0 day exploits, flash exploits, malicious scripts in ubuntu enviroment with a strong sudo pasword

Discussion in 'all things UNIX' started by Gravius, Jul 27, 2015.

  1. Gravius

    Gravius Registered Member

    Joined:
    Jul 27, 2015
    Posts:
    1
    What would happen if ie there is a 0 day exploit in VLC and i open an infected file, or if i watch a stream which is exploting a flash vulnerabilty , or a script on a site that is malicious.

    I once read that i all those cases named the attacker or the malware could contiue with root priveleges and ie install a keylogger and from there own the victim completley.
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    The first prevention method is to install EMET 5.2 and, right after installation, select the "Recommended Settings", because it automatically creates profiles for the most commongly exploited programs such as Adobe Reader, Java, Word, etc. After that you can select Maximum Security, but that might have implications on older programs like GTA III or GTA Vice City, for example, so you might want to set DEP for "Application Opt-Out" instead of living it always on.

    Then, I'd do some research to see if VLC actually uses Flash for streams. But I don't think it does.
     
  3. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    How does EMET work in Ubuntu (named in the subject title and this is the Linux/Unix forum)?
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Oh, my bad! :p I didn't see this was the Unix forum heehehe.

    Well, EMET doesn't work on Linux. It's for Windows only.

    I think you can get the same functionality on Linux with SELinux or AppArmor.
     
  5. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    This is your answer.

    Assuming you have 64bit Ubuntu, these are some instructions you can follow:

    $
    mkdir Firejail 0.9.26
    $ cd Firejail*
    $ wget -O firejail.deb http://sourceforge.net/projects/firejail/files/firejail/firejail_0.9.26_1_amd64.deb/download && wget -O firejail.asc http://sourceforge.net/projects/firejail
    /files/firejail/firejail-0.9.26.asc/download
    $ sha256sum firejail.deb #verify this with the SHA value in firejail.asc file
    $ sudo dpkg -i *.deb

    Start VLC with the following command
    $ firejail vlc # start with firejail --debug vlc to see what are things being disabled/blocked or you can start with firejail --private vlc to discard any changes that have been made to the system when you close vlc

     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    To the OP:

    If the attacker wants root access, the quickest way would probably be to log your keystrokes next time you use sudo. Thats actually quite easy to do on Linux, from a limited account.

    Keep in mind though that most of what a hypothetical attacker would want is in your user account - and, more specifically, in your browser profile. They have access to your browser, they already have everything they need.

    There are a number of things you can do to reduce the risk - ad blocking, JS blocking, GrSec kernel. The first two are always worthwhile IMO. Not sure about the last though.
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    I understand that the OP was asking about securing VLC. UnknownK's advice is good: There is already a ready-to-use VLC profile in Firejail which drops all capabilities and provides a seccomp-bpf filter. And it's easy to blacklist any additional folders/files in your home if necessary.
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @summerheat

    Ahh, whoops. For some reason it didn't click that this was for VLC, not browser attacks.

    For that, yeah, AppArmor makes sense.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    The answer is, you don't need to worry about this.
    Mrk
     
Loading...