On 01/27/2005 03:03 PM, Troy Rollo wrote:
Even if they don't run Outlook Express, with Linux 2.6 there is a facility to have the kernel recognise foreign executable file formats and run them by means of another executable. If used to run Wine executables (and somebody on /. yesterday indicated they had done this), it makes Windows executables as easy to run as native Linux executables ("program.exe" works just as well as "wine program.exe" in such a case).
Yes, but then the kernel will only execute the file IF it has execute permissions - so when the worm drops BackOriface.exe on your drive and tries to run it, it won't as it won't have had the +x bit set.
And a worm smart enough to realize it is running under Wine and able to make the syscall to set the +x bit probably will be smart enough to get a native executable for the infection.