gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57534100.hantslug.org.uk.17934': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Wed Jun 13 13:15:07 2007 BST
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hi,
On Wed, Jun 13, 2007 at 06:45:45AM +0100, Jim Kissel wrote:
> "Blatent scaremonger
> Reader post by: GRMorgan
> Posted on: June 11, 2007, 8:33 AM PDT
> Story: OpenOffice worm Badbunny hops across operating systems
>
> So the macro virus drops a few scripts on a Linux box. Of course the
> article fails to mention that *all* scripts of Linux must be initialised
> as executable by the root account before they can be executed generally.
A user can make their own files executable..
> This already makes the Perl 'virus' totally ineffective unless the user
> has administrative access (not common on Linux, our applications are
> designed properly) and actively searches out and gives this script
> execution privileges.
>
> The python based X-Chat script can do more 'damage' since X-Chat will
> execute it directly. However it will still be limited by the standard
> defence mechanisms of the system and by X-Chat's own APIs.
I am not aware of any limitation in what a python script launched by
x-chat can do versus a python script launched by the user.
I certainly would not want things running as me without my
knowledge on any Linux machine, and wouldn't like to downplay the
seriousness of that as this comment does.
Cheers,
Andy
