...making Linux just a little more fun!


This month's answers created by:

[ Sayantini Ghosh, Amit Kumar Saha, Ben Okopnik, Kapil Hari Paranjape, Karl-Heinz Herrmann, René Pfeiffer, MNZ, Neil Youngman, Paul Sephton, Rick Moen, Suramya Tomar, Steve Brown, Thomas Adam ]
...and you, our readers!

Our Mailbag

Six Years Old And Still Causing Problems For Linux Users

Ben Okopnik [ben at linuxgazette.net]

Wed, 13 Feb 2008 16:40:38 -0500

----- Forwarded message from Stephen Russell <srussell@racepointgroup.com> -----

Subject: Six Years Old And Still Causing Problems For Linux Users
Date: Wed, 13 Feb 2008 13:56:56 -0500
From: Stephen Russell <srussell@racepointgroup.com>
To: ben@linuxgazette.net
Hello Ben,

I thought you might be interested in the information below on a six-year-old virus that is still causing problems for Linux users. In fact, the problem is so common that 70 percent of Linux infections are because of the virus. In response to this problem, Sophos has made available a free detection tool for Linux users to determine if they are infected by the virus.

If you are interested in discussing this virus with Sophos, don't hesitate to contact me.



Stephen Russell

Racepoint Group for Sophos



Six Year Anniversary for Linux Virus Rst-B - Are You Infected?

Sophos Makes Available Detection Tool for Linux Users

IT security and control firm Sophos is warning Linux users of the importance of properly securing their Linux systems, following findings from SophosLabs(TM) that a long established threat, known as Linux/Rst-B, is still infecting computers and servers.

Analysis of malware has shown almost 70 percent of the infections are due to this six-year-old malicious program. Today, SophosLabs has made freely available a small detection tool to help Linux users find out whether they are unwittingly infected with this virus.

Linux servers are very valuable to hackers, according to SophosLabs experts. Servers, by their nature, are rarely turned off and often found to be running no or insufficient protection against malware attacks. This makes the Linux systems ideal candidates for the role of controller in a botnet - the central control point when creating and managing an army of infected computers, known as bots or zombies. Where Linux systems are most often found to be running as a server, Windows machines are more frequently used at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal as bots or zombies.

Hackers typically gain control via weak SSH password or some other vulnerability. Once in, they install IRC based malware and use IRC channels to control their bots.

"The number of malware in existence is around 350,000, and while only a teeny number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos. "It was very surprising to see that a six-year-old virus seems to be responsible for a large proportion of the malware collating in our Linux honeypot, and we hope that Linux users who aren't running security will at least run this tool to find out if they are infected with this granny virus."

Information on the Linux/Rst-B detection tool is available on the SophosLabs blog. Sophos underlines that running the detection tool will only detect versions of Linux/Rst-B.

[ ... ]

[ Thread continues here (6 messages/14.01kB) ]

Unwanted software

Rick Moen [rick at linuxmafia.com]

Sun, 10 Feb 2008 15:53:11 -0800

Quoting Mike Orr (sluggoster@gmail.com):

> Found this in the EULA for MSN Messenger accounts:
> """
> Potentially Unwanted Software
> If you remove or disable "spyware", "adware"  and other potentially
> unwanted software ("potentially unwanted software"), it may cause
> other software on your computer to stop working, and it may cause you
> to breach a license to use other software on your computer (such as
> where the other software installed the potentially unwanted software
> on your computer as a condition for your use of the other software).
> By using the features of the service intended to help you remove or
> disable potentially unwanted software, it is possible that you will
> also remove or disable  software that is not potentially unwanted
> software. If a feature of the service prompts you before removing or
> disabling potentially unwanted software, you are solely responsible
> for selecting which potentially unwanted software the service removes
> or disables.  Before authorizing the removal of any potentially
> unwanted software, you should read the license agreements for the
> potentially unwanted software.
> """
> LICENSE AGREEMENTS for spyware???  I'm supposed to recognize what kind
> of spyware has been surreptitiously been installed on my computer, and
> know where its license agreement is?
> Fancy Microsoft discouraging people from eradicating spyware, and
> threatening them with a potential license violation if they do.

You're misreading what they're saying, here, and in consequence being a bit unfair to our Redmondian friends.

They're saying that MSN Messenger service includes some anti-spyware features that might, in the process of doing its job, might accidentally disable some process you want to have continue to run. It says that the anti-spyware system monitor will pop up a screen asking you to vet what it wants to disable, and the responsibility's totally on you if you say "yes" and end up turning off something you later regret having disabled.

This reflects, in part, the pernicious way in which legitimate MS-Windows software has become at best poorly distinguishable from adware/spyware, and it's not unknown for the one to come bundled with the other, and for various (nominally legitimate) proprietary software packages to "phone home" information about the user, permission for which chicanery the user usually but not always has "consented to" (nominally) via misleadingly worded clauses in their licence agreements.

For perspective, it's also not unknown for this sort of treacherous behaviour to occur in proprietary applications for Linux. That's why, for example, my nameserver resolves the "remoteapproach.com" domain locally, because, even though I wouldn't touch Adobe Acrobat Reader with a ten-foot pole or an 11-foot Swede, visitors to my house sometimes do. (See: http://lwn.net/Articles/129729/)

Version control for /etc

Rick Moen [rick at linuxmafia.com]

Sat, 9 Feb 2008 13:34:57 -0800

https://thomas.apestaart.org/thomas/trac/wiki/projects/savon has:

  What is Savon? 
  Savon is a program that allows you to store parts of a file system in
  Subversion. It manages file contents, permissions, owner and group (by
  name, not by id), and even SELinux security context. Layers allow re-use
  of files among different hosts.
  The command-line tool, savon, tries to follow svn in spirit as closely
  as possible in expected behaviour, output, ... Of course, there are
  different commands for the additional functionality, but your knowledge
  of svn will carry over into your use of savon. (One important exception
  is the add command, which is non-recursive by default. svn chose to make
  this recursive, in contrast to CVS, and many a user has made the mistake
  of adding a whole subtree to subversion when they just wanted one
  directory added.)
  What can I use it for? 
      * Use it to store configuration files, scripts, and other local
        modifications for your one or more Unix hosts
      * Use it to manage clusters of machines that share roles and can
        thus share configuration from one central repository
      * Use it to store the same type of information from your user
        directory, again allowing you to share parts of these directory
        layouts among multiple machines 
  High-level overview 
  Savon allows you to manage a part of your file system in an overlay.
  This part can be the whole filesystem or root, or your home directory,
  or something else.
  This overlay is split up into one more more layers. The layers are
  stacked top to bottom to represent the tree of revisioned nodes. If a
  node is present in more than one layer, the version in the top-most
  layer is used.
  Typically, you would use a separate overlay for each host, and then
  share common files in a layer. For example, on my home network, but also
  on hosts of family and friends I maintain, I use the bottom-most layer
  for files that should be the same on all hosts. This includes for
  example authorized_keys for ssh, so that I can log in to every machine.
  The layer above that is used for files that are related to the local
  network configuration; for example, yum configuration files pointing to
  local directories.
  The top-level layer gets used for the host-specific files, including
  interface definitions, a host ChangeLog, ...
  Having separate layers thus makes it easy to share configuration and
  files between machines. 

A fellow Linux user group mailing list member speculated that Savon might be more suitable than Joey Hess's etckeeper for non-.deb-based systems such as RHEL / CentOS / Mandrake / PCLinuxOS / Gentoo / etc., because etckeeper is hooked into apt/dpkg so as to capture changes to /etc resulting from package operations. Having not tried etckeeper on a non-.deb system, I couldn't speak to that, but pass along his comment.

Meanwhile, Joey has merged patches that permit etckeeper to be back-ended by Mercurial, so one can now elect that version control system rather than git, if one prefers.

[ Thread continues here (2 messages/4.16kB) ]

Can't get /dev/eth0

MNZ [mnzaki at gmail.com]

Thu, 7 Feb 2008 13:47:48 +0200

Hi TAG, I have recently bought a NIC that uses the rtl8139 chip. I can't seem to get it working. I load the 8139too module but I still don't get /dev/eth0. I'm not sure how to go about fixing this so any help would be appreciated.


[ Thread continues here (25 messages/30.92kB) ]

renaming HTML files

Ben Okopnik [ben at linuxgazette.net]

Thu, 7 Feb 2008 02:01:58 -0500

On Wed, Feb 06, 2008 at 05:26:21PM -0500, Karl Vogel wrote:

> Some minor tweaks: I got rid of spaces, slashes, etc. in the filename.

I usually leave file names as they are unless I have reason to suspect something nasty in them (like a forward slash, which is the only character that's not allowed in filenames - at least in Unix). If I'm going to process them at all, I make it simple:


This replaces any characters that don't appear in the first list with an underscore, and squashes any repeated underscores. If I'm feeling especially energetic, I might add the following:


This will remove any leading/trailing underscores from the result. It's also a good place to add the '.html' extension.

> ---------------------------------------------------------------------------
> #!/usr/bin/perl -w
> # Created by Ben Okopnik on Thu Jan 24 13:39:27 EST 2008
> use strict;
> die "Usage: ", $0 =~ /([^\/]+)$/, " <html_file[s]_to_rename>\n"
>   unless @ARGV;
> my $title;
> for (@ARGV) {
>     open(F, $_) or die "$_: $!\n";
>     {
>         local $/;
>         ($title) = <F> =~ /<title>\s*([^<\n]+)/i;
>     }
>     close(F);
>     if ($title) {
>         $title .= ".html";
>         $title =~ s!/!-!g;
>         $title =~ s/\s/-/g;
>         $title =~ s/-&-/-and-/g;
>         $title =~ s/--*/-/g;
>         $title =~ s/-\././g;
>         $title =~ s/[:,.]-/-/g;
>         $title =~ tr/'";//d;
>     }
>     else {
>         warn "$_: no title\n";
>         next;
>     }
>     if (-f "$title") {
>         warn "'$title' already exists\n";
>     }
>     else {
>         print "$_ -> $title\n";
>         rename($_, "$title") or die "rename $_: $!\n";
>     }
> }
> exit(0);

This last line may be standard practice in C, etc., but it's unnecessary (and deprecated) in Perl. The same is true for the parens in your 'open', 'close', and 'rename' calls: punctuation that doesn't have a specific reason for being there should be omitted.

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

Space in Directory Names

Amit Kumar Saha [amitsaha.in at gmail.com]

Thu, 7 Feb 2008 10:44:23 +0530


I have a directory named "Book Reviews", so when I try to CD to it using:

$ cd /media/sda5/Writings\ \&\ Presentations/Book Reviews

I get:

bash: cd: /media/sda5/Writings & Presentations/Book: No such file or directory

of course, I do not have a directory named 'Book'

I then come across this http://librenix.com/?inode=7041

I got away with it after using:

$ cd /media/sda5/Writings\ \&\ Presentations/"Book Reviews"

Is there any other way other to deal with spaces?

Comments much appreciated!

Thanks, Amit

Amit Kumar Saha
*NetBeans Community
Docs Coordinator*
Writer, Programmer, Researcher

[ Thread continues here (9 messages/13.26kB) ]

Squid configuration

hari narayanan [haari_seshu at yahoo.com]

Sun, 3 Feb 2008 21:01:23 -0800 (PST)


I have visited your web-site for squid configuration reference. It's really helpful for me. Because i'm new to squid. Also i'm having a doubt regarding squid. The main purpose of the squid is load-balancing & security which hides our webserver from outside world. I'm going to put a two web server behind my squid. Where can I mention my web servers in squid configuration. and how I can test that my squid is refering my two servers if it's not having the cache. Please let me to know about it. I'm using squid 2 as my reverse proxy and Apache as my web servers with platform RHEL 4 u 4. Thanking you,


[ Thread continues here (2 messages/2.21kB) ]

G++ too clever by half

Paul Sephton [prsephton at gmail.com]

Thu, 28 Feb 2008 15:53:46 +0200

I have done a fair bit of my own "second guessing of the user" in the past, and where it comes to the g++ folks they generally get it right. Be that as it may, there is a rather irritating and dangerous compile-time warning in g++ version 4.1.2. that is to me, an ideal example of where acting with the best intention to protect the user from his own stupidity can backfire.

A pure virtual base class, or interface class definition is used when one would like to use the class definition without having access in any way to the implementation. Typically, a factory function creates objects of this type, and another factory function may be used to destroy them. One cannot use the 'new' keyword to create, or the 'delete' keyword to destroy objects of this type, as the object definition has no public constructor or destructor, and no base implementation for the virtual methods. However, one may call the objects methods; since they are all pure virtual declarations, one is guaranteed of their implementation in the subclass.

The following header is used to provide a pure virtual interface class and functions to create or delete instances of the class:

class abc {
  public :
     virtual void if_method1()=0;
     virtual long if_method2()=0;
     virtual bool if_method3()=0;
abc *abc_factory_new();
void abc_factory_delete(abc *);

when compiled, this emits the warning: `` warning: 'class abc' has virtual functions but non-virtual destructor''

which is only partially true, as there is no declaration for a destructor at all (either virtual or non-virtual). One might expect the following code to emit warnings both for the attempt to create an instance of 'abc' as well as the attempt to delete 'abc':

int main() {
  abc *a = new abc();
  delete a;

As it happens, we are warned when we try to create an instance of 'abc' (because of all the pure virtual functions) , but not warned at all when we delete the object directly. It would appear that g++ assumes that the coder has made a mistake, and creates a default (public non-virtual) destructor for the class anyway, regardless that we excluded definitions for the destructor to prevent accidental deletion. To add insult to injury, g++ then warns the coder that his [automatic] destructor is not virtual.

Just as well that it does warn you, since the destructor it automatically creates is not virtual, and therefore invoking delete against the virtual base class (which should have failed with a compiler error) would result in a potential memory leak.

The above warning is not a new one, and previous versions of the compiler would emit the warning when a destructor was declared as non-virtual in a class with virtual method declarations. For example,

[ ... ]

[ Thread continues here (4 messages/8.93kB) ]

RSS feed problem

Ben Okopnik [ben at linuxgazette.net]

Tue, 5 Feb 2008 11:02:50 -0500

----- Forwarded message from Bob McConnell <rvm@CBORD.com> -----

Subject: RSS feed problem
Date: Tue, 5 Feb 2008 08:24:52 -0500
From: Bob McConnell <rvm@CBORD.com>
To: editor@linuxgazette.net
Good morning,

I am using Firefox with Newsfox 0.8.3 to track your RSS feed at <http://linuxgazette.net/lg.rss>. Since I know that updates only happen once a month, I don't include LG in the regular refresh list, but check it manually the first few days of each month until I get the update.

However, for the past four months, there have not been any dates on the items in that feed. Therefore I have a mixed list with items from multiple months and no useful way to sort it by date. Is that an issue with the feed, or something on my end?

I do enjoy the Gazette. Although I started with SLS 1.02, I have been using Slackware at home since '93, and Red Hat/Fedora at work for the past two years. Unfortunately, we only have one small department using Linux and have to struggle with MS-Windows for company wide tools.

Thank you,

Bob McConnell Principal Communications Programmer The CBORD Group, Inc. 61 Brown Road Ithaca NY, 14850 Phone 607 257-2410 FAX 607 257-1902 Email rvm@cbord.com Web www.cbord.com

----- End forwarded message -----

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

[ Thread continues here (8 messages/7.83kB) ]

Restrict the number of files a user can delete at a time

Suramya Tomar [security at suramya.com]

Wed, 06 Feb 2008 20:37:58 +0530

Hey Everyone, A friend of mine asked the following question and as far as I know its not possible but if I am wrong please correct me.

Basically what he wants to do is share files with windows systems over samba (with write/delete access) and restrict the number of files a user can delete at a time. So if a user (suramya) wanted to delete 2 files the system would let him delete it, but if he tried to delete 50 files it would stop it.

What do you think? Is it possible? What I told him was that either you give a user delete access or not but you can't limit by the number of files.

The easiest way I have found to remove delete access is to remove the write access to the parent directory containing the files. But the downside of this is that the users can't add new files. In this case since the users are programmers they have to have the ability to add new files to the directory.

So what are his options?

- Suramya

Name : Suramya Tomar
Homepage URL: http://www.suramya.com

[ Thread continues here (9 messages/13.54kB) ]

Followup: coraid

Karl-Heinz Herrmann [kh1 at khherrmann.de]

Thu, 7 Feb 2008 16:18:30 +0100

Hi Ramon,

I didn't get round to discuss much of what you wrote with Daniel (Main Admin around here). He keeps himself busy with fixing multiseat machines which got broken by upgrades.... As a first decision we are going to put out an order for a large disk-raid system (max 24TB, initially 18 for budget reasons) which we'll run as NFS fileserver and it will have to double as backupsystem (two independent raid controllers) backing itself up, configs from all clients and some smaller data amounts on local disks plus homes on the then old fileserver.

If that disk space runs full we'll have hopefully new budget and can think about tape solutions etc. Right now raw disc space is getting scarce.

The number crunchers are still not quite certain --- the Multicore AMD is still on the wishlist, but delivery seems to be postponed and postponed again.

> If you're willing, we could also set up a call to discuss or 
> alternatively use IRC ?
> There's way too many options depending on setup discussion etc.

Yes, I certainly would like to discuss a few things to see what might be optimal solutions.

> We've been through 4 generations of storage architecture including 
> on-line but off-site backup.

that "off-site" part is starting to worry me a bit. We have some off-site backup but not everything by far. Mostly homes and the most important written stuff (Programs, papers, etc.). Original measurement data are just to huge for that off-site backup (*non* GB ethernet doesn't help there).


[ Thread continues here (3 messages/3.95kB) ]

question regarding fork() system call

aman verma [verma.aman81 at gmail.com]

Tue, 29 Jan 2008 09:35:48 +0530

dear sir/ma'm i just want to know if we are using fork() system call again and again then what will be the output like

    printf("\n my id=%d and and my parent id=%id",getpid(),getppid());
    printf("\n my id=%d and and my parent id=%id",getpid(),getppid());

please forward me the answer

thanks and regards, amandeep verma

[ Thread continues here (2 messages/1.79kB) ]

Talkback: Discuss this article with The Answer Gang

Copyright © 2008, . Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 148 of Linux Gazette, March 2008