The Null Device

Unix shell scripting malware

An interesting article looking at the potential of UNIX shell script viruses. Shell scripts run on many architectures, and (along with C compilers) can be used to custom-build exploits and rootkits for the specific platform; while no such virus has been wildly successful yet, the potential is there.

(Of course, there's an easy way to defang many of them: remove the C compiler from your servers/front-line machines, which would make building exploits rather impossible. A malicious script could still download precompiled exploits from a website; though if you run your servers on something weird, it may not be able to find one; if crackers had to precompile exploits, they would probably go mostly after the 95% of machines which run Red Hat Linux on a x86 or something equally common.)

There are 5 comments on "Unix shell scripting malware":

Posted by: mike_farahbakhshian Tue Jun 11 13:00:20 2002

Not so easy. A lot of commercial unices require a cc on the system to do kernel rebuilds/relinks/et al after patch upgrades... and the patching program (*cough*dupatch*cough*) is too dumb to consider that maybe you could cross-compile a kernel elsewhere and move it.

Posted by: kenny http:// Tue Jun 11 17:31:39 2002

<img src="">

Posted by: Toby Wed Jun 12 14:46:22 2002

Ah yeah thanks for that Kenny. Always nice to see the NSA getting some free publicity, God knows they need it with shrinking military budgets this xmas and all.

And yes, Andrew, the Reg certainly brought the concept of "security by weird-ass hardware" idea into the mainstream. I ran a NetBSD/SPARC gateway for a while but life was too boring without intrusions. Even now I've switched to juicy Linux/x86, all I see are TCP wrapper refusals. (Touch wood:)

Now if I can just get UNIX running on this PDP-11 I'll have a flamin secure bastion host. :P

Posted by: acb Wed Jun 12 15:01:08 2002

The guy who hosted a while back has a Vax of some sort running OpenBSD.

Posted by: Toby Sat Jun 15 15:52:16 2002

I've fired up NetBSD on at least one of my VAXes. My Alphas run Debian Linux, of course. My PDPs will *eventually* run something like 6th ed. UNIX - or 2.9BSD - they are small UNIBUS models of 11/34 and 11/20 ilk. Working disk subsystems are going to be a big hurdle.