Slashdot Mirror
Torvalds Creates Patch for Cross-Platform Virus
Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."
Gotta admire how Linus calls a spade a spade even when that spade is a Good Thing. Imagine how MS would spin this if it happened to them.
that's one up for good ol' fashioned hacking...
An old-timer with old-timey ideas.
If Bill Gates had said that he proved this virus doesn't work on Windows, we're supposed to believe him, too?
If it is a bug in the ABI relating to the kernel, you may have a problem. Binary apps such as those old Loki-ported games, or binary apps such as Oracle might have odd problems.
So it really is a good thing to patch.
Just because a bug is uncovered by a virus doesn't mean that it is not a bug.
LedgerSMB: Open source Accounting/ERP
Well, let's see...
At the most, some of his personal files may be modified... or all of them deleted, just after it reads the email addresses of all of your friends out of your mail dir and starts sending itself along.
or his keystrokes loggedYou mean like trojaning you into giving over your precious, will-protect-me-from-all-harm root password?
the virus may use his machine to propagate to other machinesThat's why they call it a virus.
Well I guess from a software development standpoint, "fixing" the kernel would be the right thing to do. True, this fix does allow the virus to propagate, but the fix makes the kernel work properly. A virus is a program after all, and it should work properly in the operating system just like any other piece of software. :-)
Having a smoking section in a public restaurant is like having a peeing section in a public swimming pool.
Yes, behold the beauty of the power of open source. Bugs get fixed quickly, even bugs that deal with virusses.
home
I really wonder what people understand by virus these days. Many "viruses" are just regular program that write files, etc. Those windows worms, for example. They're just executables that people double click because of some social-engineering trick, they get all your email adresses and auto-send themselves to your friends (or alternatives, like a virus which autosends itself using the messenger plugin apis. Those are allowed operations - getting a list of your contacts, sending an email. In this field there's no safe operative system: you can do the same with linux (use .desktop files for it).
I don't see how linux is "vulnerable" after this patch. This "virus" is just a program, and as such it does things. Wether the things it does are considered as "viral" or not is another matter. What's the proposed "fix" to make linux invulnerable to this kind of "viruses", don't allow users to run programs??
In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.
if id lose all my personal files (mails, mp3s, documents, code) that would suck man. my root-owned files .... pfft, id just re-install the damn distro
For a typical home user, malware that wipes out the user's home directory can be absolutely devastating, while malware that only wipes out the operating system isn't really a big deal. The OS can be reinstalled fairly easily. Most of your personal data probably isn't backed up.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Someone e-mails you a virus file shell script / bat file and you run it.
It looks something like this:
#!sh
cd ~
rm -fr *
And on the windows side (batch file):
del *.*
You then run to the closest NEWS site and report that your computer doesn't work anymore and you lost all your files.
Oh no! New virus!
All the windows loving NEWS editors with a IQ of less than 80 pick it up and run with it.
Must be a slow news day.
I think that's what the grandparent was getting at. The average user (me included, come to think of it) doesn't bother running backups but should have a backup of the OS in the form of the install (or stupid "rescue") disks.
What I tried to imply is this mental picture: someone posted a virus for Linux, and Linus wasn't worried about PR or any implication of "Linux is insecure". Instead, he was worried about a kernel/gcc bug that was exposed by the virus, although the bug actually could help to defeat the virus. And he went on to fix the bug and let the virus run.
This is quite a picture that shows how a geek reacts. He only sees the technical side of everything and is honest about it. No politics, no B.S. And here comes the title: this is what we call geeks. It's getting silly to have to elaorate. I thought people would get it, although I wasn't expecting either an OT or an Insightful. But with both replies to my posting arguing how it should have been modded, it seems I have to do this silly thing. I should remember that insightfulness surely is related to length of the text.
Actually, it's easy to make a case that both had bugs. GCC made the assumption that the Kernel does not mess with user registers. Since the assumption was wrong (and not required to be true under the kernel spec), it is a bug in the compiler. Since the assumption was reasonable (although not required), it is a bug (or at least a wart) in the kernel. Hopefully, the GCC will eventually get patched, too.
//Information does not want to be free; it wants to breed.