phone -- (505) 646-1605
Department of Computer Science FAX -- (505) 646-1002
New Mexico State University http://www.cs.nmsu.edu/~pfeiffer

santosh wrote:
> no-top-post wrote:
>> Here's just one of the scary reports [from the BBC]:-
> <snip>
>> Whenever I've logged in as non-root, its been just a few minutes
>> before I've needed to do some thing which requires root permission.
>> So I always login as root.
> <snip>
>> Can I just set the minimum 'something' to root permission to provide
>> some protection, and still log-in as root ?
>
> What wrong with sudo or gksu, or even su -? What do you do that
> requires constant root privileges?
>

I used to set the window background to flaming, shocking, neon pink
whenever I su'd as root. That alone kept the root stuff to a minimum. :-)

Maybe I'll go back to doing that....

How does one set the background color for xterm/uxterm/gnome-terminal
from a .bashrc file?

--Yan

On Thu, 25 Jan 2007 08:43:12 -0800, I waved a wand and this message
magically appears in front of CptDondo:

> How does one set the background color for xterm/uxterm/gnome-terminal
> from a .bashrc file?

Use -bg, it's that obvious. Try typing in 'man xterm', for a start.
--
http://www.munted.org.uk

Fearsome grindings.

["Followup-To:" header set to comp.os.linux.misc.]
On Thu, 25 Jan 2007 08:43:12 -0800, CptDondo staggered into the Black
Sun and said:
> santosh wrote:
>> What wrong with sudo or gksu, or even su -? What do you do that
>> requires constant root privileges?

Running X clients as root is almost always unnecessary and usually a bad
idea, as other posters have said.

> I used to set the window background to flaming, shocking, neon pink
> whenever I su'd as root. That alone kept the root stuff to a minimum.
> How does one set the background color for xterm/uxterm/gnome-terminal
> from a .bashrc file?

I don't know that it's possible for xterm. gnome-terminal, no idea, but
you might be able to use Bonobo in some way. konsole, like so:

# set up a FREAKING_PINK schema in konsole
# if KONSOLE_DCOP_SESSION isn't set, su wasn't invoked from a konsole,
# so you have to do something different.
dcop $KONSOLE_DCOP_SESSION setSchema "FREAKING_PINK"

....though there are some holes in DCOP, it can be used to do interesting
and nifty things sometimes. HTH,

--
I think I'll have to put on 500 pounds of subwoofers, amps, and other
delicious herbs. --MegaHAL, trained on ASR
Matt G|There is no Darkness in Eternity/But only Light too dim for us to see

Alex Buell wrote:
> On Thu, 25 Jan 2007 08:43:12 -0800, I waved a wand and this message
> magically appears in front of CptDondo:
>
>> How does one set the background color for xterm/uxterm/gnome-terminal
>> from a .bashrc file?
>
> Use -bg, it's that obvious. Try typing in 'man xterm', for a start.

What I'd like to do is to change the background of an already running
xterm on executing 'su'.

On 2007-01-25, CptDondo <(E-Mail Removed)> wrote:

> How does one set the background color for xterm/uxterm/gnome-terminal
> from a .bashrc file?

I just set my prompt to turn magenta whenever I su - by putting this
line in root's .bashrc.

export PS1='\[\033[1;31m\]\u \w>\[\033[m\]'

My usual prompt is cyan and I use a black background, so it's easy to
tell when I'm su'd and it's a good reminder to not remain so any
longer than necessary. Naturally, you will change the above to suit
your own preferences.

nb