[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Fri Apr 17 19:50:25 UTC 2009
Rob Townley <rob.townley at gmail.com>

On Fri, Apr 17, 2009 at 2:30 PM, Robert Heller <heller at deepsoft.com> wrote:
> At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list <centos at centos.org> wrote:
>
>>
>> On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva <ssilva at sgvwater.com> wrote:
>> > on 4-17-2009 9:33 AM Lanny Marcus spake the following:
>> >> On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
>> >> <CentOS4Bill at triad.rr.com> wrote:
>> >>> On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
>> >>>> On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters-ee4meeAH724 at public.gmane.org> wrote:
>> >>>> <snip>
>> >>>>> My experience is that when browsing on any OS and you come across an
>> >>>>> error message stating that your computer is infected and you need to
>> >>>>> install such and such software, the web site I was visiting has an XSS
>> >>>>> exploit that was taken advantage of to try and get you to manually
>> >>>>> install a piece of malware.
>> >>>>>
>> >>>>> Install the FireFox extension "noscript" and be very careful about what
>> >>>>> domains you authorize scripting from.
>> >>
>> >> I now have NoScript installed.
>> >>
>> >> <snip>
>> >>> You might want to also check your preferences. FF has settings about
>> >>> warning about fraud sites etc. You also can affect the things that
>> >>> javascripts can do and suppress pop-ups. I've encountered those things
>> >>> that you mentioned and gotten no ill-effects since I just leave the site
>> >>> immediately.
>> >>
>> >> Bill: I will double check the Firefox configuration settings, since I
>> >> upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
>> >> to visit that web site, so if anything bad is coming from it (without
>> >> the knowledge of the webmaster) I will hopefully avoid it, with the
>> >> NoScript Firefox extension which I just installed. Lanny
>> >
>> > Noscript will give you an idea of just how many sites run a script of some
>> > kind. You will see a large part of sites just look different when the scripts
>> > don't run, and some don't function at all. Not that it is a bad thing, it will
>> > just make you think a lot.
>> >
>> >
>> > _______________________________________________
>> > CentOS mailing list
>> > CentOS at centos.org
>> > http://lists.centos.org/mailman/listinfo/centos
>> >
>> >
>>
>> Remember the NeXT step days (for me, mid 90's) when a single
>> executable binary file contained both intel and PowerPC/Motorola code.
>>  When clicked, it would execute the intel code on the intel platform
>> and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
>> think it would be cool to have Portable App executables that run under
>> both Linux and Windows because life would be easier, but the security
>> problem would be too much of a downside -- a single binary that roots
>> both Linux and Windows.
>
> There is something called a StarKit that can be used to encapsulate
> Tcl/Tk programs. The StarKit can be treated as an executable that will
> run on any machine with a suitable Tclkit installed.  It is also
> possible to combine the Tclkit with the StarKit, creating a StarPack,
> which is a self-contained executable.
>
>>
>> It is easy to write an executable binary for Linux that ends in .exe -
>> so that is don't think that is any protection at all.
>
> Linux does not care about file *names*.  A file is executable if its x
> bit is set AND it is recognized as an executable.  That is one of:
>
> 1) file with the magic 'ELF' header (the # bits, bit order, and arch
> have to match what your kernel can deal with)
> 2) a Java jar file (if you have Java installed and configured for this usage)
> 3) a MS-Windows executable (if you have Wine installed AND the path is
> somewhere that maps to a MS-Windows drive AND Wine is configured for
> this usage)
> 4) an ASCII file with a '#!' as its first line and the path there names an
> executable file.
>
> MacOSX also supports 'universal binaries' (binaries that run on Intel or
> PowerPC processors).
>
>>
>> Clicking "Cancel" on these dialogs or X could still launch the
>> executable - safest thing to do would be to kill firefox.
>>
>> Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
>> against wine and even more so against the Internet Explorer
>> whatchamacallit for Firefox including on wine.
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>
> --
> Robert Heller             -- 978-544-6933
> Deepwoods Software        -- Download the Model Railroad System
> http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
> heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Robert Heller, excellent post!