Re: [rfc 08/45] cpu alloc: x86 support

Andi Kleen wrote: On Tuesday 20 November 2007 04:50, Christoph Lameter wrote: On Tue, 20 Nov 2007, Andi Kleen wrote: You could in theory move the modules, but then you would need to implement a full PIC dynamic linker for them first and also increase runtime overhead for them because they

Re: via_drm bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave Airlie wrote: > On 6/10/07, John Richard Moser <[EMAIL PROTECTED]> wrote: > This has been an on-going issue for I don't know how long. I > reported it a while ago but it's still in 2.6.22. > > Here'

via_drm bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This has been an on-going issue for I don't know how long. I reported it a while ago but it's still in 2.6.22. Here's another error log. Loaded the Via driver in Xorg with kernel 2.6.22 on Ubuntu, got the following in dmesg. The [drm:via_mem_al

Re: evading ulimits

[EMAIL PROTECTED] wrote: > On Sat, 23 Dec 2006 19:42:10 EST, John Richard Moser said: >> >> Jan Engelhardt wrote: >>>> I've set up some stuff on my box where /etc/security/limits.conf >>>> contains the following: >>>> >>>> @u

Re: evading ulimits

Jan Engelhardt wrote: >> I've set up some stuff on my box where /etc/security/limits.conf >> contains the following: >> >> @users softnproc 3072 >> @users hardnproc 4096 >> >> I'm in group users, and a simple fork bomb is easily quashed by this: >> >>

evading ulimits

I've set up some stuff on my box where /etc/security/limits.conf contains the following: @users softnproc 3072 @users hardnproc 4096 I'm in group users, and a simple fork bomb is easily quashed by this: [EMAIL PROTECTED]:~$ :(){ :|:; };: bash: fork:

Re: libata and sata?

Alan wrote: >> I no longer have two kernels to test through; I can't tell if the speed >> is back or not. Nothing in dmesg tells me if SATA is using DMA or >> 32-bit IO support though, so I don't know... lack of knowledge over here >> is killing me for troubleshooting this on my own. > > The dm

libata and sata?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A while back my distro moved to libata for sata_via. I was since confused; my disk seemed a lot slower, and it looked like DMA was off. I'm not sure how SATA works; is it even possible to enable/disable 32-bit IO and DMA? Or are those just on? sata_

Re: noexec=on doesn't work

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Piel wrote: > 12/09/2006 09:03 PM, Kyle McMartin wrote/a écrit: >> On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote: >>> I have filed this as a distro bug with Ubuntu; it may be their issue, I >>>

Re: PAE/NX without performance drain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck Ebbert wrote: > In-Reply-To: <[EMAIL PROTECTED]> > > On Sat, 09 Dec 2006 15:39:30 -0500, John Richard Moser wrote: > >> Is it possible to give some other way to get the hardware NX bit working >> in 32-bi

PAE/NX without performance drain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apparently (as I've been told today) using a hardware NX bit in a 32-bit x86 kernel requires PAE mode. PAE mode is enabled with HIGHMEM64, which is (apparently) extremely slow. Is it possible to give some other way to get the hardware NX bit working

Re: noexec=on doesn't work

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kyle McMartin wrote: > On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote: >> I have filed this as a distro bug with Ubuntu; it may be their issue, I >> haven't dug deep enough to find out. I am posting this her

noexec=on doesn't work

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm running on an Athlon 64 in 32-bit mode, running 32-bit Ubuntu with kernel 2.6.19 (Ubuntu version 2.6.19-7-generic for the curious; compiled for 586). Apparently, 'noexec=on' on the kernel command line does nothing; the NX bit seems to not work. C

Kernel profiles anyone?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Are there any recent kernel profiles? I think from an acedemic perspective it'd be nice to see some graphs and numbers nobody understands showing where the longest running code paths in the kernel occur. It might also be nice for those latency whores

SELinux policies, memory protections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was writing a section of my paper ("Designing a Secure and Friendly Operating System") and basically describing and explaining why the memory protection policy ("mprotect() restrictions") supplied by PaX is a powerful security tool; and I had a thoug

Fault tolerance. . .

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm playing Skies of Arcadia Legends on my GameCube and noticing that software bugs continuously produce errors (no scratch on the disk; I can have an error, reset, play through it easy). This leads me on and on, but now it's lead me into thinking abo

USB on zx5405us

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 USB isn't working on my zv5405us on a 2.6.10 ubuntu kernel. Or on gentoo. Or anything. It works in WindowsXP though. I can extract the error from dmesg. Here's ACPI first (ACPI works btw) Nvidia board detected. Ignoring ACPI timer override. ACPI:

Re: LSM hooks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Wright wrote: > * John Richard Moser ([EMAIL PROTECTED]) wrote: > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >>Well the LSM mailing list seems to be dead, even the archives stop at >>Jan 15 2005.

LSM hooks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well the LSM mailing list seems to be dead, even the archives stop at Jan 15 2005. My own mails don't come back to me (I'm subscribed). So, Which version of Linux will first implement stacking in LSM as per Serge Hallyn's patches? Where is the new

Re: Aligning file system data

resizing (grow, shrink) while running. I don't see how to grow left; shrinking from the left is easy enough. Wait, suddenly I see how to grow left: Superblock at the end, and a bit of magic. . . . Robert Hancock wrote: > John Richard Moser wrote: > >> How likely is it th

Aligning file system data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How likely is it that I can actually align stuff to 31.5KiB on the physical disk, i.e. have each block be a track? Rather than leveraging the track cache, would it be less expensive for me to simply read in blocks totaling about 16 or 32KiB all at onc

Re: [ubuntu-hardened] Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Tue, 2005-03-29 at 14:07 -0500, John Richard Moser wrote: > >>-BEGIN PGP SIGNED MESSAGE- [...] >>/me shrugs. It's a security blanket for him mostly; he fears automagic >>security

Re: [ubuntu-hardened] Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Richard Moser wrote: > > > Arjan van de Ven wrote: > [...] Three more notes, then I'll sleep. These notes won't include the two paragraph long explaination of falling back to PT_GNU_STACK if PT_PAX_FLAGS isn't th

Re: [ubuntu-hardened] Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>You need to consider that in the end I'd need PT_GNU_STACK to do >>everything PaX wants > > > why? > Why not have independent flags for independent things? > That way you have both cleanness of design and you don't break a

Re: [ubuntu-hardened] Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>You need to consider that in the end I'd need PT_GNU_STACK to do >>everything PaX wants > > > why? > Why not have independent flags for independent things? > That way you have both cleanness of design and you don't break a

Re: [ubuntu-hardened] Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brandon Hale wrote: >>>actually Linus was really against adding non-related things to this >>>flag. And I think he is right... >>> > > > Makes sense to me. > > [...] > > IMO you have this backwards, John. Rather than having the majority (ES,

Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Mon, 2005-03-28 at 13:50 -0500, John Richard Moser wrote: > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >> >> >>Arjan van de Ven wrote: >> >>>>As

Re: Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>As I understand, PT_GNU_STACK uses a single marking to control whether a >>task gets an executable stack and whether ASLR is applied to the >>executable. > > > you understand wrongly. > > PT_GNU_STACK just sets the exec p

Collecting NX information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings. Currently I'm in need of some information about both vanilla and Exec Shield kernels in regards to markings emitted by the toolchain, specifically PT_GNU_STACK. I'd like to check my assumptions, in preparation for possibly making a non-int

Re: vfat broken in 2.6.10?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OGAWA Hirofumi wrote: > John Richard Moser <[EMAIL PROTECTED]> writes: > > >>It appears dosfsck may not be working quite right. I've taken this into >>account, hence the second pass after each fsck. This is

Re: vfat broken in 2.6.10?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Triffid Hunter wrote: > i've seen the same problems with a fat32 partition image after an > unclean shutdown. reading certain files would cause the filesystem to > spontaneously become read-only with error messages similar to the ones > you list belo

vfat broken in 2.6.10?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm using Ubuntu Linux Hoary [EMAIL PROTECTED]:~# uname -a Linux icebox 2.6.10-5-686 #1 Tue Mar 15 15:16:01 UTC 2005 i686 GNU/Linux [EMAIL PROTECTED]:~# fsck.vfat -r /dev/sda1 dosfsck 2.10, 22 Sep 2003, FAT32, LFN /\uSCK.REN Duplicate dire

Re: binary drivers and development

in my knowledge. I like to understand everything, it makes things easier. Felipe Alfaro Solana wrote: > On Thu, 10 Mar 2005 17:32:39 -0500, John Richard Moser > <[EMAIL PROTECTED]> wrote: > >>CPL=3 scares me; context switches are expensive. can they have direct >>

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Chubb wrote: >>>>>>"John" == John Richard Moser <[EMAIL PROTECTED]> writes: > > > > John> I've done more thought, here's a small list of advantages on > John> using binary d

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People are still e-mailing me about this? Lennart Sorensen wrote: > On Thu, Mar 10, 2005 at 12:24:15PM -0500, John Richard Moser wrote: > >>I've done more thought, here's a small list of advantages on using >>binary drive

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stop mailing me, I lost interest when I figured out nobody else cared. Diego Calleja wrote: > El Thu, 10 Mar 2005 12:24:15 -0500, > John Richard Moser <[EMAIL PROTECTED]> escribió: > > [...] > >> - Smaller kernel tre

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Baechle wrote: > On Thu, Mar 10, 2005 at 11:28:39AM -0500, John Richard Moser wrote: > > >>I've been looking at the UDI project[1] and thinking about binary >>drivers and the like, and wondering what most peoples

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've done more thought, here's a small list of advantages on using binary drivers, specifically considering UDI. You can consider a different implementation for binary drivers as well, with most of the same advantages. - Smaller kernel tree The k

Re: binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg KH wrote: > On Thu, Mar 10, 2005 at 11:28:39AM -0500, John Richard Moser wrote: > >>I've been looking at the UDI project[1] and thinking about binary >>drivers and the like, and wondering what most peoples' take on

binary drivers and development

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been looking at the UDI project[1] and thinking about binary drivers and the like, and wondering what most peoples' take on these are and what impact that UDI support would have on the kernel's development. I know the immediate first reactions ar

Re: [PATCH] Filesystem linking protections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Wright wrote: > * John Richard Moser ([EMAIL PROTECTED]) wrote: > >>Yes, mkdtemp() and mkstemp(). >> >>Of course we can't always rely on programmers to get it right, so the >>idea here is to make sure we as

Re: [PATCH] Filesystem linking protections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Wright wrote: > * John Richard Moser ([EMAIL PROTECTED]) wrote: > >>I've yet to see this break anything on Ubuntu or Gentoo; Brad Spengler >>claims this breaks nothing on Debian. On the other hand, this could >>

Re: [PATCH] Filesystem linking protections

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Wright wrote: > * Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote: > >>This patch adds two checks to do_follow_link() and sys_link(), for >>prevent users to follow (untrusted) symlinks owned by other users in >>world-writable +t dire

Re: Sabotaged PaXtest

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Mon, 2005-01-31 at 13:57 +0100, Peter Busser wrote: > >>Hi! [...] > the paxtest 0.9.6 that John Moser mailed to this list had this gem in > it: > @@ -39,8 +42,6 @@ > */ > int paxtest_mode = 1; > > +

Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roman Zippel wrote: > Hi, > > On Thu, 3 Feb 2005, Peter Busser wrote: > > >>- What happens when you run existing commercial applications which have not >>been compiled using GCC. > > >>From http://pax.grsecurity.net/docs/pax.txt: > >The go

Re: msdos/vfat defaults are annoying

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph Hellwig wrote: > On Sun, Feb 06, 2005 at 12:33:43AM -0500, John Richard Moser wrote: > >>I dunno. I can never understand the innards of the kernel devs' minds. > > > filesystem detection isn't hand

msdos/vfat defaults are annoying

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So I've noticed, again, much annoyed, that if I rely on -t auto, horrible horrible things happen. I have had floppies and compact flash cards that I've done mkfs.vfat to make fat32 filesystems on (not fat16), and mounting them brings the thing on as m

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: >>Why not compromise, if possible? 256M of randomization, but move the >>split up to 3.5/0.5 gig, if possible. I seem to recall seeing an option >>(though I think it was UML) to do 3.5/0.5 before; and I'm used to "a >>littl

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph Hellwig wrote: > On Sat, Jan 29, 2005 at 12:49:05PM -0500, John Richard Moser wrote: > >>>The ideas in IBM's ProPolice changes are good and worth >>>implementing, but the current implementation is bad. >&g

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jakub Jelinek wrote: > On Sat, Jan 29, 2005 at 01:31:46AM -0500, John Richard Moser wrote: > >>Finally, although an NX stack is nice, you should probably take into >>account IBM's stack smash protector, ProPolice. Any atta

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote: > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >> >> >>Arjan van de Ven wrote: >> >>>>I actua

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote: > >>-BEGIN PGP SIGNED MESSAGE- > > >>These are the only places mprotect() is mentioned; a visual scan >>confirms no t

Re: Patch 4/6 randomize the stack pointer

it for me, and that's important to me. *I* want to toy with them, but *you* shouldn't have to. . . . what was my point? Oh yeah. it's possible to deploy huge randomization and VM splitting and crap without breaking third party software, see above for explaination. Linus Torvalds w

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rik van Riel wrote: > On Thu, 27 Jan 2005, John Richard Moser wrote: > >> Arjan van de Ven wrote: > > >>>> Is this one any worse? >>> >>> yes. >>> >>> oracle, db2 and simi

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Molnar wrote: > * Paulo Marques <[EMAIL PROTECTED]> wrote: > > >>I really shouldn't feed the trolls, but this must be the most silly >>piece of code I saw on this mailing list in a very long time (and >>there have been some good examples over

Re: Why does the kernel need a gig of VM?

VM is vs a half gig or a gig that can be freed up. Josh Boyer wrote: > On Fri, 2005-01-28 at 15:06 -0500, John Richard Moser wrote: > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >>Can someone give me a layout of what exactly is up there? I got the >>

Why does the kernel need a gig of VM?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can someone give me a layout of what exactly is up there? I got the basic idea K 4G A 3G A 2G A 1G App has 3G, kernel has 1G at the top of VM on x86 (dunno about x86_64). So what's the layout of that top 1G? What's it all used for? Is there some

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paulo Marques wrote: > John Richard Moser wrote: > >> In other words, no :) >> >> Here's self-exploiting code to discover its own return address offset >> and exploit itself. It'll lend some insight int

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Davidsen wrote: > On Thu, 27 Jan 2005, Zan Lynx wrote: > > >>On Thu, 2005-01-27 at 10:37 -0600, Jesse Pollard wrote: >> >>>On Wednesday 26 January 2005 13:56, Bill Davidsen wrote: >>> On Wed, 26 Jan 2005, Jesse Pollard wrote: >On

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>I feel the need to point something out here. >> >>[TEXT][BRK][MMAP---][STACK] >> >>Here's a normal layout. >> >>[TEXT][BRK][MMAP---][STACK][MMAP--] >> >>Is this one any worse? > > > yes. > > oracle, db2 an

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > [...] > > Your suggestion of 256MB of randomization for the stack SIMPLY IS NOT > ACCEPTABLE for a lot of uses. People on 32-bit archtiectures have issues > with usable virtual memory areas etc. > I feel the need to po

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So 0x02020202 is a no-op? (somebody finally gets why the randomization range must be > the size of the stack?) linux-os wrote: [...] >> pointing back into that buffer needs the address of that buffer. That >> buffer is on the stack, which is now ra

Re: Patch 4/6 randomize the stack pointer

In other words, no :) Here's self-exploiting code to discover its own return address offset and exploit itself. It'll lend some insight into how this stuff works. Just a toy. Arjan van de Ven wrote: > On Thu, 2005-01-27 at 14:19 -0500, linux-os wrote: > >>Gentlemen, >> >>Isn't the return addre

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > > On Thu, 27 Jan 2005, John Richard Moser wrote: > >>>Your suggestion of 256MB of randomization for the stack SIMPLY IS NOT >>>ACCEPTABLE for a lot of uses. People on 32-bit archtiectures

Re: Patch 0/6 virtual address space randomisation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julien TINNES wrote: > >> >> Yeah, if it came from PaX the randomization would actually be useful. >> Sorry, I've just woken up and already explained in another post. >> > > Please, no hard feelings. > > Speaking about implementation of the non ex

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > > On Thu, 27 Jan 2005, Linus Torvalds wrote: > >>Real engineering is about doing a good job balancing different issues. > > [...] > test. Maybe such a vendor understands that you have to ease into things, > and you can'

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > > On Thu, 27 Jan 2005, John Richard Moser wrote: > >>What the hell? > > > John. Stop frothing at the mouth already! > I'm coarse, I'm not angry. > Your suggestion of 256MB of r

Re: Patch 4/6 randomize the stack pointer

e increased the randomization by tweaking one variable aren't we cool!!!"? Red Hat is all smoke and mirrors anyway when it comes to security, just like Microsoft. This just reaffirms that. Arjan van de Ven wrote: > On Thu, 2005-01-27 at 12:38 -0500, John Richard Moser wrote: >

Re: Patch 0/6 virtual address space randomisation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Thu, 2005-01-27 at 12:45 +0100, Julien TINNES wrote: > >>Arjan van de Ven wrote: >> >>>The randomisation patch series introduces infrastructure and functionality >>>that causes certain parts of a process' virtual address

Re: Patch 4/6 randomize the stack pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > > The patch below replaces the existing 8Kb randomisation of the userspace > stack pointer (which is currently only done for Hyperthreaded P-IVs) with a > more general randomisation over a 64Kb range. > 64k of stack rand

Re: /proc parent &proc_root == NULL?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Thu, 27 Jan 2005 01:51:05 EST, John Richard Moser said: > > >>mmm. I'd thought about that actually-- for modules to get a whack at >>this they'd have to be compiled in. Loaded as mod

Re: /proc parent &proc_root == NULL?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Wed, 26 Jan 2005 22:35:18 EST, John Richard Moser said: > > >>This particular problem pertains to proc_misc.c and trying to create a >>hook for some grsecurity protections that alter the mod

Re: /proc parent &proc_root == NULL?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Al Viro wrote: > On Wed, Jan 26, 2005 at 09:33:48PM -0500, John Richard Moser wrote: > >>create_proc_entry("kmsg", S_IRUSR, &proc_root); >> >>So this is asking for proc_root to be filled? >> >>c

Re: /proc parent &proc_root == NULL?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Randy.Dunlap wrote: > John Richard Moser wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> proc_misc_init() has both these lines in it: >> >> entry = create_proc_entry("

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [] Did any of you actually READ the link I put? How the heck did we get the navy into this? - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -BEGIN PGP SIGNATURE- Ver

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sytse Wielinga wrote: > On Tue, Jan 25, 2005 at 03:03:04PM -0500, John Richard Moser wrote: > >>That being said, you should also consider (unless somebody forgot to >>tell me something) that it takes two source trees to make a

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sytse Wielinga wrote: [...] >>If you people ever bothered to read what I say, you wouldn't continually >>say stupid shit like You get milk from cows wtf idiot >>chocolate milk doens't come from chocolate cows > > > I'm sorry about the rant. Besi

/proc parent &proc_root == NULL?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 proc_misc_init() has both these lines in it: entry = create_proc_entry("kmsg", S_IRUSR, &proc_root); proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL); Both entries show up in /proc, as /proc/kmsg and /proc/kcore. So I ask, as I can't see

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Wed, 26 Jan 2005 14:31:00 EST, John Richard Moser said: > > >>[*] Grsecurity >> Security Level (Custom) ---> >> Address Space Protection ---> >> Role Based Access Control O

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Davidsen wrote: > On Tue, 25 Jan 2005, John Richard Moser wrote: > > > >>Thus, by having fewer exploits available, fewer successful attacks >>should happen due to the laws of probability. So the goal becomes

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 linux-os wrote: > On Tue, 25 Jan 2005, John Richard Moser wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> >> Dmitry Torokhov wrote: >> >>> On Tue, 25 Jan 2005 13:37:1

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Tue, 25 Jan 2005 14:56:13 EST, John Richard Moser said: > > >>This puts pressure on the attacker; he has to find a bug, write an >>exploit, and find an opportunity to use it before a patch is wri

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J. Bruce Fields wrote: > On Tue, Jan 25, 2005 at 02:56:13PM -0500, John Richard Moser wrote: > >>In this context, it doesn't make sense to deploy a protection A or B >>without the companion protection, which is what I meant.

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > > On Tue, 25 Jan 2005, John Richard Moser wrote: > >>>Sure there is. There's the gain that if you lock the front door but not >>>the back door, somebody who goes door-to-door, opportunis

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dmitry Torokhov wrote: > On Tue, 25 Jan 2005 13:37:10 -0500, John Richard Moser > <[EMAIL PROTECTED]> wrote: > >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >> >>Linus Torvalds wrote: >&g

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Linus Torvalds wrote: > > On Tue, 25 Jan 2005, John Richard Moser wrote: > >>It's kind of like locking your front door, or your back door. If one is >>locked and the other other is still wide open, then you might as

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Davidsen wrote: > Linus Torvalds wrote: > >> >> On Tue, 25 Jan 2005, Bill Davidsen wrote: >> >>> Unfortunately if A depends on B to work at all, you have to put A and >>> B in as a package. >> >> >> >> No. That's totally bogus. You can put in B

Complex logging in the kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What systems exist for complex logging and security auditing in the kernel? For example, let's say I wanted to register my specific code (i.e. a security module) to log, and adjust to log level N. I also want another module to log at log level L, whi

Re: undefined references

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Mon, 24 Jan 2005 19:04:53 EST, John Richard Moser said: > > >>fs/built-in.o(.text+0xe413): In function `link_path_walk': >>: undefined reference to `gr_inode_follow_link' >>fs/

undefined references

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 icebox linux-2.6.10-grs # make CHK include/linux/version.h make[1]: `arch/x86_64/kernel/asm-offsets.s' is up to date. CHK include/linux/compile.h CHK usr/initramfs_list GEN .version CHK include/linux/compile.h UPD in

LSM hook addition?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can someone point me to documentation or give me a small patch to add an LSM hook to kernel 2.6.10 in fs/namei.c at line 1986: new_dentry = lookup_create(&nd, 0); error = PTR_ERR(new_dentry); if (!IS_ERR(new_dentry)) {

P35U

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone have a p35u based camera? I have an EZCam Pro p35u based, still no driver I believe. Anything I can do to help with making one, like dump some sort of hardware data off it (yeah right)? - -- All content of all messages exchanged herein a

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph Hellwig wrote: > On Thu, Jan 20, 2005 at 01:16:33PM -0500, John Richard Moser wrote: > >>Granted, you're somewhat more diverse than I pointed out; but I don't >>keep up on what you're doing. The point w

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: > On Thu, 2005-01-20 at 13:16 -0500, John Richard Moser wrote: > >>Even when the tagging is all automatic, to really deploy a competantly >>formed system you have to review the results of the automated tag

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Molnar wrote: > * John Richard Moser <[EMAIL PROTECTED]> wrote: > > >>I respect you as a kernel developer as long as you're doing preemption >>and schedulers; [...] > > > actually, 'preemption a

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Wed, 19 Jan 2005 15:12:05 EST, John Richard Moser said: > > >>>And why were they merged? Because they showed up in 4-8K chunks. > > >>so you want 90-200 split out patches for GrSecur

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > On Wed, 19 Jan 2005 13:50:23 EST, John Richard Moser said: > >>Arjan van de Ven wrote: >> >>>>Split-out portions of PaX (and of ES) don't make sense. >>> >>>they

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>I respect you as a kernel developer as long as you're doing preemption >>and schedulers; but I honestly think PaX is the better technology, and I >>think it's important that the best security technology be in place. > >

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arjan van de Ven wrote: >>ES has been actively developed since it was poorly implemented in 2003. >> PaX has been actively developed since it was poorly implemented in >>2000. PaX has had about 4 times longer to go from a poor >>proof-of-concept NX

Re: thoughts on kernel security issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Molnar wrote: > * John Richard Moser <[EMAIL PROTECTED]> wrote: > > >>Split-out portions of PaX (and of ES) don't make sense. [...] > > > which shows that you dont know the exec-shield patch at all, nor t

  1   2   >