best way to ensure './' is at beginning of sys.path?

Steve D'Aprano steve+python at pearwood.info
Sun Feb 5 21:19:21 EST 2017 

On Mon, 6 Feb 2017 09:26 am, Chris Angelico wrote:

> On Mon, Feb 6, 2017 at 9:07 AM, Steve D'Aprano
> <steve+python at pearwood.info> wrote:
>> As far as "regular backups", well, you're just not thinking deviously
>> enough. If I were to write a ransomware application, running as the
>> regular user, I would have the application encrypt files and emails just
>> a few at a time, over a period of many weeks, gradually increasing the
>> rate. By the time the victim has realised that their files have been
>> encrypted, their backups have been compromised too: you can restore from
>> backup, but you'll be restoring the encrypted version.
>>
> 
> If you commit everything to git

git is not a synonym for "version control system".


You're going to put the emails you send into subversion before hitting send?

What about the emails you receive?

How about graphic and video designers? Just how well does hg cope with
gigabytes of video data?

*Maybe* applications like LibreOffice could be integrated with VCS, and
that's actually not a bad idea, but for binary files that can get costly.
Yes, hard drives are big, but if every time you hit Ctrl-S on a 400K
spreadsheet you end up with another copy, plus overhead, that adds up
quickly. Not everyone is going to either want, or be able to, keep multiple
years worth of versioning data for all their content.

(Let's not forget that Android phones and tablets are Linux too. Some people
use Android as their main, or only, computing platform, with relatively
restricted resources. Not everyone has 10TB of storage on their computer.)


> and keep an eye on your diffs before you push, 

Every time you push a file, you're going to check whether every other file
in your home directory has changed?


> the encryption would have to be _extremely_ sneaky. For 
> starters, it'd have to infect the 'git' command, so it has all the
> same protections other people have been talking about.

Not at all. All it would need to do is mess with the git database behind the
scenes: when encrypting file X, delete all the diffs for X. Or simply
corrupt the repository.

If people did this, then there would be an arms race with others writing
software to repair the damage to the repository, or changing their backup
regimen to include backing up the repo history (if you're not already doing
this) but then the same problem applies: if the repo is corrupted subtly
enough, you may not notice until the backups are all corrupted too.

And of course, sometimes backups don't work...

https://www.theregister.co.uk/2017/02/01/gitlab_data_loss/


> It'd need to 
> somehow make the SHA1s match, or else simultaneously infect my system
> and whereever I'm pushing to (which is sometimes GitHub and sometimes
> my own server). So the first thing is to infect everyone's git so it
> accepts the corrupted files as well as the correct ones... AND it has
> to still be able to show diffs, or I'd notice it very quickly.

How will you notice? You edit file "funny_video_about_a_cat.mp4" and push it
into VCS. Meanwhile the malware encrypts "birthday_party_invites.doc",
pushes it into the repo *as you*, and once the encrypted version is there,
deletes all the past history for that file.

Because the encrypted version is now in the repo, you won't notice the file
has changed until you try to open it in the word processor. Which you might
not do until your next birthday, a year from now.

Unless you make a habit of studying *in detail* the complete history of
everything in the repo, *and* have a good enough memory to say "wait a
minute, I didn't edit that file on November 16th, something is suspicious",
a sufficiently sneaky and clever ransomware app will be able to subvert
your VCS.


Of course, so long as there are millions of Windows users with no backups,
there are easier fish to fry. But consider that not all malware is targeted
at arbitrary people. "Advanced Persistent Threats" may be targeted at you
specifically, for any value of "you".


> Is that still frightening complacency?

Talk is cheap -- do you actually push everything into VCS and regularly
check it for corruption and unexpected changes, or are you just suggesting
this is what you will do if and when such sneaky malware starts targeting
Linux users?

Personally I'm not losing any sleep over this -- but that's because I am
complacent, secure in the knowledge that I'm not important enough to have
the sort of enemies that will build an APT against me, and that ordinary
ransomware criminals have got easier targets to go after.

:-)



-- 
Steve
“Cheer up,” they said, “things could be worse.” So I cheered up, and sure
enough, things got worse.

More information about the Python-list mailing list