Samuel Thibault <samuel.thiba...@gnu.org> skribis:
> I have however been approached by clamav maintainers, who told me
> that one such malware got ported to GNU/Hurd! They apparently "just"
> rebuilt the malware using a GNU/Hurd cross tolchain (why not running
> the qemu image?! Beats me). They however had to patch the source a bit:
> apparently in previous versions it was using the PATH_MAX constant,
> whose 4096 magic number could be seen in the Linux binary. The authors
> changed that into the classical dynamic allocation loop. Actually the
> generated code looks very much like the "sample" loop linked from
> https://www.gnu.org/software/hurd/hurd/porting/guidelines.html :
I think two lessons can be learned from that:
1. Lack of PATH_MAX has been effective at protecting us from malware
(and arguably goodware as well) up to now.
2. The GNU Coding Standard’s stance on removing arbitrary limits is
finally percolating, reaching even malware developers!
Anyway, thanks for the heads-up!
Ludo’.
