An interesting article looking at the potential of UNIX shell script viruses. Shell scripts run on many architectures, and (along with C compilers) can be used to custom-build exploits and rootkits for the specific platform; while no such virus has been wildly successful yet, the potential is there.

(Of course, there's an easy way to defang many of them: remove the C compiler from your servers/front-line machines, which would make building exploits rather impossible. A malicious script could still download precompiled exploits from a website; though if you run your servers on something weird, it may not be able to find one; if crackers had to precompile exploits, they would probably go mostly after the 95% of machines which run Red Hat Linux on a x86 or something equally common.)

Posted by: mike_farahbakhshian | http://mike.13th-floor.org | Tue Jun 11 14:00:20 2002

Not so easy. A lot of commercial unices require a cc on the system to do kernel rebuilds/relinks/et al after patch upgrades... and the patching program (*cough*dupatch*cough*) is too dumb to consider that maybe you could cross-compile a kernel elsewhere and move it.

Posted by: kenny | http:// | Tue Jun 11 18:31:39 2002

<img src="http://www.adage.com/images/random/lips01_big.jpg">

Posted by: Toby | http://www.adbusters.org/ | Wed Jun 12 15:46:22 2002

Ah yeah thanks for that Kenny. Always nice to see the NSA getting some free publicity, God knows they need it with shrinking military budgets this xmas and all.

And yes, Andrew, the Reg certainly brought the concept of "security by weird-ass hardware" idea into the mainstream. I ran a NetBSD/SPARC gateway for a while but life was too boring without intrusions. Even now I've switched to juicy Linux/x86, all I see are TCP wrapper refusals. (Touch wood:)

Now if I can just get UNIX running on this PDP-11 I'll have a flamin secure bastion host. :P

Posted by: acb | http://dev.null.org | Wed Jun 12 16:01:08 2002

The guy who hosted dev.null.org a while back has a Vax of some sort running OpenBSD.

Posted by: Toby | http://www.adbusters.org/ | Sat Jun 15 16:52:16 2002

I've fired up NetBSD on at least one of my VAXes. My Alphas run Debian Linux, of course. My PDPs will *eventually* run something like 6th ed. UNIX - or 2.9BSD - they are small UNIBUS models of 11/34 and 11/20 ilk. Working disk subsystems are going to be a big hurdle.

Want to say something? Do so here.

Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.

Display name:
URL:(optional)
To prove that you are not a bot, please enter the text in the image on the right in the field below it.

Your Comment:

Remember my details.

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.