[leaf-devel] [ leaf-Feature Requests-626715 ] Routing Protocols
Feature Requests item #626715, was opened at 2002-10-22 02:46 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=363751aid=626715group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Anthony Williams (albyva) Assigned to: Jacques Nilo (jnilo) Summary: Routing Protocols Initial Comment: This is my request for routing protocols to be added in a future release. Example: -- Rip BGP If you build LRPs for large networks and need two LRP routers to share routing information, this would be a good idea. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=363751aid=626715group_id=13751 --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v? http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Allowing Weblet to change a root file
Hi guys, I'll admit right up front that I'm not very knowledgeable in regards to Linux, so I hope I don't come off sounding TOO foolish. I do a lot of web development, so I do know my way around a unix/linux environment somewhat. I'm more used to working in a cgi environent with perl or php, so this stuff is a tiny bit different for me. Anyhow, what I want to do basically is use weblet to run the following line: echo 1 /proc/sys/net/ipv4/ip_masq_udp_dloose and alternately: echo 0 /proc/sys/net/ipv4/ip_masq_udp_dloose I essentially want to allow someone on the local network to be able to toggle loose UDP routing on and off at will through a web interface. I made a tiny little script to do this, but it doesn't work. It runs, but the ip_masq_udp_dloose file never changes and I'm GUESSING it's because weblet isn't allowed to touch it because it's owned by root. It works fine if I run the script through the command prompt (logged in as root), just not through the web interface. How could I get around this? I tried using both chmod and chown on ip_masq_udp_dloose to allow weblet access, but nothing happens. The commands act as if they worked, but the permissions don't change. It seems a bit odd to me. Any help would be really appreciated! -Kelly _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Re: draft Bering DiskOnChip user guide chapter
Brad, Brad Fritz wrote: I will note this in the instructions. Do you know if partitioning and formatting a DFORMAT 5.x formatted DoC with fdisk/mkfs makes any difference? Will using GRUB eliminate this issue? No -- the DFORMAT program is actually doing something called a NFTL format, which is different than the normal partitioning and formatting. This can be thought of as a low-level format, related to the nand flash chips used on the DoC. Using GRUB doesn't make any difference -- in fact, the instructions for putting Grub on the DoC are more complicated than necessary because of this problem. Actually, the same partition is mounted twice like this: mount /dev/nftla1 /mnt/doc1 mount /dev/nftla1 /mnt/doc2 If you are able to test that scenario with newer drivers than are included with 2.4.18, I would like to hear what happens. Can you also tell me what version of the the modules you're using. With unmodified modules from 2.4.19, I can mount the DoC twice, read and write to either mount point, and everything seems fine. I believe that nftlcore.c is newer than the version included in 2.4.18. I've been using nftlmount.c (1.28) and nftlcore.c (1.86) to make things work with the 5.X dformat. These versions are even newer than the ones in 2.4.19. It appears the linux-mtd archives are unavailable right now. At the least I will add a link for the curious as a footnote in my instructions. If I can make time to try it out, I will incorporate the GRUB instructions into optional steps in the DocBook instructions. Thanks again, Mark. Thank you, Brad. I've been wanting to put Bering on a DoC for awhile now, your instructions certainly made it easier. Mark --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Re: draft Bering DiskOnChip user guide chapter
Brad Fritz wrote: Just to confirm, can you mount the same partition, e.g. nftla1 , twice simultaneously with the versions in 2.4.19? I only ask because your original test was mounting two separate partitions simultaneously (nftla1 and nftla2). Doh! That was a typo. My original test *was* mounting one partition twice -- the nftla2 should have been nftla1. Sorry about that. Yes, the nftl module in 2.4.19 can mount a DoC partition more than once. Is the mount command part of busybox in Bering? I was a little concerned that this problem may be related to differences in the mount executable. Mark --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Re: draft Bering DiskOnChip user guide chapter
On Tue, 22 Oct 2002 16:46:53 -0400 Mark Meade wrote: Brad Fritz wrote: Just to confirm, can you mount the same partition, e.g. nftla1 , twice simultaneously with the versions in 2.4.19? I only ask because your original test was mounting two separate partitions simultaneously (nftla1 and nftla2). Doh! That was a typo. My original test *was* mounting one partition twice -- the nftla2 should have been nftla1. Sorry about that. Yes, the nftl module in 2.4.19 can mount a DoC partition more than once. Ahh! It all makes sense now. Thank you. Is the mount command part of busybox in Bering? I was a little concerned that this problem may be related to differences in the mount executable. It is, at least under rc3: homefw: -root- # ls -l `which mount` lrwxrwxrwx[..]12 Sep 15 20:06 /bin/mount - /bin/busybox I suspect it was the driver not the bb mount applet. I say that because bb mount can mount IDE devices multiple times simultaneously. I don't know enough about bb mount and the nftl drivers to say for certain though. --Brad --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Allowing Weblet to change a root file
Kelly, On Tue, 22 Oct 2002 14:58:30 GMT Kelly Brown wrote: Hi guys, I'll admit right up front that I'm not very knowledgeable in regards to Linux, so I hope I don't come off sounding TOO foolish. I do a lot of web development, so I do know my way around a unix/linux environment somewhat. I'm more used to working in a cgi environent with perl or php, so this stuff is a tiny bit different for me. None of this sounds foolish to me. It sounds like you are already on the right track and just need a bit of help to fix the root cause of the problem. Anyhow, what I want to do basically is use weblet to run the following line: echo 1 /proc/sys/net/ipv4/ip_masq_udp_dloose and alternately: echo 0 /proc/sys/net/ipv4/ip_masq_udp_dloose I essentially want to allow someone on the local network to be able to toggle loose UDP routing on and off at will through a web interface. ssh would be a more secure way to do this, and with a little work, could be made very easy for authorized users to use. (As simple as clicking on an icon that runs plink.exe and typing a password.) That said and my conscious clear :), you should be able to make weblet do this too. I made a tiny little script to do this, but it doesn't work. It runs, but the ip_masq_udp_dloose file never changes and I'm GUESSING it's because weblet isn't allowed to touch it because it's owned by root. It works fine if I run the script through the command prompt (logged in as root), just not through the web interface. Sounds like a very good guess to me. If you wanted to verify, you could do something like this: homefw: -root- # pwd /var/sh-www/cgi-bin homefw: -root- # cat set_loose_udp_routing.wrap #!/bin/sh sh -x set_loose_udp_routing $@ 2 /tmp/test.log where set_loose_udp_routing is the real script. I did some testing (using ip_nonlocal_bind since my test Bering box does not have ip_masq_udp_dloose) and this is what I found: homefw: -root- # tail -n 2 /tmp/test.log + echo 1 set_loose_udp_routing: cannot create /proc/sys/net/ipv4/ip_nonlocal_bind: permission denied homefw: -root- # ls -al /proc/sys/net/ipv4/ip_nonlocal_bind -rw-r--r-- 1 root wheel [..] /proc/sys/net/ipv4/ip_nonlocal_bind How could I get around this? I think the most secure solution would be to write a minimal C program that sets ip_nonlocal_bind and run it setuid root. There was some discussion of this awhile back on leaf-user or leaf-devel surrounding Jon Clausen's blinder project, IIRC. Less secure would be to do the same thing with a setuid shell script. Probably the least secure would be to run weblet as root rather than sh-httpd as described at http://www.mail-archive.com/leaf-user;lists.sourceforge.net/msg07465.html (That posting should get you close to the discussion of the setuid C program too.) I tried using both chmod and chown on ip_masq_udp_dloose to allow weblet access, but nothing happens. The commands act as if they worked, but the permissions don't change. It seems a bit odd to me. Not positive, but I think that's probably because it is part of the /proc pseudo filesystem. --Brad --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Allowing Weblet to change a root file
On Tue, Oct 22, 2002 at 09:40:26PM -0500, Brad Fritz wrote: How could I get around this? I think the most secure solution would be to write a minimal C program that sets ip_nonlocal_bind and run it setuid root. There was some discussion of this awhile back on leaf-user or leaf-devel surrounding Jon Clausen's blinder project, IIRC. YRC: My problem was a little different, but the same principles apply. In order to get cron to notice that a new crontab file was installed, I needed to get the timestamp of the directory /var/spool/cron/crontabs updated. The directory is owned by root, so I basically had two options: run sh-httpd as root (not a great ideda), or make an suid binary that does something in the directory. I went with option two, and got some help creating a tiny little C program that creates a file notify in that dir, and erases it again immediately. This operation had the desired effect, and all was good. The way it's done, is that the program has paths/filename hardcoded in it, and takes no arguments, so there is very little possibility of (direct) misuse. So anyone can execute it, and have cron update it's knowledge of crontabs on the system. Adapting that program to do what you need is probably not that difficult. I'd be happy to take a stab at it, but I'm not really a C programmer (yet anyway). Less secure would be to do the same thing with a setuid shell script. It's my understanding that shell scripts will not work suid. (I did try that out before turning to C, it never worked, and I seem to remember seeing an explanation of why it doesn't work somewhere...) CCMIW Probably the least secure would be to run weblet as root rather -and since your host *is* a firewall (which my Blinder system is *not*), I'd advice against that. I tried using both chmod and chown on ip_masq_udp_dloose to allow weblet access, but nothing happens. The commands act as if they worked, but the permissions don't change. It seems a bit odd to me. Not positive, but I think that's probably because it is part of the /proc pseudo filesystem. Sounds reasonable... (?) HTH Jon Clausen --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Bering v1.0-rc4 available
Finally, it's out. All the details are here: http://leaf.sourceforge.net/article.php?sid=61 This should be the last rc version before 1.0 final. So please report any remaining bug in the distro and/or the documentation to the leaf-devel list Enjoy! Jacques Eric --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Allowing Weblet to change a root file
Minor typo correction below... On Tue, 22 Oct 2002 21:40:26 EST I wrote: [snip] I made a tiny little script to do this, but it doesn't work. It runs, but the ip_masq_udp_dloose file never changes [snip] I think the most secure solution would be to write a minimal C program that sets ip_nonlocal_bind and run it setuid root. ip_nonlocal_bind should be ip_masq_udp_dloose. Sorry about that. --Brad --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0002en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
