On Wed, 17 Jul 2019 21:28:25 -0500
golinux@??? wrote:
> EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
>
> https://thehackernews.com/2019/07/linux-gnome-spyware.html
Using Openbox, I have the advantage of not depending on the actual
Gnome desktop, meaning I can prevent the creation of directory
~/.config/gnome-software. Which means, I can (and did) create
~/.cache/gnome-software as a *regular file*, chmod 700, sporting chattr
+i and chattr +u:
In order for the virus to install
~/.cache/gnome-software/gnome-shell-extensions/gnome-shell-ext , this
virus will need to delete regular file gnome-software, create directory
gnome-software, and it will need to reverse the +i and +u (+u prevents
deletion).
I might in addition run a cron job every minute to test for
~/.cache/gnome-software/ still being a regular file.
Now I don't know what actual Gnome users, who need a *directory*
called ~/.cache/gnome-software, are going to do to defend themselves,
but (schadenfreude) that's their problem. For years (a decade in the
case of KDE), complexity seekers have pinned all sorts of epithets on
me because I won't use monolithically complexified messes KDE and
systemd, and I make only minimal use of Gnome apps and libraries: Less
as time goes on. I told them about complexity, they wouldn't listen, so
let *them* figure how to defend themselves (it wouldn't be that hard,
but...).
> I so wish that systemd had also been mentioned as an accomplice. :D
For the knowledgeable among us, the systemd accomplice goes without
saying, because today's Gnome is nothing more or less than a systemd
proxy.
SteveT
Steve Litt
July 2019 featured book: Troubleshooting Techniques
of the Successful Technologist
http://www.troubleshooters.com/techniques