Skip to main content

Torvalds Patches Linux Kernel, Fixes Broken Virus

Patch fixes bug that prevented a virus from running on some systems.

Robert McMillan, IDG News Service
Wednesday, April 19, 2006


SAN FRANCISCO -- The hacker who created a widely reported cross-platform virus that could affect both Windows and Linux PCs may have inadvertently done some free bug testing for the Linux operating system. Linux creator Linus Torvalds said today he had patched his operating system kernel to fix a bug that had been preventing the virus from running.

The virus, called Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was first reported on April 7 by security vendor Kaspersky Lab, which labeled it an interesting proof-of-concept program, because of its ability to affect both Windows and Linux.

After discovering that the virus didn't work on recent versions of Linux, open-source developers did some investigative work and discovered that the cause was an obscure bug in the compiler used by Linux. News of this bug was first reported on NewsForge.com.

The bug affects versions of Linux that were compiled using a certain kernel option, called REGPARM, which was recently enabled by default, according to Torvalds.

Torvalds has now patched the problem in his version of the Linux kernel, which is used by developers. Most users, however, won't see the patch until version 2.6.17 of the kernel is released, he said.

'Benign' Bug
This patch fixes what Torvalds calls a "benign" bug that has no effect on most programs. It also helps Virus.Linux.bi work in systems where it otherwise would have been ineffective.

But Torvalds pointed to a couple of reasons why his fix doesn't really help the bad guys. First, he disputed the idea that Virus.Linux.Bi is actually a virus. "It ends up really being just a program that writes to files that it has permissions to write to. Nothing wrong with that," he said. "It just does so in an interesting manner that means that it gathers more publicity."

And even if the proof-of-concept code could be put to malicious use, "any serious bad guy" would have had no trouble overcoming the compiler bug that was preventing it from working, Torvalds added.

To date, Kaspersky has not seen any hackers adopt the proof of concept code for use in real attacks, though the security vendor says that malicious "black hat" hackers might attempt to put it to use.

"There are always black-hatters out there that are going to try to use part of it to create something new,"
said Shane Coursen, a senior technical consultant with the company.

"We may see another virus using the same method of cross-platform infection."

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src 192.168.2.0/24 127.0.0.1
http_access allow our_networks
http_port 192.168.2.1:3128 transparent
always_direct allow all

where 192.168.2.1 is your proxy server IP address.


If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.
References:
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…