>>The cross-platform viral proof-of-concept in the news last week does
>>indeed infect both Windows and Linux ELF binaries. At least it does on
>>some kernels. Some tests show it doesn't work on the latest versions.
>>
>>Hans-Werner Hilse is trying to puzzle out why. If anyone else wants to
>>play with it and see if they can figure out why it is sometimes viral on
>>Linux and sometimes not, drop me a note offlist.
>
>From LWN/Newsforge:
--->2.6.15.4
[0804744d] open("E", O_RDWR) = 4
...
[0804747e] old_mmap(NULL, 28672, PROT_READ|PROT_WRITE, MAP_SHARED, 4, 0) =
0xb7fca000
--->2.6.16.2:
[0804744d] open("E", O_RDWR) = 4
...
[0804747e] old_mmap(NULL, 32768, PROT_READ|PROT_WRITE, MAP_SHARED, 1, 0) =
-1 ENODEV (No such device)
Simple as that. open() returns fd 4, but old_mmap is called with fd 1,
which is usually stdout. Looks to me like a userspace problem.
Jan Engelhardt
--
| Software Engineer and Linux/Unix Network Administrator
| Alphagate Systems, http://alphagate.hopto.org/
| jengelh's site, http://jengelh.hopto.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
