Skip to main content

Torvalds Patches Linux Kernel, Fixes Broken Virus

Patch fixes bug that prevented a virus from running on some systems.

Robert McMillan, IDG News Service
Wednesday, April 19, 2006


SAN FRANCISCO -- The hacker who created a widely reported cross-platform virus that could affect both Windows and Linux PCs may have inadvertently done some free bug testing for the Linux operating system. Linux creator Linus Torvalds said today he had patched his operating system kernel to fix a bug that had been preventing the virus from running.

The virus, called Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was first reported on April 7 by security vendor Kaspersky Lab, which labeled it an interesting proof-of-concept program, because of its ability to affect both Windows and Linux.

After discovering that the virus didn't work on recent versions of Linux, open-source developers did some investigative work and discovered that the cause was an obscure bug in the compiler used by Linux. News of this bug was first reported on NewsForge.com.

The bug affects versions of Linux that were compiled using a certain kernel option, called REGPARM, which was recently enabled by default, according to Torvalds.

Torvalds has now patched the problem in his version of the Linux kernel, which is used by developers. Most users, however, won't see the patch until version 2.6.17 of the kernel is released, he said.

'Benign' Bug
This patch fixes what Torvalds calls a "benign" bug that has no effect on most programs. It also helps Virus.Linux.bi work in systems where it otherwise would have been ineffective.

But Torvalds pointed to a couple of reasons why his fix doesn't really help the bad guys. First, he disputed the idea that Virus.Linux.Bi is actually a virus. "It ends up really being just a program that writes to files that it has permissions to write to. Nothing wrong with that," he said. "It just does so in an interesting manner that means that it gathers more publicity."

And even if the proof-of-concept code could be put to malicious use, "any serious bad guy" would have had no trouble overcoming the compiler bug that was preventing it from working, Torvalds added.

To date, Kaspersky has not seen any hackers adopt the proof of concept code for use in real attacks, though the security vendor says that malicious "black hat" hackers might attempt to put it to use.

"There are always black-hatters out there that are going to try to use part of it to create something new,"
said Shane Coursen, a senior technical consultant with the company.

"We may see another virus using the same method of cross-platform infection."

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Converting phpBB2 to phpBB3

phpBB is my favorite bulletin board system. After 4 years running on phpBB2, I tried to convert my board to phpBB3 RC7 (this is the latest at the time of writing). My phpBB2 version was 2.0.21. I read many in phpBB community forums, many people had some kinds of problem in conversion with the built-in convertor. I tried it myself and failed for 3 times. The problem was connection timed-out during conversion. Googling a bit, I found a solution. Thanks for the problem solver. You are a hero!. :-) Check it out here. This is how I did it:

Open phpbb3/install/install_convert.php

Find these lines:

/**
*
* @package install
* @version $Id: install_convert.php,v 1.53 2007/10/11 08:12:25 acydburn Exp $
* @copyright (c) 2006 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
*/

After those lines, add:
@set_time_limit(0);
@ini_set('memory_limit', '256M');
@ini_set('upload_max_filesize', '128M');
@ini_set('post_max_size', '…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src 192.168.2.0/24 127.0.0.1
http_access allow our_networks
http_port 192.168.2.1:3128 transparent
always_direct allow all

where 192.168.2.1 is your proxy server IP address.


If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.
References:
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy