linux-2.6_2.6.26-26_i386.changes ACCEPTED into proposed-updates
Notes: Mapping stable to proposed-updates. Accepted: linux-2.6_2.6.26-26.diff.gz to main/l/linux-2.6/linux-2.6_2.6.26-26.diff.gz linux-2.6_2.6.26-26.dsc to main/l/linux-2.6/linux-2.6_2.6.26-26.dsc linux-doc-2.6.26_2.6.26-26_all.deb to main/l/linux-2.6/linux-doc-2.6.26_2.6.26-26_all.deb linux-headers-2.6.26-2-486_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-26_i386.deb linux-headers-2.6.26-2-686-bigmem_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-26_i386.deb linux-headers-2.6.26-2-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-26_i386.deb linux-headers-2.6.26-2-all-i386_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-26_i386.deb linux-headers-2.6.26-2-all_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26_i386.deb linux-headers-2.6.26-2-amd64_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-26_i386.deb linux-headers-2.6.26-2-common-openvz_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-26_i386.deb linux-headers-2.6.26-2-common-vserver_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26_i386.deb linux-headers-2.6.26-2-common-xen_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-26_i386.deb linux-headers-2.6.26-2-common_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26_i386.deb linux-headers-2.6.26-2-openvz-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-26_i386.deb linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-26_i386.deb linux-headers-2.6.26-2-vserver-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-26_i386.deb linux-headers-2.6.26-2-xen-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-26_i386.deb linux-image-2.6.26-2-486_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-26_i386.deb linux-image-2.6.26-2-686-bigmem_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-26_i386.deb linux-image-2.6.26-2-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-26_i386.deb linux-image-2.6.26-2-amd64_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-26_i386.deb linux-image-2.6.26-2-openvz-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-26_i386.deb linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-26_i386.deb linux-image-2.6.26-2-vserver-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-26_i386.deb linux-image-2.6.26-2-xen-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-26_i386.deb linux-libc-dev_2.6.26-26_i386.deb to main/l/linux-2.6/linux-libc-dev_2.6.26-26_i386.deb linux-manual-2.6.26_2.6.26-26_all.deb to main/l/linux-2.6/linux-manual-2.6.26_2.6.26-26_all.deb linux-modules-2.6.26-2-xen-686_2.6.26-26_i386.deb to main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-26_i386.deb linux-patch-debian-2.6.26_2.6.26-26_all.deb to main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-26_all.deb linux-source-2.6.26_2.6.26-26_all.deb to main/l/linux-2.6/linux-source-2.6.26_2.6.26-26_all.deb linux-support-2.6.26-2_2.6.26-26_all.deb to main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-26_all.deb linux-tree-2.6.26_2.6.26-26_all.deb to main/l/linux-2.6/linux-tree-2.6.26_2.6.26-26_all.deb xen-linux-system-2.6.26-2-xen-686_2.6.26-26_i386.deb to main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-26_i386.deb Override entries for your package: linux-2.6_2.6.26-26.dsc - source devel linux-doc-2.6.26_2.6.26-26_all.deb - optional doc linux-headers-2.6.26-2-486_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-686-bigmem_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-686_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-all-i386_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-all_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-amd64_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-common-openvz_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-common-vserver_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-common-xen_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-common_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-openvz-686_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-vserver-686_2.6.26-26_i386.deb - optional devel linux-headers-2.6.26-2-xen-686_2.6.26-26_i386.deb - optional devel linux-image-2.6.26-2-486_2.6.26-26_i386.deb -
Re: Pre-approval request for dpkg sync() changes for squeeze
On Sun, 21 Nov 2010, Ben Hutchings wrote: I'm coming to this late. It sounds like dpkg has changed its behaviour several times recently. Please can you summarise dpkg's current and proposed use of fsync() vs sync(), and the reasons for this. Jonathan made a good summary of the history. I should add that dpkg uses sync() instead of fsync() only on systems where we know that sync() is synchronous (i.e. Linux only). Now we want to stop using sync() because of the bad side-effects: - using on a tmpfs is slower because it syncs changes on unrelated filesystems - there are those reports of dpkg blocked due to the sync see http://bugs.debian.org/595927 http://bugs.debian.org/600075 Also do I understand correctly that fsync() is more expensive when ext4 delayed allocation is in use? Apparently, at least for dpkg's usage pattern. But the performance are so much slower that you have been asked whether it would make sense to change the defaults on ext4 to include nodelalloc. Cheers, -- Raphaël Hertzog ◈ Debian Developer Follow my Debian News ▶ http://RaphaelHertzog.com (English) ▶ http://RaphaelHertzog.fr (Français) -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101121081804.gc11...@rivendell.home.ouaza.com
Re: Pre-approval request for dpkg sync() changes for squeeze
On Sun, Nov 21, 2010 at 09:18:04AM +0100, Raphael Hertzog wrote: On Sun, 21 Nov 2010, Ben Hutchings wrote: I'm coming to this late. It sounds like dpkg has changed its behaviour several times recently. Please can you summarise dpkg's current and proposed use of fsync() vs sync(), and the reasons for this. Jonathan made a good summary of the history. I should add that dpkg uses sync() instead of fsync() only on systems where we know that sync() is synchronous (i.e. Linux only). Now we want to stop using sync() because of the bad side-effects: - using on a tmpfs is slower because it syncs changes on unrelated filesystems - there are those reports of dpkg blocked due to the sync see http://bugs.debian.org/595927 http://bugs.debian.org/600075 Also do I understand correctly that fsync() is more expensive when ext4 delayed allocation is in use? Apparently, at least for dpkg's usage pattern. But the performance are so much slower that you have been asked whether it would make sense to change the defaults on ext4 to include nodelalloc. Something that might be worth trying is using fallocate, which /might/ mitigate the delayed allocation effects. Mike -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101121100802.ga3...@glandium.org
Re: Security: auto-loading protocol modules
On 2010-11-18, Ben Hutchings b...@decadent.org.uk wrote: --=-ukGC3PFRUIR65dSYwt1Z Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Unlike device or filesystem modules, most protocol modules may be auto- loaded on behalf of local users without any special capabilities. This means that security vulnerabilities in such protocol modules may be exploitable by local users even on a system where there is no need for the protocol. What about CAN? It also had one or two privilege escalations in the past and seems to be used only in special purpose embedded setups. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrniei0sk.2er@inutil.org
Processed: Re: Bug#604197: lenny-squeeze: pc speaker don't beep after upgrade
Processing commands for cont...@bugs.debian.org: reassign 604197 linux-2.6 Bug #604197 [upgrade-reports] lenny-squeeze: pc speaker don't beep after upgrade Bug reassigned from package 'upgrade-reports' to 'linux-2.6'. thanks Stopping processing here. Please contact me if you need assistance. -- 604197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.129038594517800.transcr...@bugs.debian.org
Bug#604416: linux-image-2.6.32-5-sparc64: Kernels 2.6.32 hang on boot at Initializing cgroup subsys blkio
Package: linux-2.6 Version: 2.6.32-27 Severity: critical Tags: d-i upstream Justification: breaks the whole system Symptoms similar to https://partner-bugzilla.redhat.com/show_bug.cgi?format=multipleid=603776 -- Package-specific info: ** Kernel log: boot messages should be attached ** Model information cpu : TI UltraSparc IIe (Hummingbird) fpu : UltraSparc IIe integrated FPU prom: OBP 4.5.9 2002/02/07 02:12 type: sun4u ** Network interface configuration: auto lo eth0 iface lo inet loopback allow-hotplug eth0 iface eth0 inet static address 192.168.1.5 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 192.168.1.1 ** PCI devices: 00:03.0 Non-VGA unclassified device []: ALi Corporation M7101 Power Management Controller [PMU] [10b9:7101] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium TAbort- TAbort- MAbort- SERR- PERR- INTx- Region 0: [virtual] I/O ports at unassigned Region 1: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 2: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 3: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 4: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 5: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] [virtual] Expansion ROM at fe01 [disabled] [size=1] 00:05.0 PCI bridge [0604]: Intel Corporation 21152 PCI-to-PCI Bridge [8086:b152] (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium TAbort- TAbort- MAbort- SERR- PERR- INTx- Latency: 64, Cache Line Size: 64 bytes Region 0: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 1: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Bus: primary=00, secondary=01, subordinate=01, sec-latency=0 Memory behind bridge: 0300-047f Secondary status: 66MHz- FastB2B+ ParErr- DEVSEL=medium TAbort- TAbort- MAbort+ SERR- PERR- [virtual] Expansion ROM at fe01 [disabled] [size=1] BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: access denied 00:07.0 ISA bridge [0601]: ALi Corporation M1533/M1535/M1543 PCI to ISA Bridge [Aladdin IV/V/V+] [10b9:1533] Subsystem: ALi Corporation ALi M1533 Aladdin IV/V ISA Bridge [10b9:1533] Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium TAbort- TAbort- MAbort- SERR- PERR- INTx- Latency: 0 Region 0: [virtual] I/O ports at unassigned Region 2: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 3: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 4: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 5: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] [virtual] Expansion ROM at fe01 [disabled] [size=1] Capabilities: access denied 00:08.0 Multimedia audio controller [0401]: ALi Corporation M5451 PCI AC-Link Controller Audio Device [10b9:5451] (rev 01) Subsystem: ALi Corporation M5451 PCI AC-Link Controller Audio Device [10b9:5451] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium TAbort- TAbort- MAbort- SERR- PERR- INTx- Latency: 64 (500ns min, 6000ns max) Interrupt: pin A routed to IRQ 14 Region 0: I/O ports at 0900 [size=256] Region 1: Memory at 00424000 (32-bit, non-prefetchable) [size=8K] Region 2: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 3: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 4: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] Region 5: [virtual] Memory at fe01 (32-bit, non-prefetchable) [size=1] [virtual] Expansion ROM at fe01 [disabled] [size=1] Capabilities: access denied Kernel driver in use: ALI 5451 Kernel modules: snd-ali5451 00:0c.0 Bridge [0680]: Sun Microsystems Computer Corp. RIO EBUS [108e:1100] (rev 01) Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+
Bug#604416: linux-image-2.6.32-5-sparc64: Kernels 2.6.32 hang on boot at Initializing cgroup subsys blkio
On Sun, 2010-11-21 at 21:07 -0500, Jon Williams wrote: Package: linux-2.6 Version: 2.6.32-27 Severity: critical Tags: d-i upstream Justification: breaks the whole system You're claiming that: - This bug occurs in the installer - This bug is present in the upstream code - This bug breaks every system where the package is installed How much of the above is actually true? Symptoms similar to https://partner-bugzilla.redhat.com/show_bug.cgi?format=multipleid=603776 -- Package-specific info: ** Kernel log: boot messages should be attached [...] There is no message Initializing cgroup subsys blkio at boot, because that feature doesn't actually exist in the Debian package. It is not at all helpful to us if you look for a half-remembered log message and tell us we have the same bug. Think about it - how likely is it that a single bug specifically affects *both* Xen x86 domU systems and UltraSparc systems? We need to see the actual kernel boot log. I suggest you use a serial console to capture it. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. signature.asc Description: This is a digitally signed message part
Processed: severity of 604416 is normal, tagging 604416
Processing commands for cont...@bugs.debian.org: severity 604416 normal Bug #604416 [linux-2.6] linux-image-2.6.32-5-sparc64: Kernels 2.6.32 hang on boot at Initializing cgroup subsys blkio Severity set to 'normal' from 'critical' tags 604416 + moreinfo Bug #604416 [linux-2.6] linux-image-2.6.32-5-sparc64: Kernels 2.6.32 hang on boot at Initializing cgroup subsys blkio Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 604416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604416 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.129039531225479.transcr...@bugs.debian.org
Bug#604416: linux-image-2.6.32-5-sparc64: Kernels 2.6.32 hang on boot at Initializing cgroup subsys blkio
On Nov 21, 2010, at 10:08 PM, Ben Hutchings wrote: You're claiming that: - This bug breaks every system where the package is installed reportbug only refers to the whole system; not *every* whole system, perhaps that should be clarified? 2 breaks the whole systemrenders the entire system unusable (e.g., unbootable, unable to reach a multiuser runlevel, etc.) Symptoms similar to https://partner-bugzilla.redhat.com/show_bug.cgi?format=multipleid=603776 -- Package-specific info: ** Kernel log: boot messages should be attached [...] There is no message Initializing cgroup subsys blkio at boot, because that feature doesn't actually exist in the Debian package. It is not at all helpful to us if you look for a half-remembered log message and tell us we have the same bug. I believe this message was the last message seen when I was using config-2.6.36-trunk-sparc64 from experimental; I downgraded to 2.6.32-5 when my machine wouldn't boot. We need to see the actual kernel boot log. I suggest you use a serial console to capture it. Sun Blade 100 (UltraSPARC-IIe), No Keyboard Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. OpenBoot 4.5, 512 MB memory installed, Serial #51711065. Ethernet address 0:3:ba:15:c:59, Host ID: 83150c59. Rebooting with command: boot Can't read disk label. Can't open disk label package Boot device: disk File and args: SILO Version 1.4.14 boot: LinuxOLD debug console=ttyS0 Allocated 64 Megs of memory at 0x4000 for kernel Uncompressing image... Loaded kernel version 2.6.32 Loading initial ramdisk (9065286 bytes at 0x2F00 phys, 0x40C0 virt)... / [0.00] PROMLIB: Sun IEEE Boot Prom 'OBP 4.5.9 2002/02/07 02:12' [0.00] PROMLIB: Root node compatible: [0.00] Initializing cgroup subsys cpuset [0.00] Initializing cgroup subsys cpu [0.00] Linux version 2.6.32-5-sparc64 (Debian 2.6.32-27) (m...@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 Sat Oct 30 22:57:36 UTC 2010 [0.00] bootconsole [earlyprom0] enabled [0.00] ARCH: SUN4U [0.00] Ethernet address: 00:03:ba:15:0c:59 [0.00] Kernel: Using 2 locked TLB entries for main kernel image. [0.00] Remapping the kernel... done. [0.00] OF stdout device is: /p...@1f,0/i...@7/ser...@0,3f8 [0.00] PROM: Built device tree with 55571 bytes of memory. [0.00] Top of RAM: 0x2ff08000, Total RAM: 0x1fef4000 [0.00] Memory hole size: 256MB [0.00] [0100-f840] page_structs=131072 node=0 entry=0/0 [0.00] [0100-f880] page_structs=131072 node=0 entry=1/0 [0.00] Zone PFN ranges: [0.00] Normal 0x - 0x00017f84 [0.00] Movable zone start PFN for each node [0.00] early_node_map[5] active PFN ranges [0.00] 0: 0x - 0x8000 [0.00] 0: 0x0001 - 0x000177ff [0.00] 0: 0x00017800 - 0x00017f22 [0.00] 0: 0x00017f24 - 0x00017f79 [0.00] 0: 0x00017f80 - 0x00017f84 [0.00] On node 0 totalpages: 65402 [0.00] Normal zone: 768 pages used for memmap [0.00] Normal zone: 0 pages reserved [0.00] Normal zone: 64634 pages, LIFO batch:15 [0.00] Booting Linux... [0.00] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 64634 [0.00] Kernel command line: root=/dev/hda2 ro debug console=ttyS0 [0.00] PID hash table entries: 2048 (order: 1, 16384 bytes) [0.00] Dentry cache hash table entries: 65536 (order: 6, 524288 bytes) [0.00] Inode-cache hash table entries: 32768 (order: 5, 262144 bytes) [0.00] Memory: 498832k available (3288k kernel code, 1416k data, 184k init) [f800,2ff08000] [0.00] SLUB: Genslabs=14, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 [0.00] Hierarchical RCU implementation. [0.00] NR_IRQS:255 [0.00] clocksource: mult[b40001] shift[16] [0.00] clockevent: mult[16c16bf] shift[32] [0.00] Console: colour dummy device 80x25 [ 105.819080] Calibrating delay using timer specific routine.. 11.13 BogoMIPS (lpj=22273) [ 105.913890] Security Framework initialized [ 105.962640] SELinux: Disabled at boot. [ 106.008363] Mount-cache hash table entries: 512 [ 106.063405] Initializing cgroup subsys ns [ 106.110405] Initializing cgroup subsys cpuacct [ 106.163358] Initializing cgroup subsys devices [ 106.216347] Initializing cgroup subsys freezer [ 106.269337] Initializing cgroup subsys net_cls == 2.6.36. == Loading initial ramdisk (9761332 bytes at 0x2F00 phys, 0x40C0 virt)... - [0.00] PROMLIB: Sun IEEE Boot Prom 'OBP 4.5.9 2002/02/07 02:12' [0.00] PROMLIB: Root node compatible: [0.00] Initializing cgroup subsys
Re: Security: auto-loading protocol modules
On Sun, 2010-11-21 at 12:33 +0100, Moritz Muehlenhoff wrote: On 2010-11-18, Ben Hutchings b...@decadent.org.uk wrote: --=-ukGC3PFRUIR65dSYwt1Z Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Unlike device or filesystem modules, most protocol modules may be auto- loaded on behalf of local users without any special capabilities. This means that security vulnerabilities in such protocol modules may be exploitable by local users even on a system where there is no need for the protocol. What about CAN? It also had one or two privilege escalations in the past and seems to be used only in special purpose embedded setups. I missed that because it doesn't allow protocol = 0 so my test program failed to create a socket. The valid combinations appear to be: socket(PF_CAN, SOCK_RAW, 1) socket(PF_CAN, SOCK_DGRAM, 2) The applications I see for CAN in Debian are: - Development of automobiles, their components or diagnostic systems - Reverse-engineering and security research into deployed networks (see http://www.autosec.org/pubs/cars-oakland2010.pdf) I would not expect the need to explicitly load the module to be a problem for these users. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. signature.asc Description: This is a digitally signed message part
Processing of linux-2.6_2.6.26-26_hppa.changes
linux-2.6_2.6.26-26_hppa.changes uploaded successfully to localhost along with the files: linux-image-2.6.26-2-parisc_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc64_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc64_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb linux-headers-2.6.26-2-common_2.6.26-26_hppa.deb linux-headers-2.6.26-2-all_2.6.26-26_hppa.deb linux-headers-2.6.26-2-all-hppa_2.6.26-26_hppa.deb linux-libc-dev_2.6.26-26_hppa.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1pkogz-0006us...@franck.debian.org
linux-2.6_2.6.26-26_hppa.changes ACCEPTED into proposed-updates
Notes: Mapping stable to proposed-updates. Accepted: linux-headers-2.6.26-2-all-hppa_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-26_hppa.deb linux-headers-2.6.26-2-all_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26_hppa.deb linux-headers-2.6.26-2-common_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc64_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-26_hppa.deb linux-headers-2.6.26-2-parisc_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc64_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-26_hppa.deb linux-image-2.6.26-2-parisc_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-26_hppa.deb linux-libc-dev_2.6.26-26_hppa.deb to main/l/linux-2.6/linux-libc-dev_2.6.26-26_hppa.deb Override entries for your package: linux-headers-2.6.26-2-all-hppa_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-all_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-common_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-parisc64_2.6.26-26_hppa.deb - optional devel linux-headers-2.6.26-2-parisc_2.6.26-26_hppa.deb - optional devel linux-image-2.6.26-2-parisc-smp_2.6.26-26_hppa.deb - optional admin linux-image-2.6.26-2-parisc64-smp_2.6.26-26_hppa.deb - optional admin linux-image-2.6.26-2-parisc64_2.6.26-26_hppa.deb - optional admin linux-image-2.6.26-2-parisc_2.6.26-26_hppa.deb - optional admin linux-libc-dev_2.6.26-26_hppa.deb - optional devel Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1pkom4-0006ch...@franck.debian.org
