Thursday 23 June 2011

The Dangers of Untrusted Sources...

Further to my recent post on Linux security, I stumbled upon a stark reminder of the importance of staying vigilant when installing any package from an untrusted source.

It seems that a few weeks ago, a member of the Ubuntu Forums fell foul of one of those unscrupulous scumbags that would do harm to others for no reason other than his (or her) self-gratification. Fortunately the victim of this pernicious act was public-spirited enough to recount the experience in order to spare others from the pain and inconvenience of trashing their hard-drives.

Three weeks ago, Rasa1111 downloaded a .deb file from the Gnome-look website believing it to be an innocent theme package. Unfortunately, the author had included the dreaded rm -rf / command in the postinst script - this command (run as root) will delete any writable directory mounted at the time it is executed. You definitely don't want to run this command - ever!

So, be careful and vigilant and you will stay safe; but never let your guard down.

Sources & References:

No comments:

Post a Comment