how do you guys test all of the potential PNG/JPG potential malware payloadsÂ
On #debian at Libera.chat IRC network they suggested it was up to the >upstream software sources to I guess....somehow???...test the awful binary >formats possible that are out there...?I think whaf the person meant was that it's upstream who tries to mitigate bugs and create secure software. Some of them might test their viewer extensively for security too, eg with fuzzing or known bad images. Those developers often know how they
Davide Prina <Davide.Prina@null.net> writes:
Corey H wrote:What's your use-case? As I'm not aware of an vector for GNU/Linux in
how do you guys test all of the potential PNG/JPG potential malware payloads
normal everyday use¹, I guess you host files for Windows clients?
Did anyone mention ClamAV already? If so, please ignore me (sorry for
not following closely...).
- Sebastian
¹ One can execute every file on GNU/Linux. But the attack is that
execution of a file, not the file (otherwise we'd have to consider `rm', `gpg', `scp', and many more malware, too).
Corey H wrote:
how do you guys test all of the potential PNG/JPG potential malware payloads
how do you guys test all of the potential PNG/JPG potential malware payloads
What's your use-case? As I'm not aware of an vector for GNU/Linux in
normal everyday use¹, I guess you host files for Windows clients?
https://security-tracker.debian.org/tracker/source-package/imagemagick
If you're processing data (images, videos, audio files, etc) from
unknown sources, it's a really good idea to use sandboxing of some kind, ensure that sandboxes are never reused, and to ensure that only the most minimal state possible (e.g. the output of the processing job) is
preserved after execution. The sandbox can use things like seccomp and apparmor to enforce containment. Linux namespaces are useful as well: A private network namespace that doesn't have access to the outside world,
a private mount namespace that has a unique root file system (ideally read-only), etc.
Containers, as implemented by podman, docker, and systemd-container can
help here by providing convenient interfaces to these process isolation tools.
payloadshow do you guys test all of the potential PNG/JPG potential malware
What's your use-case?
Davide Prina <Davide.Prina@null.net> writes:
Corey H wrote:
how do you guys test all of the potential PNG/JPG potential malware payloads
What's your use-case? As I'm not aware of an vector for GNU/Linux in
normal everyday use¹, I guess you host files for Windows clients?
Did anyone mention ClamAV already? If so, please ignore me (sorry for
not following closely...).
- Sebastian
¹ One can execute every file on GNU/Linux. But the attack is that
execution of a file, not the file (otherwise we'd have to consider `rm', `gpg', `scp', and many more malware, too).
--
As I was walking down Stanton Street early one Sunday morning, I saw a chicken a few yards ahead of me. I was walking faster than the chicken,
so I gradually caught up. By the time we approached Eighteenth Avenue,
I was close behind. The chicken turned south on Eighteenth. At the
fourth house along, it turned in at the walk, hopped up the front steps,
and rapped sharply on the metal storm door with its beak. After a
moment, the door opened and the chicken went in.
(Linda Elegant in "True Tales of American Life")
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 02:43:33 |
Calls: | 6,666 |
Calls today: | 4 |
Files: | 12,212 |
Messages: | 5,335,606 |