Test a handful, the results show 360 basic to Linux community norms and security common sense does not give a fuck.
Random packing
First of all, this Deb package is a random package, the dependency is not ready:
$ dpkg-deb-i 360safeforlinux-3.0.0.66-stripped.deb [...] Package:360safeforlinux version:3.0.0.66 architecture:amd64 maintainer:qihu360 company installed-size:23617 Depends: LIBC6 (>= 2.14), libglib2.0-0 (>= 2.38), python2.7 (>= 2.7.6), OpenSSL (>= 1.0), Curl,libqt4-network (>= 4.8.5), Libqt4-sql (>= 4.8.5) section:gnome priority:required essential:yes description:360 safe for Linux
But also actually relies on libpython2.7 and LIBQTGUI4 two libraries are not indicated, want me to fix manually.
Misuse of Essential
This package also creates the hassle of uninstalling by abusing the essential tag.
[Email protected]:/home/user# apt-get Remove 360safeforlinux[...] The following packages would be removed: 360safeforlinuxwarning:the following essential packages would be removed. This should isn't being done unless you know exactly what is doing! 360safeforlinux[...] **you is about to does something potentially harmful.**to continue type in the phrase ' Yes, do as I say! '?] Abort. [Email protected]:/home/user# aptitude Remove 360safeforlinuxThe Following packages would be removed: 360safeforlinux [...] The following ESSENTIAL packages'll be removed! 360safeforlinux warning:performing This action would probably cause your system to break! Do not continue unless you know exactly what is doing! To continue, type the phrase "I'm aware that's a very bad idea":
With regard to the essential packaging policy, Debian and Ubuntu are reserved only for the most essential packages.
Feel free to use setuid
After the installation of dpkg configuration, its postinst script is added directly to the setuid. Using setuid so casually, can you claim to be safe?
If ["$" = "Configure"];then chmod u+s/opt/360safeforlinux/s360safeforlinux[...] Fi
This means that if you run this thing with normal user privileges, it will become root:
[Email protected]:~$ iduid=1000 (user) gid=1000 (user) groups=1000 (user), (CDROM), (floppy), (audio), (DIP), 44 ( Video), (plugdev) [email protected]:~$ start360 &[1] 4512[email protected]:~$ pstree-uinit─┬─dhclient ├─5*[ Getty] ├─login───bash (user) ───startx───xinit─┬─xorg (root) │ └─x-window-manage[...] ├─URXVTD (user) └─urxvtd (user) ─┬─bash───start360 (root) ─┬─{backendtaskthre} │ ├─{browserhomepage} │ ├─{cpumemusestate} │ ├─{filewatcher} │ ├─{isolatezone} │ ├─{ Logcleanthread} │ ├─2*[{mythread}] │ ├─{vdupload} │ └─3*[{start360}] └─bash───pstree
Kernel modules?
Dpkg's prerm script also has strange things:
Rc= ' Lsmod | grep "rk360" | Xargs echo ' If [-n ' $rc '];then rmmod rk360 2>/dev/null 1>&2 Rm-rf/etc/360safe/360safe.ko 2>/dev/n ull 1>&2firc= ' Lsmod | grep "Immu" | Xargs echo ' If [-n ' $rc '];then rmmod immu 2>/dev/null 1>&2 Rm-rf/etc/360safe/immu.ko 2>/dev/null 1 >&2fi
360 not only does it not satisfy root privileges, but also uses kernel modules? However, these two kernel modules are not found in this use.
The strange state of running
Start360 starts, and then there are two runtime monsters present:
- Save the PID to/etc/360safe/360safeforlinux.pid. Will you abide by FHS?
- Crazy scan system files, powertop show idle state 30 wake per second, notebook battery life is dead. Will you use INotify?
The truth of the function
It provides a number of features.
License Enumeration
360 only a little hard work, is a lot of non-GPL license:
license/zlib_license.txtlicense/c-ares_license.txtlicense/qt_license_lgpl.txtlicense/unrar_license.txtlicense/ sqlite_license.txtlicense/elftoolchain_license.txtlicense/libcurl_license.txtlicense/7-zip_license.txtlicense/ boost_license.txtlicense/openssl_licnese.txtlicense/minizip_license.txtlicense/jsoncpp_license.txtlicense/ Protobuf_license.txtlicense/noto Fonts_license.txtlicense/qt_lgpl_exception.txt
So people have no right to ask for source code. However, a security product unfairly open source code, and then use setuid to take root and to engage in kernel modules, who knows what you want to do? In short, 360 of Linux community norms and security knowledge basic not give a fuck.
Why is there a lack of safety knowledge?
First of all, with setuid to a graphical network program to the overall right to root is a self-feeding loophole, the whole body is a hole, as long as the discovery of a, is the remote root.
Second, the user interface will never need root, the right to take specific actions specific configuration has Polkit, update system configuration file can have Facl can have selinux/apparmor, kernel-level file scanning can have AUDITD, These mechanisms do not require a user interface that is run as root to create a huge attack surface.
Third, running a binary file downloaded with root privileges is the origin of all viruses. This is especially true if there is no source code to audit, and no digital signature to verify authenticity.
Note: This site has some changes to this article. Originally from: http://www.v2ex.com/t/158380
- This article from: Hobby Linux Technology Network
360 Security defender for Linux usage results