Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!jarthur!bridge2!mips!pacbell.com!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: mchinni@PICA.ARMY.MIL (Michael J. Chinni, SMCAR-CCS-W) Newsgroups: comp.virus Subject: Re: UNIX & Viruses (UNIX) Message-ID: <0002.9104161744.AA06733@ubu.cert.sei.cmu.edu> Date: 11 Apr 91 16:06:14 GMT Sender: Virus Discussion List Lines: 32 Approved: krvw@sei.cmu.edu ethan@thinc.COM (Ethan.Lish@THINC.COM) writes: > The simplest form of a *NIX virus is : > cp $0 . > Now *every* *NIX platform I know of will run this "virus" > P.S. **NOTE DO NOT RUN THIS VIRUS, SO I DON'T HAVE TO SAY "I TOLD YOU SO"** Given the usual definition of a virus (i.e. Cohen's formal definition of a virus as roughly stated by spaf@cs.purdue.edu (Gene Spafford)) as: "code that makes a (possibly modified) copy of itself in another program" and assuming that Ethan was serious about "cp $0 ." being a virus. How is "cp $0 ." a virus? On my systems all that will do is copy your Current Shell Interpreter (CSI) to your current directory. In my case that was the same as doing "cp /bin/sh .". I see no way that could be considered a virus. This is not even a security risk in and of itself. It WOULD be a security risk if: 1) your local superuser had "." before "/DIR" in their PATH/path (where "/DIR" is the path of the directory where the CSI is) because if: 1) you do the "cp $0 ." 2) you change your copy of the CSI to add malicious code 3) you get your local superuser to go into your home directory as root and run your copy of the CSI you could get full root privileges (assuming your malicious code did this) and this IS a security breach. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Michael J. Chinni US Army ARDEC - - - - - - - - - - - - - - - - "To Do is To Be" Socrates "To Be is To Do" Plato "Do Be Do Be Do" Sinatra /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/