Torvalds Creates Patch for Cross-Platform Virus 195
Newsforge is reporting that Linus Torvalds took a few minutes to review the cross-platform proof of concept virus covered yesterday and has proven that the virus does indeed not work with latest kernel version 2.6.16 and even released a patch in order to fix this "problem." From the article: "The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. [...] So the virus did a number of strange things to make this show up, but on the other hand the kernel does try to avoid touching user registers, even if we've never really _guaranteed_ that. So the 2.6.16 effect is a mis-feature, even if a _normal_ app would never care. It just happened to bite the infection logic of your virus thing."
mis-feature (Score:5, Insightful)
This is what we call geeks (Score:5, Insightful)
one-man army (Score:2, Insightful)
that's one up for good ol' fashioned hacking...
Re:one-man army (Score:3, Insightful)
On the other hand... (Score:0, Insightful)
Re:one-man army (Score:5, Insightful)
2 words:
middle management
Re:On the other hand... (Score:2, Insightful)
You don't really know that it is a good thing (Score:3, Insightful)
So it really is a good thing to patch.
Just because a bug is uncovered by a virus doesn't mean that it is not a bug.
Re:Viruses on Linux ??? (Score:0, Insightful)
Well, let's see...
At the most, some of his personal files may be modified... or all of them deleted, just after it reads the email addresses of all of your friends out of your mail dir and starts sending itself along.
or his keystrokes loggedYou mean like trojaning you into giving over your precious, will-protect-me-from-all-harm root password?
the virus may use his machine to propagate to other machinesThat's why they call it a virus.
Re:Does this mean... (Score:4, Insightful)
Re:Bug Virus? (Score:3, Insightful)
Re:Does this mean... (Score:1, Insightful)
I don't see how linux is "vulnerable" after this patch. This "virus" is just a program, and as such it does things. Wether the things it does are considered as "viral" or not is another matter. What's the proposed "fix" to make linux invulnerable to this kind of "viruses", don't allow users to run programs??
Re:Bug Virus? (Score:5, Insightful)
In fact, it would bite any program doing direct syscalls rather then using libc, so it might break linux handwritten asm code as well.
AT MOST HIS PERSONAL FILES ????? (Score:2, Insightful)
Re:Viruses on Linux ??? (Score:3, Insightful)
So this virus is simply rm -fr * (Score:1, Insightful)
It looks something like this:
#!sh
cd ~
rm -fr *
And on the windows side (batch file):
del *.*
You then run to the closest NEWS site and report that your computer doesn't work anymore and you lost all your files.
Oh no! New virus!
All the windows loving NEWS editors with a IQ of less than 80 pick it up and run with it.
Must be a slow news day.
Re:Viruses on Linux ??? (Score:1, Insightful)
Re:armageddon (Score:2, Insightful)
What I tried to imply is this mental picture: someone posted a virus for Linux, and Linus wasn't worried about PR or any implication of "Linux is insecure". Instead, he was worried about a kernel/gcc bug that was exposed by the virus, although the bug actually could help to defeat the virus. And he went on to fix the bug and let the virus run.
This is quite a picture that shows how a geek reacts. He only sees the technical side of everything and is honest about it. No politics, no B.S. And here comes the title: this is what we call geeks. It's getting silly to have to elaorate. I thought people would get it, although I wasn't expecting either an OT or an Insightful. But with both replies to my posting arguing how it should have been modded, it seems I have to do this silly thing. I should remember that insightfulness surely is related to length of the text.
Re:Incorrect title (Score:3, Insightful)
Actually, it's easy to make a case that both had bugs. GCC made the assumption that the Kernel does not mess with user registers. Since the assumption was wrong (and not required to be true under the kernel spec), it is a bug [jargon.net] in the compiler. Since the assumption was reasonable (although not required), it is a bug (or at least a wart [jargon.net]) in the kernel. Hopefully, the GCC will eventually get patched, too.