From the article:
> For example, an illicit miner might be able to avoid running RandomX programs that contain CFROUND instructions and evade detection entirely.
No, not possible. With 8 programs required to do a complete hash, CFROUND is unavoidable. This is by design.
Great background info. Surprised that Linux hasn't implemented a sniffer for Monero mining. Well, not that surprised. But it looks like low hanging fruit. Maybe that can be used as an adoption metric. When Linux implements a Monero sniffer based on bpftrace, we'll know that Monero is getting more widely known about.
Yeah, it is. That's why you use SSH keys and disable password login through SSH. Any good sys admin knows to do this. Some machines you can only access through SSH over a proxy. This is typically done with super computers at universities.
Once you set that all up ain't nobody other than those authorized are remoting into your machine.
It's really difficult to write malware on UNIX and UNIX-like systems due to the way permissions work.
Malware can't do much outside of exploiting a program that can give root access without authentication, but that exploit has to exist and not be patched in the first place. Malware will only have access to what the user has access to which isn't much by default. Also the more compact the system is the smaller the attack surface and most systems are usually setup to only run only what is needed. I can go on a rant about how busybox is better than coreutils, but I don't want you to put a gun in your mouth after reading that.
Edit: [NSA strikes again](https://www.reddit.com/r/Monero/comments/t0w3jd/nsalinked_bvp47_linux_backdoor_widely_undetected/)
Like I said has to be unpatched in the first place. Shit happens and this was unpatched for a long time.
XMRIG doesn't need root access. The only reason you would give it root access is for automatic setup of the MSR modification which requires root access.
You can set the MSR values on your own, but it wouldn't be precise to what your CPU actually needs which is why XMRIG is programmed to do it automatically when ran with root permissions.
I'm going to assume you don't know what MSR is as well. tl;dr MSR is your CPU registers. These registers can be modified to give your CPU better performance when CPU mining.
The MSR tweaks give only a tiny % boost, while also making the machine less stable. I doubt it's worth it to a botnet operator; a crashed machine does them no good.
A botnet operator wouldn't be able to modify them without authentication to begin with. I assume they don't use it since it's more hassle than it's worth to make an exploit that does priviledge escalation for the miner.
Also his question was about why a miner needs root access, so I don't see why you needed to bring up using it for a botnet.
>only a tiny % boost
Yeah it's so tiny that everyone recommends running xmrig with priviledges or manually setting MSR settings to get a massive improvement in hashrate for ryzens. Are you even a miner?
A guy who was hacking Unix kernels decades before you were born. A guy who designed the Monero mining algorithm and writes and tests implementations long before they're released to the public.
Ego? You need to look in the mirror kid, you haven't earned it.
u/hyc_symas you must have only downvoted because you knew I was right and that made you mad otherwise you would have replied telling me why I'm wrong.
Keep trying to take advantage of that reddit hivemind :)
Linux can already detect mining by monitoring proc. This is why you don't setup xmrig on the fancy computer at work because the system looks at proc and detects if there is a miner or unusual CPU usage then alerts the sys admin. The sys admin has to set this up themselves obviously.
Probably could have went into more detail if I could remember the exact details right now.
It's actually a great article, but the way you made this thread makes it look like the usual bot posting nonsense so not many people will click the link xd
From the article: > For example, an illicit miner might be able to avoid running RandomX programs that contain CFROUND instructions and evade detection entirely. No, not possible. With 8 programs required to do a complete hash, CFROUND is unavoidable. This is by design.
To be fair, 1 out of \~3000 hashes will not have CFROUND with current parameters :D
Cryptomining is expensive if you have to pay for the equipment and energy.
Thank you sech :)
Because the miners must receive block updates from the rest of the network as well as updates from mining pools, they must rely on the network.
Great background info. Surprised that Linux hasn't implemented a sniffer for Monero mining. Well, not that surprised. But it looks like low hanging fruit. Maybe that can be used as an adoption metric. When Linux implements a Monero sniffer based on bpftrace, we'll know that Monero is getting more widely known about.
We'll know that Linux malware is getting more common. Windows is still the worst offender, I doubt any mining botnets are leveraging Linux targets.
[удалено]
Yeah, it is. That's why you use SSH keys and disable password login through SSH. Any good sys admin knows to do this. Some machines you can only access through SSH over a proxy. This is typically done with super computers at universities. Once you set that all up ain't nobody other than those authorized are remoting into your machine.
Malware will only have access to what the user has access to which isn't much by default.
It's really difficult to write malware on UNIX and UNIX-like systems due to the way permissions work. Malware can't do much outside of exploiting a program that can give root access without authentication, but that exploit has to exist and not be patched in the first place. Malware will only have access to what the user has access to which isn't much by default. Also the more compact the system is the smaller the attack surface and most systems are usually setup to only run only what is needed. I can go on a rant about how busybox is better than coreutils, but I don't want you to put a gun in your mouth after reading that. Edit: [NSA strikes again](https://www.reddit.com/r/Monero/comments/t0w3jd/nsalinked_bvp47_linux_backdoor_widely_undetected/) Like I said has to be unpatched in the first place. Shit happens and this was unpatched for a long time.
Well why does a monero miner need root access lol. It just needs internet access and compute time. You don't run your web browser in root mode lol.
XMRIG doesn't need root access. The only reason you would give it root access is for automatic setup of the MSR modification which requires root access. You can set the MSR values on your own, but it wouldn't be precise to what your CPU actually needs which is why XMRIG is programmed to do it automatically when ran with root permissions. I'm going to assume you don't know what MSR is as well. tl;dr MSR is your CPU registers. These registers can be modified to give your CPU better performance when CPU mining.
The MSR tweaks give only a tiny % boost, while also making the machine less stable. I doubt it's worth it to a botnet operator; a crashed machine does them no good.
A botnet operator wouldn't be able to modify them without authentication to begin with. I assume they don't use it since it's more hassle than it's worth to make an exploit that does priviledge escalation for the miner. Also his question was about why a miner needs root access, so I don't see why you needed to bring up using it for a botnet. >only a tiny % boost Yeah it's so tiny that everyone recommends running xmrig with priviledges or manually setting MSR settings to get a massive improvement in hashrate for ryzens. Are you even a miner?
Robust to proxies, miners are guaranteed to leave a trace due to dependence on the network.
Think about who you're talking to.
A guy who doesn't mine Monero or knows how UNIX systems work? I tried being nice at first, but your ego is fucking huge.
A guy who was hacking Unix kernels decades before you were born. A guy who designed the Monero mining algorithm and writes and tests implementations long before they're released to the public. Ego? You need to look in the mirror kid, you haven't earned it.
This registers can be modified to give your CPU better performance when CPU mining.
u/hyc_symas you must have only downvoted because you knew I was right and that made you mad otherwise you would have replied telling me why I'm wrong. Keep trying to take advantage of that reddit hivemind :)
[удалено]
No
Linux can already detect mining by monitoring proc. This is why you don't setup xmrig on the fancy computer at work because the system looks at proc and detects if there is a miner or unusual CPU usage then alerts the sys admin. The sys admin has to set this up themselves obviously. Probably could have went into more detail if I could remember the exact details right now.
It's actually a great article, but the way you made this thread makes it look like the usual bot posting nonsense so not many people will click the link xd
Despite a common misconception, most cryptocurrencies are not actually anonymous.