Torvalds Creates Patch for Cross-Platform Virus
Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."
Gotta admire how Linus calls a spade a spade even when that spade is a Good Thing. Imagine how MS would spin this if it happened to them.
that's one up for good ol' fashioned hacking...
An old-timer with old-timey ideas.
We don't see the world as it is, we see it as we are.
-- Anais Nin
If it is a bug in the ABI relating to the kernel, you may have a problem. Binary apps such as those old Loki-ported games, or binary apps such as Oracle might have odd problems.
So it really is a good thing to patch.
Just because a bug is uncovered by a virus doesn't mean that it is not a bug.
LedgerSMB: Open source Accounting/ERP
Well I guess from a software development standpoint, "fixing" the kernel would be the right thing to do. True, this fix does allow the virus to propagate, but the fix makes the kernel work properly. A virus is a program after all, and it should work properly in the operating system just like any other piece of software. :-)
Having a smoking section in a public restaurant is like having a peeing section in a public swimming pool.
Yes, behold the beauty of the power of open source. Bugs get fixed quickly, even bugs that deal with virusses.
home
In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.
if id lose all my personal files (mails, mp3s, documents, code) that would suck man. my root-owned files .... pfft, id just re-install the damn distro
For a typical home user, malware that wipes out the user's home directory can be absolutely devastating, while malware that only wipes out the operating system isn't really a big deal. The OS can be reinstalled fairly easily. Most of your personal data probably isn't backed up.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
What I tried to imply is this mental picture: someone posted a virus for Linux, and Linus wasn't worried about PR or any implication of "Linux is insecure". Instead, he was worried about a kernel/gcc bug that was exposed by the virus, although the bug actually could help to defeat the virus. And he went on to fix the bug and let the virus run.
This is quite a picture that shows how a geek reacts. He only sees the technical side of everything and is honest about it. No politics, no B.S. And here comes the title: this is what we call geeks. It's getting silly to have to elaorate. I thought people would get it, although I wasn't expecting either an OT or an Insightful. But with both replies to my posting arguing how it should have been modded, it seems I have to do this silly thing. I should remember that insightfulness surely is related to length of the text.
Actually, it's easy to make a case that both had bugs. GCC made the assumption that the Kernel does not mess with user registers. Since the assumption was wrong (and not required to be true under the kernel spec), it is a bug in the compiler. Since the assumption was reasonable (although not required), it is a bug (or at least a wart) in the kernel. Hopefully, the GCC will eventually get patched, too.
//Information does not want to be free; it wants to breed.