Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 685 — #711
i
i
i
i
i
i
i
i
26
Security in the Network
the programmer), rather than just processing user data. A bug of this kind
may have serious consequences, especially if the program is being executed
with special privileges (see Section 26.7.1 on page 683).
Format string bugs work in a slightly different way, but again it is the user
input that could lead the program astray. In most cases, these programming
errors are exploited with programs executed with special permissions —
setuid and setgid programs — which also means that you can protect your
data and your system from such bugs by removing the corresponding exe-
cution privileges from programs. Again, the best way is to apply a policy of
using the lowest possible privileges (see Section 26.7.1 on page 683).
Given that buffer overflows and format string bugs are bugs related to the
handling of user data, they are not only exploitable if access has been given
to a local account. Many of the bugs that have been reported can also be
exploited over a network link. Accordingly, buffer overflows and format
string bugs should be classified as being relevant for both local and net-
work security.
Viruses
Contrary to what some people say, there are viruses that run on Linux.
However, the viruses that are known were released by their authors as
a proof of concept to prove that the technique works as intended. None of
these viruses have been spotted in the wild so far.
Viruses cannot survive and spread without a host on which to live. In our
case, the host would be a program or an important storage area of the sys-
tem, such as the master boot record, which needs to be writable for the pro-
gram code of the virus. Owing to its multiuser capability, Linux can restrict
write access to certain files, especially important with system files. There-
fore, if you did your normal work with root permissions, you would in-
crease the chance of the system being infected by a virus. In contrast, if you
follow the principle of using the lowest possible privileges as mentioned
above, chances of getting a virus are slim.
Apart from that, you should never rush into executing a program from
some Internet site that you do not really know. SUSE’s RPM packages carry
a cryptographic signature as a digital label that the necessary care was
taken to build them. Viruses are a typical sign that the administrator or the
user lacks the required security awareness, putting at risk even a system
that should be highly secure by its very design.
Viruses should not be confused with worms, which belong to the world of
networks entirely. Worms do not need a host to spread.
685SUSE LINUX Enterprise Server