Apt-get :: Security of ap-get



As we all know from Windoz the ability to automatically install software is one of the biggest security holes in the universe.

May I suggest using the website trick of displaying a series of distorted letter and number graphics for people to type in as a foil against such an exploit?  The code won't take much space, but the graphics might be a problem in 50k.  Perhaps an auto install of the graphics from website, hard drive, USB key, or floppy at boot time.

Hope this helps...

EDIT: P.S. No, not "paranoia."  I just have a brother who is a security expert.  8-o
Could you possibly explain more? I don't understand how letters and numbers relate to apt-get, and apt-get to exploits... ???

I've never encountered a problem where downloading dependencies from a secure server was a security hole, so I must be misunderstanding your idea. (From what I gather, you're talking about somebody editting the sources file, and then executing sudo apt-get with a specific package to install it, and the garbled comfirmation would be the protection? If that's the case, usually somebody getting access to the sources file and sudo could do whatever they want anyway, but I'm likely completely misunderstanding your idea.)
Quote (crusadingknight @ July 08 2006,14:53)
Could you possibly explain more? I don't understand how letters and numbers relate to apt-get, and apt-get to exploits... ???

I've never encountered a problem where downloading dependencies from a secure server was a security hole, so I must be misunderstanding your idea. (From what I gather, you're talking about somebody editting the sources file, and then executing sudo apt-get with a specific package to install it, and the garbled comfirmation would be the protection? If that's the case, usually somebody getting access to the sources file and sudo could do whatever they want anyway, but I'm likely completely misunderstanding your idea.)

Go to Yahoo and sign up for an email account.  Scroll down the signup form, just before the Terms of Service agreement will be some random letters and numbers, distorted and with lines running through them.  Refresh the page and see a different collection of letters and numbers.

Each of those on Yahoo is a single graphic.  For DSL I would suggest graphics for each character.  The system would randomly select the files, copy them with randomly changed names and display a random number of them, from 8 to 16.  The distortion would prevent OCR and the random name would prevent file name analysis.  The random mumber of characters presented might be overkill, might not.

Ultimately, such a system could be defeated by determined and very skilled hackers.  But, it would keep out any script kiddies who manage to stumble into connecting to one's machine.  It would also warn one if someone inserts an instalation file into /root.

What I'm talking about is this:

the instalation portion of apt-get is a script that has no way of knowing if it was called by a human at the keyboard or by another script, possibly malicious.

The problem is very similar to a website that does not want robotware using the site.  So they show a word, collection of letters or numbers _as_graphics._  A robot can't see the graphics, so it can't respond properly (type in the word, letters or numbers).  The graphics are usually distorted in some way to prevent optical character recognition software from defeating the security.

Go sign up for a Yahoo mail account to see this in action.

BTW - If DSL did this, I think other distros would pick it up.  Nothing like imitation being the sincerest form of flattery...
Quote (newby @ July 08 2006,15:45)
the instalation portion of apt-get is a script that has no way of knowing if it was called by a human at the keyboard or by another script, possibly malicious.

I don't see why - anything with the permissions to use apt-get has the permissions to kill your hard drive using dd, rm -rf /, using wget to download it's own executable to download an exploit, etc. Once an intruder had that kind of permissions, I doubt they'd go about altering sources.list to get it, rather than simply installing or running their chosen exploit. apt-get is hardly a security risk... (if you have robotware running commands as root, then it's usually too late to rescue your system.) I have never heard of anyone who gained access to a machine wasting their time (before tripwire, etc. catches them) attempting to install exploits via apt-get.

All technical arguments aside - such inconveniences are very hard on those who are visually impaired.
Quote (crusadingknight @ July 08 2006,18:21)
Quote (newby @ July 08 2006,15:45)
the instalation portion of apt-get is a script that has no way of knowing if it was called by a human at the keyboard or by another script, possibly malicious.


I have never heard of anyone who gained access to a machine wasting their time (before tripwire, etc. catches them) attempting to install exploits via apt-get.

All technical arguments aside - such inconveniences are very hard on those who are visually impaired.

You're absolutely right about the visually imapired.  That's why the good sites have a link for an audio file.  Again, a robot is unlikely to be able to understand an audio file, only a human will.

You may be right that other exploits will be more attractive.  But, the last step in almost any exploit is the instalation step.  Put robust protection there and one will stop a lot of malware.  It's probably not even in ap-get, probably down in the kernel.
Next Page...
original here.