Slashdot Mirror


Torvalds Creates Patch for Cross-Platform Virus

Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."

14 of 195 comments (clear)

  1. mis-feature by Douglas+Simmons · · Score: 4, Insightful

    Gotta admire how Linus calls a spade a spade even when that spade is a Good Thing. Imagine how MS would spin this if it happened to them.

  2. This is what we call geeks by microbee · · Score: 5, Insightful

    :)

  3. one-man army by caffeinemessiah · · Score: 2, Insightful
    goes to show that if one person has complete mastery over a piece of code (e.g. the kernel), and if they're decently competent, they should be able to fix it very quickly and very soon. imagine this floating around a programming group -- being passed from one person to the next, each with their partial understanding of the whole system.

    that's one up for good ol' fashioned hacking...

    --
    An old-timer with old-timey ideas.
    1. Re:one-man army by Skiron · · Score: 3, Insightful

      Not only the 'one' person, but a clean code base that makes a small fix. I expect the others would need a few hundred MB patch and lots of breakage/bundled/undocumented updates to fix it (as normal).

    2. Re:one-man army by rbochan · · Score: 5, Insightful

      what prevents each member of a programming group from having "complete mastery" of the kernel?

      2 words:

      middle management

      --
      ...Rob
      The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
  4. Re:On the other hand... by DrJimbo · · Score: 2, Insightful
    AC said:
    If Bill Gates had said that he proved this virus doesn't work on Windows, we're supposed to believe him, too?
    Sure, if he shows us the source code.

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin
  5. You don't really know that it is a good thing by einhverfr · · Score: 2, Insightful

    If it is a bug in the ABI relating to the kernel, you may have a problem. Binary apps such as those old Loki-ported games, or binary apps such as Oracle might have odd problems.

    So it really is a good thing to patch.

    Just because a bug is uncovered by a virus doesn't mean that it is not a bug.

    --

    LedgerSMB: Open source Accounting/ERP
  6. Re:Does this mean... by skiman1979 · · Score: 3, Insightful

    Well I guess from a software development standpoint, "fixing" the kernel would be the right thing to do. True, this fix does allow the virus to propagate, but the fix makes the kernel work properly. A virus is a program after all, and it should work properly in the operating system just like any other piece of software. :-)

    --
    Having a smoking section in a public restaurant is like having a peeing section in a public swimming pool.
  7. Re:Bug Virus? by JamesTRexx · · Score: 2, Insightful

    Yes, behold the beauty of the power of open source. Bugs get fixed quickly, even bugs that deal with virusses.

    --
    home
  8. Re:Bug Virus? by Harik · · Score: 5, Insightful
    You do realize that the virus wasn't calling the explot_to_gain_root() syscall, right? It was doing file I/O to a specific file that it had already opened and gained access to. And that failed, because of a GCC bug that caused the kernel to tromp on the userspace registers.

    In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.

  9. AT MOST HIS PERSONAL FILES ????? by Anonymous Coward · · Score: 2, Insightful

    if id lose all my personal files (mails, mp3s, documents, code) that would suck man. my root-owned files .... pfft, id just re-install the damn distro

  10. Re:Viruses on Linux ??? by Phroggy · · Score: 2, Insightful

    For a typical home user, malware that wipes out the user's home directory can be absolutely devastating, while malware that only wipes out the operating system isn't really a big deal. The OS can be reinstalled fairly easily. Most of your personal data probably isn't backed up.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  11. Re:armageddon by microbee · · Score: 2, Insightful
    Well, technically it's the title, not the smiley, but who cares? Certainly how a posting is modded is more important than the topic itself, isn't it?

    What I tried to imply is this mental picture: someone posted a virus for Linux, and Linus wasn't worried about PR or any implication of "Linux is insecure". Instead, he was worried about a kernel/gcc bug that was exposed by the virus, although the bug actually could help to defeat the virus. And he went on to fix the bug and let the virus run.

    This is quite a picture that shows how a geek reacts. He only sees the technical side of everything and is honest about it. No politics, no B.S. And here comes the title: this is what we call geeks. It's getting silly to have to elaorate. I thought people would get it, although I wasn't expecting either an OT or an Insightful. But with both replies to my posting arguing how it should have been modded, it seems I have to do this silly thing. I should remember that insightfulness surely is related to length of the text.

  12. Re:Incorrect title by abb3w · · Score: 2, Insightful
    Technically, it appears to be a bug in GCC - Linus patched the kernel to work around the bug.

    Actually, it's easy to make a case that both had bugs. GCC made the assumption that the Kernel does not mess with user registers. Since the assumption was wrong (and not required to be true under the kernel spec), it is a bug in the compiler. Since the assumption was reasonable (although not required), it is a bug (or at least a wart) in the kernel. Hopefully, the GCC will eventually get patched, too.

    --
    //Information does not want to be free; it wants to breed.