:: Re: [DNG] EvilGnome spyware
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] EvilGnome spyware
On Wed, 17 Jul 2019 21:28:25 -0500
golinux@??? wrote:

> EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
>
> https://thehackernews.com/2019/07/linux-gnome-spyware.html


Using Openbox, I have the advantage of not depending on the actual
Gnome desktop, meaning I can prevent the creation of directory
~/.config/gnome-software. Which means, I can (and did) create
~/.cache/gnome-software as a *regular file*, chmod 700, sporting chattr
+i and chattr +u:

In order for the virus to install
~/.cache/gnome-software/gnome-shell-extensions/gnome-shell-ext , this
virus will need to delete regular file gnome-software, create directory
gnome-software, and it will need to reverse the +i and +u (+u prevents
deletion).

I might in addition run a cron job every minute to test for
~/.cache/gnome-software/ still being a regular file.

Now I don't know what actual Gnome users, who need a *directory*
called ~/.cache/gnome-software, are going to do to defend themselves,
but (schadenfreude) that's their problem. For years (a decade in the
case of KDE), complexity seekers have pinned all sorts of epithets on
me because I won't use monolithically complexified messes KDE and
systemd, and I make only minimal use of Gnome apps and libraries: Less
as time goes on. I told them about complexity, they wouldn't listen, so
let *them* figure how to defend themselves (it wouldn't be that hard,
but...).

> I so wish that systemd had also been mentioned as an accomplice. :D


For the knowledgeable among us, the systemd accomplice goes without
saying, because today's Gnome is nothing more or less than a systemd
proxy.

SteveT

Steve Litt 
July 2019 featured book: Troubleshooting Techniques
     of the Successful Technologist
http://www.troubleshooters.com/techniques