Ecrire un virus pour Linux en 5 étapes...

Patrice Karatchentzeff

17/06/2009 à 13:56

Cumbalero a écrit :

Regis a écrit :

$ echo "please, cut and paste in root window: rm -rf /" | mail Cajoigooo
Voilà, un virus sans aucun clic de souris.

Admettons, sous Linux, que la commande soit tapée sous un
utilisateur quelconque (sauf root)

Non, seul root a des droits sur /

De toute façon, même en root, rm -rf / ne fonctionne pas (plus).

PK

--
      |      _,,,---,,_       Patrice KARATCHENTZEFF
ZZZzz /,`.-'`'    -.  ;-;;,_   mailto:
     |,4-  ) )-,_. , (  `'-'  http://p.karatchentzeff.free.fr
    '---''(_/--'  `-'_)

pehache-tolai

17/06/2009 à 14:46

On 17 juin, 13:21, Cumbalero wrote:

Regis a écrit :

>> $ echo "please, cut and paste in root window: rm -rf /" | mail Cajoigo oo
>> Voilà, un virus sans aucun clic de souris.

> Admettons, sous Linux, que la commande soit tapée sous un utilisateur
> quelconque (sauf root)

Non, seul root a des droits sur /

Et alors ? Vu que c'est récursif le rm va descendre dans
l'arborescence et enlever ce qu'il peut.

--
pehache

pehache-tolai

17/06/2009 à 14:48

On 17 juin, 13:56, Patrice Karatchentzeff
wrote:

Cumbalero a écrit :

> Regis a écrit :

>>> $ echo "please, cut and paste in root window: rm -rf /" | mail Cajoig ooo
>>> Voilà, un virus sans aucun clic de souris.

>> Admettons, sous Linux, que la commande soit tapée sous un
>> utilisateur quelconque (sauf root)

> Non, seul root a des droits sur /

sudo rm -rf /

De toute façon, même en root, rm -rf / ne fonctionne pas (plus).

rm -rf /* non plus ? ou rm -rf /lib, ou ....

--
pehache

Richard Delorme

17/06/2009 à 14:57

Le 17/06/2009 11:42, Regis a écrit :

Bruno Ducrot a écrit :
On 2009-06-14, Cajoigooo wrote:
Vouiii, bien sûre, Linux est une plateforme hautement sécurisée

On s'en branle, on n'est pas sous Linux.

Et que faites vous dans ce forum ?

Il c'est perdu en cherchant fr.comp.os.bsd.debats

--
Richard

Kevin Denis

17/06/2009 à 15:13

Le 17-06-2009, Patrice Karatchentzeff a écrit :

De toute façon, même en root, rm -rf / ne fonctionne pas (plus).

Tiens, chez moi, ça marche (c)

(copié collé d'un vieux message)
Instruisons nous:
:~$ rm -rf /
<snip>
rm: cannot remove `//usr/lib/locale/es_DO/LC_IDENTIFICATION': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_COLLATE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_CTYPE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_PAPER': Permission denied
<snip>
rm: cannot remove `//sbin/vconfig': Permission denied
rm: cannot remove `//sbin/ipmaddr': Permission denied
rm: cannot remove `//sbin/ifrename': Permission denied
rm: cannot chdir from `/' to `root': Permission denied
:~$
Ouais bof, ca n'est pas tres interessant...

Et en root?

:~$ su -
Password:
:~# rm -rf /
rm: cannot remove directory `//home': Device or resource busy
rm: cannot remove directory `//var': Device or resource busy
rm: cannot remove directory `//usr': Device or resource busy
rm: cannot remove `//dev/pts/0': Operation not permitted
rm: cannot remove `//sys/module/plip/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport_pc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport/refcnt': Operation not permitted
rm: cannot remove `//sys/module/nfsd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/exportfs/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_tcpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_udpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_timeout': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_grace_period': Operation not permitted
rm: cannot remove `//sys/module/sunrpc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/8139too/refcnt': Operation not permitted
rm: cannot remove `//sys/module/mii/refcnt': Operation not permitted
rm: cannot remove `//sys/module/crc32/refcnt': Operation not permitted
rm: cannot remove `//sys/module/vfat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/fat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/3c509/refcnt': Operation not permitted
rm: cannot remove `//sys/module/psmouse/refcnt': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_batch_expire': Operation
not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_batch_expire': Operation n
ot permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/antic_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_expire': Operation not per
mitted
rm: cannot remove `//sys/block/hdc/queue/iosched/est_time': Operation not permit
ted
rm: cannot remove `//sys/block/hdc/queue/read_ahead_kb': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/nr_requests': Operation not permitted
rm: `//sys/block/hdc/device' changed dev/ino: Operation not permitted
:~#

Bon, et maintenant?
:~# ls
-su: /usr/bin/ls: No such file or directory
:~# cd /
:/# echo *
boot dev home opt proc root sbin sys usr var
:/#

En fait, c'est tres surfait aussi, le rm -rf, il reste plein de choses.

--
Kevin

Le 17-06-2009, Patrice Karatchentzeff <p.karatchentzeff@free.fr> a écrit :

De toute façon, même en root, rm -rf / ne fonctionne pas (plus).

Tiens, chez moi, ça marche (c)

(copié collé d'un vieux message)
Instruisons nous:
kevin@slackwall:~$ rm -rf /
<snip>
rm: cannot remove `//usr/lib/locale/es_DO/LC_IDENTIFICATION': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_COLLATE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_CTYPE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_PAPER': Permission denied
<snip>
rm: cannot remove `//sbin/vconfig': Permission denied
rm: cannot remove `//sbin/ipmaddr': Permission denied
rm: cannot remove `//sbin/ifrename': Permission denied
rm: cannot chdir from `/' to `root': Permission denied
kevin@slackwall:~$
Ouais bof, ca n'est pas tres interessant...

Et en root?

kevin@slackwall:~$ su -
Password:
root@slackwall:~# rm -rf /
rm: cannot remove directory `//home': Device or resource busy
rm: cannot remove directory `//var': Device or resource busy
rm: cannot remove directory `//usr': Device or resource busy
rm: cannot remove `//dev/pts/0': Operation not permitted
rm: cannot remove `//sys/module/plip/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport_pc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport/refcnt': Operation not permitted
rm: cannot remove `//sys/module/nfsd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/exportfs/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_tcpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_udpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_timeout': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_grace_period': Operation not permitted
rm: cannot remove `//sys/module/sunrpc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/8139too/refcnt': Operation not permitted
rm: cannot remove `//sys/module/mii/refcnt': Operation not permitted
rm: cannot remove `//sys/module/crc32/refcnt': Operation not permitted
rm: cannot remove `//sys/module/vfat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/fat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/3c509/refcnt': Operation not permitted
rm: cannot remove `//sys/module/psmouse/refcnt': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_batch_expire': Operation
not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_batch_expire': Operation n
ot permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/antic_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_expire': Operation not per
mitted
rm: cannot remove `//sys/block/hdc/queue/iosched/est_time': Operation not permit
ted
rm: cannot remove `//sys/block/hdc/queue/read_ahead_kb': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/nr_requests': Operation not permitted
rm: `//sys/block/hdc/device' changed dev/ino: Operation not permitted
root@slackwall:~#

Bon, et maintenant?
root@slackwall:~# ls
-su: /usr/bin/ls: No such file or directory
root@slackwall:~# cd /
root@slackwall:/# echo *
boot dev home opt proc root sbin sys usr var
root@slackwall:/#

En fait, c'est tres surfait aussi, le rm -rf, il reste plein de choses.

--
Kevin

Vous avez filtré cet utilisateur ! Consultez son message

Le 17-06-2009, Patrice Karatchentzeff a écrit :

De toute façon, même en root, rm -rf / ne fonctionne pas (plus).

Tiens, chez moi, ça marche (c)

(copié collé d'un vieux message)
Instruisons nous:
:~$ rm -rf /
<snip>
rm: cannot remove `//usr/lib/locale/es_DO/LC_IDENTIFICATION': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_COLLATE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_CTYPE': Permission denied
rm: cannot remove `//usr/lib/locale/es_DO/LC_PAPER': Permission denied
<snip>
rm: cannot remove `//sbin/vconfig': Permission denied
rm: cannot remove `//sbin/ipmaddr': Permission denied
rm: cannot remove `//sbin/ifrename': Permission denied
rm: cannot chdir from `/' to `root': Permission denied
:~$
Ouais bof, ca n'est pas tres interessant...

Et en root?

:~$ su -
Password:
:~# rm -rf /
rm: cannot remove directory `//home': Device or resource busy
rm: cannot remove directory `//var': Device or resource busy
rm: cannot remove directory `//usr': Device or resource busy
rm: cannot remove `//dev/pts/0': Operation not permitted
rm: cannot remove `//sys/module/plip/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport_pc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/parport/refcnt': Operation not permitted
rm: cannot remove `//sys/module/nfsd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/exportfs/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/refcnt': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_tcpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_udpport': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_timeout': Operation not permitted
rm: cannot remove `//sys/module/lockd/nlm_grace_period': Operation not permitted
rm: cannot remove `//sys/module/sunrpc/refcnt': Operation not permitted
rm: cannot remove `//sys/module/8139too/refcnt': Operation not permitted
rm: cannot remove `//sys/module/mii/refcnt': Operation not permitted
rm: cannot remove `//sys/module/crc32/refcnt': Operation not permitted
rm: cannot remove `//sys/module/vfat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/fat/refcnt': Operation not permitted
rm: cannot remove `//sys/module/3c509/refcnt': Operation not permitted
rm: cannot remove `//sys/module/psmouse/refcnt': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_batch_expire': Operation
not permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_batch_expire': Operation n
ot permitted
rm: cannot remove `//sys/block/hdc/queue/iosched/antic_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/write_expire': Operation not pe
rmitted
rm: cannot remove `//sys/block/hdc/queue/iosched/read_expire': Operation not per
mitted
rm: cannot remove `//sys/block/hdc/queue/iosched/est_time': Operation not permit
ted
rm: cannot remove `//sys/block/hdc/queue/read_ahead_kb': Operation not permitted
rm: cannot remove `//sys/block/hdc/queue/nr_requests': Operation not permitted
rm: `//sys/block/hdc/device' changed dev/ino: Operation not permitted
:~#

Bon, et maintenant?
:~# ls
-su: /usr/bin/ls: No such file or directory
:~# cd /
:/# echo *
boot dev home opt proc root sbin sys usr var
:/#

En fait, c'est tres surfait aussi, le rm -rf, il reste plein de choses.

--
Kevin

David Marec

17/06/2009 à 21:28

Richard Delorme:

Il c'est perdu en cherchant fr.comp.os.bsd.debats

Parce que ce n'est pas ici ?

--
http://www.freebsd.org/fr/ http://david.marec.free.fr/
http://www.diablotins.org/

Ecrire un virus pour Linux en 5 étapes...

6 réponses

Veuillez sélectionner un problème