Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Torvalds Creates Patch for Cross-Platform Virus 195

Posted by ScuttleMonkey from the just-here-to-make-things-work dept.
Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."
This discussion has been archived. No new comments can be posted.

Torvalds Creates Patch for Cross-Platform Virus More

Torvalds Creates Patch for Cross-Platform Virus

Comments Filter:

  • mis-feature (Score:5, Insightful)

    by Douglas Simmons ( 628988 ) * on Tuesday April 18, 2006 @05:13PM (#15152722) Homepage
    Gotta admire how Linus calls a spade a spade even when that spade is a Good Thing. Imagine how MS would spin this if it happened to them.

  • This is what we call geeks (Score:5, Insightful)

    by microbee ( 682094 ) on Tuesday April 18, 2006 @05:15PM (#15152731)
    :)

  • one-man army (Score:2, Insightful)

    by caffeinemessiah ( 918089 ) on Tuesday April 18, 2006 @05:15PM (#15152732) Journal
    goes to show that if one person has complete mastery over a piece of code (e.g. the kernel), and if they're decently competent, they should be able to fix it very quickly and very soon. imagine this floating around a programming group -- being passed from one person to the next, each with their partial understanding of the whole system.

    that's one up for good ol' fashioned hacking...

  • Re:one-man army (Score:3, Insightful)

    by Skiron ( 735617 ) on Tuesday April 18, 2006 @05:20PM (#15152752)
    Not only the 'one' person, but a clean code base that makes a small fix. I expect the others would need a few hundred MB patch and lots of breakage/bundled/undocumented updates to fix it (as normal).

  • On the other hand... (Score:0, Insightful)

    by Anonymous Coward on Tuesday April 18, 2006 @05:29PM (#15152831)
    If Bill Gates had said that he proved this virus doesn't work on Windows, we're supposed to believe him, too?

  • Re:one-man army (Score:5, Insightful)

    by rbochan ( 827946 ) on Tuesday April 18, 2006 @05:30PM (#15152835) Homepage
    what prevents each member of a programming group from having "complete mastery" of the kernel?

    2 words:

    middle management

  • Re:On the other hand... (Score:2, Insightful)

    by DrJimbo ( 594231 ) on Tuesday April 18, 2006 @05:35PM (#15152858)
    AC said:
    If Bill Gates had said that he proved this virus doesn't work on Windows, we're supposed to believe him, too?
    Sure, if he shows us the source code.

  • If it is a bug in the ABI relating to the kernel, you may have a problem. Binary apps such as those old Loki-ported games, or binary apps such as Oracle might have odd problems.

    So it really is a good thing to patch.

    Just because a bug is uncovered by a virus doesn't mean that it is not a bug.

  • Re:Viruses on Linux ??? (Score:0, Insightful)

    by Anonymous Coward on Tuesday April 18, 2006 @06:04PM (#15153051)
    I wonder how it is going to make a difference?

    Well, let's see...

    At the most, some of his personal files may be modified

    ... or all of them deleted, just after it reads the email addresses of all of your friends out of your mail dir and starts sending itself along.

    or his keystrokes logged

    You mean like trojaning you into giving over your precious, will-protect-me-from-all-harm root password?

    the virus may use his machine to propagate to other machines

    That's why they call it a virus.

  • Re:Does this mean... (Score:4, Insightful)

    by skiman1979 ( 725635 ) on Tuesday April 18, 2006 @06:22PM (#15153143)
    Well I guess from a software development standpoint, "fixing" the kernel would be the right thing to do. True, this fix does allow the virus to propagate, but the fix makes the kernel work properly. A virus is a program after all, and it should work properly in the operating system just like any other piece of software. :-)

  • Re:Bug Virus? (Score:3, Insightful)

    by JamesTRexx ( 675890 ) on Tuesday April 18, 2006 @06:40PM (#15153241) Journal
    Yes, behold the beauty of the power of open source. Bugs get fixed quickly, even bugs that deal with virusses.

  • Re:Does this mean... (Score:1, Insightful)

    by Anonymous Coward on Tuesday April 18, 2006 @06:52PM (#15153309)
    I really wonder what people understand by virus these days. Many "viruses" are just regular program that write files, etc. Those windows worms, for example. They're just executables that people double click because of some social-engineering trick, they get all your email adresses and auto-send themselves to your friends (or alternatives, like a virus which autosends itself using the messenger plugin apis. Those are allowed operations - getting a list of your contacts, sending an email. In this field there's no safe operative system: you can do the same with linux (use .desktop files for it).

    I don't see how linux is "vulnerable" after this patch. This "virus" is just a program, and as such it does things. Wether the things it does are considered as "viral" or not is another matter. What's the proposed "fix" to make linux invulnerable to this kind of "viruses", don't allow users to run programs??

  • Re:Bug Virus? (Score:5, Insightful)

    by Harik ( 4023 ) <Harik@chaos.ao.net> on Tuesday April 18, 2006 @09:04PM (#15154119)
    You do realize that the virus wasn't calling the explot_to_gain_root() syscall, right? It was doing file I/O to a specific file that it had already opened and gained access to. And that failed, because of a GCC bug that caused the kernel to tromp on the userspace registers.

    In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.

  • AT MOST HIS PERSONAL FILES ????? (Score:2, Insightful)

    by Anonymous Coward on Tuesday April 18, 2006 @10:00PM (#15154401)
    if id lose all my personal files (mails, mp3s, documents, code) that would suck man. my root-owned files .... pfft, id just re-install the damn distro

  • Re:Viruses on Linux ??? (Score:3, Insightful)

    by Phroggy ( 441 ) * <slashdot3@ p h roggy.com> on Wednesday April 19, 2006 @12:00AM (#15154819) Homepage
    For a typical home user, malware that wipes out the user's home directory can be absolutely devastating, while malware that only wipes out the operating system isn't really a big deal. The OS can be reinstalled fairly easily. Most of your personal data probably isn't backed up.

  • So this virus is simply rm -fr * (Score:1, Insightful)

    by Anonymous Coward on Wednesday April 19, 2006 @04:30AM (#15155499)
    Someone e-mails you a virus file shell script / bat file and you run it.

    It looks something like this:

    #!sh
    cd ~
    rm -fr *

    And on the windows side (batch file):

    del *.*

    You then run to the closest NEWS site and report that your computer doesn't work anymore and you lost all your files.

    Oh no! New virus!

    All the windows loving NEWS editors with a IQ of less than 80 pick it up and run with it.

    Must be a slow news day.

  • Re:Viruses on Linux ??? (Score:1, Insightful)

    by Anonymous Coward on Wednesday April 19, 2006 @08:13AM (#15156023)
    I think that's what the grandparent was getting at. The average user (me included, come to think of it) doesn't bother running backups but should have a backup of the OS in the form of the install (or stupid "rescue") disks.

  • Re:armageddon (Score:2, Insightful)

    by microbee ( 682094 ) on Wednesday April 19, 2006 @10:11AM (#15156718)
    Well, technically it's the title, not the smiley, but who cares? Certainly how a posting is modded is more important than the topic itself, isn't it?

    What I tried to imply is this mental picture: someone posted a virus for Linux, and Linus wasn't worried about PR or any implication of "Linux is insecure". Instead, he was worried about a kernel/gcc bug that was exposed by the virus, although the bug actually could help to defeat the virus. And he went on to fix the bug and let the virus run.

    This is quite a picture that shows how a geek reacts. He only sees the technical side of everything and is honest about it. No politics, no B.S. And here comes the title: this is what we call geeks. It's getting silly to have to elaorate. I thought people would get it, although I wasn't expecting either an OT or an Insightful. But with both replies to my posting arguing how it should have been modded, it seems I have to do this silly thing. I should remember that insightfulness surely is related to length of the text.

  • Re:Incorrect title (Score:3, Insightful)

    by abb3w ( 696381 ) on Wednesday April 19, 2006 @12:24PM (#15158011) Journal
    Technically, it appears to be a bug in GCC - Linus patched the kernel to work around the bug.

    Actually, it's easy to make a case that both had bugs. GCC made the assumption that the Kernel does not mess with user registers. Since the assumption was wrong (and not required to be true under the kernel spec), it is a bug [jargon.net] in the compiler. Since the assumption was reasonable (although not required), it is a bug (or at least a wart [jargon.net]) in the kernel. Hopefully, the GCC will eventually get patched, too.

Slashdot Top Deals

It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.

Close