Quote:
Originally Posted by eschwartz
In what way is an ext3 external hard drive/flashdrive partition with ebook files that can be written to by world, a security risk that will lead to my computer becoming part of a botnet?
|
Many penetrations come through lesser-privilege vectors, such as SSH/SMTP/POP/telnet via dictionary attacks, the web server, web apps, a user running infected downloads, and infected portable drives. Many of these penetrations do at least two things once they get in. First, they phone home with a summary of the executables on the machine to see if there are any unpatched local escalation vulnerabilities. Second, they scan the machine for writable executables and infect them, inserting themselves into them. The infection attempts to be persistent, remaining in memory and restarting after a boot, becoming a less-privileged bot. While it is running the scan happens whenever something new is mounted. If an executable is infected and then some other user ID runs one the infected executables then the process is repeated with the new permissions. If the infected programs are run on a different machine then the process starts anew. If root ever runs an infected exe then the machine is toast.
My assumption is that because we are talking about "calibre portable", the "drive" will be used in various machines and the drive contains the calibre executables. If any one of the machines is infected with something like described above then mode 777 calibre exes on the drive will be infected. The infection will transfer to any subsequent machine where the newly-infected program is run.
The basic way to plug this sort of lesser-privilege vulnerability beyond blocking the entry vectors is to ensure that executables (or other important system files such as crontabs or password files) cannot be modified except under controlled conditions. How you do this, or whether you do it at all, is up to you.