Re: MMX for kernel

news (news@oriole.sbay.org)
Fri, 7 Feb 1997 17:48:18 -0800 (PST)

Newsgroups: linux.dev.kernel
Path: usenet
From: grep@calvin.oriole.sbay.org (George Bonser)
Subject: Re: [masq] 1st virus in Linux :( (fwd)
Sender: usenet@oriole.sbay.org (news)
References: <199702072052.PAA10551@server.rwii.com>
<Pine.LNX.3.95.970207163454.30888B-100000@gatekeeper.burgessinc.com>
X-No-Archive: yes
X-Newsreader: knews 0.9.8
Mime-Version: 1.0
Organization: Debian GNU/Linux site
Content-Type: text/plain; charset=us-ascii
Message-ID: <E59H0F.4vz@oriole.sbay.org>
X-Nntp-Posting-Host: localhost
Date: Sat, 8 Feb 1997 01:48:15 GMT

The last I heard, it spreads using rsh to any hosts that you might have
in /etc/hosts.equiv

If you don't have any in there, it will not move beyond your system.

In article <Pine.LNX.3.95.970207163454.30888B-100000@gatekeeper.burgessinc.com>,
Nathan Bryant <nathan@burgessinc.com> writes:
> On Fri, 7 Feb 1997 tyson@rwii.com wrote:
>
>> On 7 Feb, Ingo Molnar wrote:
>> >
>> > On Fri, 7 Feb 1997, Chris Y. wrote:
>> >
>> > > Just picked this off of one my my mailing lists... you should check it
>> > > out.
>> >
>> > > Its target is users who play games such as doom over the Internet with
>> > ^^^^
>> > > root access.
>> > ^^^^^^^^^^^^
>> > this says it all .... :)
>>
>> Doesn't doom give up root access once it has io perms to the video
>> hardware, etc.? I would think this would only be a problem if run by
>> root which is just simply a stupid thing to do. Isn't this a case of
>> those that are causual about security get what they deserve?
>
> I don't agree. Doom has a known bug which allows any user on your system
> to get root if doom is installed setuid root. Every Linux distribution
> I've ever used installs Doom setuid root, and RedHat has only recently
> released a patch to correct this. (The patch doesn't fix doom, just
> removes the setuid bit.)
>
>>
>> If I am correct, then McAfee should be clearer about the threat because
>> their web page doesn't help Linux at all by suggesting that it is the
>> first Unix that is suseptable to a virus and pointing out that all the
>> Windoze OSes are not vulnerable to it.
>
> I do agree that McAfee could be clearer about the threat. Their press
> release leaves some important questions unanswered, such as how the Bliss
> virus enters the system in the first placce. Is some FTP site distributing
> infected copies of Doom?
>
>>
>> Ty
>>
>> --
>> Tyson D Sawyer <tyson@rwii.com> RWI, Inc. has been supplying leading edge
>> Senior Systems Engineer mobile robotics technology since 1983
>> Real World Interface, Inc. http://www.rwii.com/
>>
>
> +-----------------------+---------------------------------------+
>| Nathan Bryant | Unsolicited commercial e-mail WILL be |
>| nathan@burgessinc.com | charged an $80/hr proofreading fee. |
> +-----------------------+---------------------------------------+
> 

-- 
George Bonser
grep@oriole.sbay.org, grep@cris.com