Slashdot Mirror


Torvalds Creates Patch for Cross-Platform Virus

Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."

3 of 195 comments (clear)

  1. This is what we call geeks by microbee · · Score: 5, Insightful

    :)

  2. Re:one-man army by rbochan · · Score: 5, Insightful

    what prevents each member of a programming group from having "complete mastery" of the kernel?

    2 words:

    middle management

    --
    ...Rob
    The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
  3. Re:Bug Virus? by Harik · · Score: 5, Insightful
    You do realize that the virus wasn't calling the explot_to_gain_root() syscall, right? It was doing file I/O to a specific file that it had already opened and gained access to. And that failed, because of a GCC bug that caused the kernel to tromp on the userspace registers.

    In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.