Skip to main content

Torvalds Patches Linux Kernel, Fixes Broken Virus

Patch fixes bug that prevented a virus from running on some systems.

Robert McMillan, IDG News Service
Wednesday, April 19, 2006


SAN FRANCISCO -- The hacker who created a widely reported cross-platform virus that could affect both Windows and Linux PCs may have inadvertently done some free bug testing for the Linux operating system. Linux creator Linus Torvalds said today he had patched his operating system kernel to fix a bug that had been preventing the virus from running.

The virus, called Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was first reported on April 7 by security vendor Kaspersky Lab, which labeled it an interesting proof-of-concept program, because of its ability to affect both Windows and Linux.

After discovering that the virus didn't work on recent versions of Linux, open-source developers did some investigative work and discovered that the cause was an obscure bug in the compiler used by Linux. News of this bug was first reported on NewsForge.com.

The bug affects versions of Linux that were compiled using a certain kernel option, called REGPARM, which was recently enabled by default, according to Torvalds.

Torvalds has now patched the problem in his version of the Linux kernel, which is used by developers. Most users, however, won't see the patch until version 2.6.17 of the kernel is released, he said.

'Benign' Bug
This patch fixes what Torvalds calls a "benign" bug that has no effect on most programs. It also helps Virus.Linux.bi work in systems where it otherwise would have been ineffective.

But Torvalds pointed to a couple of reasons why his fix doesn't really help the bad guys. First, he disputed the idea that Virus.Linux.Bi is actually a virus. "It ends up really being just a program that writes to files that it has permissions to write to. Nothing wrong with that," he said. "It just does so in an interesting manner that means that it gathers more publicity."

And even if the proof-of-concept code could be put to malicious use, "any serious bad guy" would have had no trouble overcoming the compiler bug that was preventing it from working, Torvalds added.

To date, Kaspersky has not seen any hackers adopt the proof of concept code for use in real attacks, though the security vendor says that malicious "black hat" hackers might attempt to put it to use.

"There are always black-hatters out there that are going to try to use part of it to create something new,"
said Shane Coursen, a senior technical consultant with the company.

"We may see another virus using the same method of cross-platform infection."

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Moving your mysql database to another hard disk

Recently, my server's only hard disk was almost full. I bought a new hard disk with bigger size and I decided to just add it as a second hard disk. Since I need to move it to the 2nd hard disk, I need to find a proper way to move the db with minimum downtime. So I googled around and found a solution.
First, I needed to format the 2nd hard disk and I chose xfs as the filesystem. I created 2 partitions using Linux's fdisk for this task. First partition is 10 GB and 2nd one is around 900 GB. That's approximately added up to 1 TB. Then I mounted the 2nd partition in current partition eg /media/hd2 as follows:
mount -t xfs /dev/sdb5 /media/hd2
where /dev/sdb5 is the partition and /media/hd2 is the mounting dir.
Stop mysql db before doing anything:
service mysql stop
Afterthat, I copied the entire db to newly mounted hard disk:
cp -rv /var/lib/mysql /media/hd2
It will take a while if you have huge databases.
Then, change the ownership of the dir to user and group of mysql:
chown -R mysql:…

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…