[leaf-devel] local root exploit in linux Kernel <= 2.4.19 (?)
Hi there, i just saw a message from the cert of the university of stuttgart ( only german: http://cert.uni-stuttgart.de/ticker/article.php?mid=1000) which says that there seem to be some real security problems with kernel < 2.4.20pre11 (or 2.4.19 with a special patch applied). The y do not give real details expecept that this vulnerabilities can be used for Denial of service Attacks and local root exploits. It seems that some of these problems were fixed silently in 2.4.19 (without any official statement!) and they point to a patch fixing the other ones , too. There is a link to a bugtraq message concerning redhat kernel updates but this only talks about security problems in a few drivers. ( http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00256.html ). But they also mention that because of the DMCA the official information is very rare (??). just wanted to let you know, if someone finds out more interesting details, i am interested too (eh, does anyone know about the DMCA legal stuff??) regards, arne --- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CF (write protect) + IDE adapter
On Fri, Feb 08, 2002 at 02:57:44PM -0800, Mike Sensney wrote: > At 09:29 AM 2/8/2002 -0600, guitarlynn wrote: > ... > >In other words, how many folks have said: "Can I run LEAF on a > >harddrive (IDE)". We say, "you can, but it is a security risk compared > >to a floppy". What would it mean to be able to say: "You can use a hd, > >but if you want it as secure as the floppy, a $10-20 add-in IDE module > >is available here (link)." I think a lot of people would find this > >useful, IMHO, or maybe I'm thinking too hard and flogging a dead dog! > > A simple question: > > What if during the initial boot process you mount your hard disk as a > read-only device then delete the mount command? Would this be sufficient > protection for a HD? (i.e. Is there any other program that could be used > to remount the HD?) > > Saving config changes could be handled by mounting a config floppy during > the init process that never gets umounted during normal operation. >From my point of view, i would like to put my config data on a flashdisk or a harddisk as i do not trust floppies very much. What i would like to have is a switch connected or whatever that lets me physically enable write protection on the fly and not only at boot, cause i want to be able to update my system without the need to reboot. I just don't know how to do this for now, but that's my personal goal. So the router is protected as long as the switch is on "write protection", if i change something i have to physically press a switch on this machine... Only achieving protection for the hd could be done using other methods, maybe, like looking for a way to let linux only mount it read only in the kernel or whatever (maybe use grsecurity massivly or LIDS). But i used the Flashdisk cause i wanted to get rid of the floppy drive... So maybe there are different needs out there. --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CF (write protect) + IDE adapter
On Thu, Feb 07, 2002 at 10:41:33AM -0600, Charles Steinkuehler wrote: > > > This is the solution I was hoping for, but it looks like the ADM on > board > > > three pin jumper is for master/slave selection not WP#. :-( > > > > but shouldn't it be possible to build an adapter that is between the > > motherboard and the ata disk that changes just this behaviour and loops > all > > other pins through ?? > > These Flashdisks are normally just plugged into the motherboard, right ? > > its not the best solution, but i never saw anything that directly had this > > switch on the disk :( > > No...this is not (easily) possible. > > The ATA interface is a complex combination of registers that require > read/write access to send commands and recieve status/data from the ATA > device. To install a "write-protect device" between the motherboard and an > ATA device, you need something that understands ATA at the application > level, and returns some sort of error for logical write commands. While not > impossible to implement, something like this would be quite complex, on the > order of the hardware RAID devices that look like a single large ATA (or > SCSI) disk drive, but interface to multiple physical storage devices. I understand this. But as i see this, this special device has one pin that it put to ground enables write protection. So what i that was: why not put this adapter between it that does nothing but connecting all pins from the device to the motherboard directly, except one, #30, which can be set to ground or whatever using a switch. As #30 seems not to be used by normal ATA, it should make not difference to the motherboard. the adapter is just an physical extension to avoid brazing on the ATA device itself... > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CF (write protect) + IDE adapter
On Thu, Feb 07, 2002 at 08:06:47AM -0800, Mike Noyes wrote: > In other words, you need a custom motherboard/ata controller, to support > WP# pin 30. > > >I would suggest folks wanting to make use of this new ATA flash disk > >with write-enable wire a switch between pins one and two of the WP# > >jumper on the disk module (perhaps using an old "turbo" switch, if > >you're lucky enough to have one available on your case of choice). > > This is the solution I was hoping for, but it looks like the ADM on board > three pin jumper is for master/slave selection not WP#. :-( but shouldn't it be possible to build an adapter that is between the motherboard and the ata disk that changes just this behaviour and loops all other pins through ?? These Flashdisks are normally just plugged into the motherboard, right ? its not the best solution, but i never saw anything that directly had this switch on the disk :( --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] my stuff (uClibc based root)
On Mon, Jan 28, 2002 at 07:52:06AM +0100, Ewald Wasscher wrote: > arne @ loopback . org wrote: > > >Hi, > > > >sourceforge/leaf. Note that this is not complete, it does not build a real > >working root.lrp yet, > > > Too bad, that was what I was hoping to see. Yes, me too ;-) I am working on it, but as my priority is finding a new job right now, i am not sure how much time i can spend on it in the next few weeks :( > > >stuff from src.tgz into your src dir (e.g. /usr/src) go into it, become root > >(needed for some install scripts) , > > > Perhaps we should consider the use of fakeroot for the "next-generation" > leaf, to avoid this. Anyone an opinion? Yes this might be a way, of course. But the main problem is that there is time when this will fail, especially creating the real root install dir ( the root.lrp) which has to be done as root to get the right permissions. expecially for tinylogin which needs to be suid root.. Or do i missunderstand fakeroot here ?? > > >and make a > >./makeit make and go out for lunch. If you do that its a good idea to > >redirect the output to a file... > >After that use ./makeit install to install the stuff into build/root > >you find the scripts for making/cleaning in src/scripts all binaries in > >src/build/ ... > > > I will have a look at it, Thanks, all binaries should be installed correctly, there are some scripts missing that are not copyied, though. > > Ewald Wasscher > > --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] my stuff (uClibc based root)
Hi, as i write this, i am putting my sources up to devel/arneb on sourceforge/leaf. Note that this is not complete, it does not build a real working root.lrp yet, but as people might be interested... To have a look at it: install uClibc on youre machine (version 0.9.8 is in the orig-src archive), under /usr/i386-linux/uclibc (the default place). After that put in the stuff from src.tgz into your src dir (e.g. /usr/src) go into it, become root (needed for some install scripts) , and make a ./makeit make and go out for lunch. If you do that its a good idea to redirect the output to a file... After that use ./makeit install to install the stuff into build/root you find the scripts for making/cleaning in src/scripts all binaries in src/build/ ... thats all for now... -- arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Re: Ticker script
On Wed, Jan 23, 2002 at 11:29:40PM +0100, Jacques Nilo wrote: > Ah ! the beauty of shell scripting :-) > Back to original LRP spirit ... > A nice suggestion. I buy it ! (a beer is OK ?) o.k. you win for now. I just put the ticker in as an additional busybox applet and it add exactly 256 Bytes, But i am working on that ;-) > Jacques > > > --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] should LEAF cut over to uClibc? (was Tooo long :)
On Wed, Jan 23, 2002 at 11:30:49AM -0800, [EMAIL PROTECTED] wrote: > On Wed, 23 January 2002, Ray Olszewski wrote: > > > > > Good comments. I have one big disagreement. > > > > At 07:04 PM 1/23/02 +0100, KP Kirchdörfer wrote: > > [...] > > >> dhclient.lrp (for external dynamic connections > > > > > >Does a router/firewall really need that?? > > [...] > > > > Yes. DHCP is the standard way cable-modem providers issue IP addresses and > > related info here in the USA. Not including it keeps LEAF out of the biggest > > segment of broadband. > > One additional is the availability of the PPPoE client. Perhaps not cire, but >certainly it should be available as an add-in. To many DSL users are being forced to >use it and I have no doubt that corporate interests may begin deploying elsewhere as >a management tool. I compiled both some time ago against uClibc. I did not test it though. but i think other people use this already. i successfully compiled dhclient 2.0pl4 (from debian potato) against uCLibc without any problem (the server does compile too). The only thing that gives real problems right now with uClibc is if it uses libresolv, the most other clients should compile (i think there are even perl and python out there). And it will get better, as the developers are still developing , it has nothing to do with lineo anymore... > > -sp > > > > ___ > Leaf-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-devel -- arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Announcement: LEAF 2.4.16 + Shorewall 1.2.2
On Sun, Jan 20, 2002 at 06:13:01PM +0100, Jacques Nilo wrote: > Jack Coates wrote: > > > Was not it CERBERE (I am not sure of the English spelling) the dog who was > keeping the entry of Hell ? Well i know it as cerberus (the latin name ??), but please have a look at: http://www.mythweb.com/hercules/herc17.html > Jacques > > > > ___ > Leaf-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-devel --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] [ leaf-Patches-500162 ] routerst - router status via browser
On Sun, Jan 06, 2002 at 06:51:14AM -0800, [EMAIL PROTECTED] wrote: > Patches item #500162, was opened at 2002-01-06 06:51 > You can respond by visiting: > http://sourceforge.net/tracker/?func=detail&atid=313751&aid=500162&group_id=13751 > just where to get this Routerst.lrp ?? --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Console (newt based) Interface
Hi, i spent my last two weeks in playing around with my gcc again, and made a first test version of a text/menu based version of a config frontend for lrp (it currently works for my version for kernel 2.4, based on lrp 2.9.8 and soon uClibc). For now it just configures the stuff in the network.conf, but this will change in the future. I would make versions for other lrp based dists also (like dachstein, oxygen ??), but it should be clear that this will only work with configuration files NOT containing anything else than configuration keys-value pairs and comments (and no shell script functions like dachstein had in previous versions). This version now works (most of the time) and is intented to be a test, i know that i will have to rewrite a lot of things. It is not ready for production use, but i would people to have a look at it if they like (and help me find bugs, etc.). If anyone is interested, mail to me and i send you a copy of the program (bin only, the src will follow the next days). It is statically compiled against uClibc and minislang and is 125KB in Size (the tar gz is aroung 56kb). It should be possible to get this even smaller, as size was not so importend for this test hack. I would just like to know, what people think. so... --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] More on the LEAF Repository
On Fri, Dec 07, 2001 at 09:13:57AM -0600, Charles Steinkuehler wrote: > > Also remember - this is completely program generated > > > > http://leaf.sourceforge.net/pub/oxygen/repository/ looks nice! just a comment to the desc file, how about adding another information into it: libc: ??? (or something similar). it might come the time where people are using glib-2.1.3 , 2.2.4 or uClibc, and i would like to know if a packet is too old to use it , cause of the libc... what do you think ?? --arne > > > > ___ > Leaf-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] initrd initrd_archive and initramf
Hi, i just saw a message that kernel 2.5 will be supporting a new type of initial ramdisk, as the old initrd may be gone in a while...: The first initramfs patch was posted by Alexander Viro this week. This patch is the implementation of the new 2.5 boot process that was first discussed in the July 12 kernel page. In this scheme, the kernel executable image carries with it a cpio archive containing the contents of the initial root filesystem. That archive is loaded into a ramdisk at boot time, at which time it can be used to continue the system initialization process. The hope is to move much kernel initialization code out of kernel space and into this ramdisk. The result is a smaller kernel and more flexibility in how the bootstrap process is set up. For the moment, the tasks that have been moved to user space include: - Finding and mounting the real (permanent) root filesystem. NFS root filesystems are handled here as well. - Setting up any initial ramdisk (usually for the purpose of loading kernel modules needed for the boot process). - Running the linuxrc boot script. - Finding the real init process and running it. There is more that can be moved into this filesystem, but that's a good start. The claim is that kernels running with this patch will function identically; no boot setups should be broken or require changes. Mr. Viro would, of course, like to hear from anybody with evidence to the contrary. its from http://lwn.net/2001/0802/bigpage.php3 looks interesting i think ... -- arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] How-to get rid of LRP kernel patches
On Thu, Nov 08, 2001 at 02:31:45PM -0800, Jeff Newmiller wrote: > On Thu, 8 Nov 2001, Jacques Nilo wrote: > > What about the following idea: > > One reserve a keyword like bootmod.lrp to store those /boot/modules > > files and this module is a "normal" LRP package. If this bootmod is > > found in the LRP=package file list then it is unpacked through: > > gunzip -c bootmod.lrp | qt busybox tar -x > > Advantages: > > You keep your pre-boot module loading facility and your do that using > > standard LRP packaging format. Of course this bootmod.lrp wuold have to > > be stored on the floppy disk > > I don't use a floppy. This solution would exclude me. Either the initrd > image will have to be updatable by the LEAF system, or someone in my > situation will have to get custom initrd or kernel versions to handle the > alternate boot hardware, much the way regular distributions have numerous > boot disk versions. > > I think the kernel patch remains the best compromise. I don't use kernel 2.2 ;-) And i want to use kernel 2.4 > 2.4.9. This does not work for now, cause there are no patches available for this. I have started to make them running, but this is work that has to be done every time the kernel people change stuff in the affected parts, and i am sure, they will. So my solution would be to port the patch to kernel 2.4.14 or make something like an small initrd.gz which would work for all kernel (2.4 at least), and put in harddisk/cdrom support (i use flashdisks)... > > --- > Jeff NewmillerThe . . Go Live... > DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live Go... > Live: OO#.. Dead: OO#.. Playing > Research Engineer (Solar/BatteriesO.O#. #.O#. with > /Software/Embedded Controllers) .OO#. .OO#. rocks...2k > --- > > > ___ > Leaf-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-devel -- arne ------ Arne Bernin Netropol Digitale Systeme Lagerstrasse 30a Tel: +49 404325 D-20357 Hamburg/Germany Fax: +49 4028416740 [EMAIL PROTECTED] --- ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] How-to get rid of LRP kernel patches
On Thu, Nov 08, 2001 at 09:45:33PM +0100, Jacques Nilo wrote: > > Using a Linux-specific initrd.gz you're stuck. Also, what's the point > > of root.lrp if initrd.gz contains everything? > Well I think initrd.gz should contain as few things as possible. In my > proposal it boils down basically to libc6, ld-linux, ash, busybox, sed > and root.linuxrc. I would go a step further. make a minimal busybox only containing very few applets(tar,msh as shell,mount,ls,cat,...) And link it statically with uClibc. This will result in a quite small binary and you don't need to include a big libc... > That is why you really don't need to back-up this as you would need it > for a standard package with config files and the like. And I also do > not see the need to make modification to root.linuxrc in the LRP > environnement: there is not reason to change this script outside of LRP > development. > My only concern with this is the initial module loading introduced by > Charles in dachstein. But I think I have found a solution to take care > of this. See previous post. The Problem with your previous post is, that you can not load the loadmod.lrp from the boot medium cause you need the modules from there to access your boot medium. I would prefer to put it into the kernel, this would lead to a few customed kernels, but only a few. As i want to concentrate my work on LRP for Systems with CD,harddisk or flashdisk i have no Problem with a larger kernel. My main Problem is to have it the size to fit on a floppy. But if we do not use a embedded libc we will run into problems anyway, as fewer programs will support glibc-2.0.7 and we have to switch to another libc. This will break the floppy stuff (as using kernel 2.4 might). > Jacques > > --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Anybody succes with initrd_dyn
Hi, i was just playing around with the initrd_dyn stuff from ftp.psychosis.com. What i tried to to is to boot my lrp system with that using kernel 2.4.9 and syslinux. But i can not get it to work, i get messages like "no init found". My problem is i don't know how exactly an append line for this should be. Another point is that it will not get into the standard kernel as it seems, initrd_archive + linuxrc_always does not work either for kernel > 2.4.9 so maybe its time to try something new like mounting a minimal real initrd first and creating a ramfs from that and putting the packages ... --arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] dachstein rc1 cd won't boot.
On Fri, Oct 12, 2001 at 03:30:28PM -0500, Charles Steinkuehler wrote: > i just had a look and a i like the idea of putting this on CD (We are > selling our systems with an IDE Flashdisk, though). But, > i would like to see the config scripts be seperate from the configs itself, > thats one difference to the release i made for myself. > > CS> What exactly do you mean here? AB> Well i mean that in LRP 2.9.8 you have only the settings in the network.conf (e.g. IF0_IFNAME=...) and not functions defined like in Dachstein. I find this confusing. i have only "real config files" as network.conf and network_direct.conf and all the shell script stuff in /etc/init.d/network. But thats caused by the base (LRP 2.9.8) too... Is it now clearer ?? > > The other is of course Kernel 2.4... > > CS> I plan on re-working pretty much everything and making a 2.4 kernel > based firewall, with uClibc (for small floppies & limited functionality > systems) and optional support for current glibc libraries for folks with the > space and need to run it. AB> Sounds nice. i am dreaming of that since half a year, but i could not get the needed binary to compile with uClibc (i needed isdnutils and especially the ipsec stuff and iptables. Did not get this to work). And i do not want to use any Firewall systems with kernel 2.2, 2.4 is so much easier and cooler for the way i design my rules... > > CS> I'll change this in the next release. As a seperate issue, would it be > better to use the package names, or stick with the numbers, or maybe even > support both (should be possible, as long as no-one makes a 3.lrp package > :)? Also, you can use E and L (upper or lower case) for package "numbers" > with the b, d, and t commands, as well (this may also not be obvious). > AB> i think package names are to long (so much characters to type in ;-) > CS> Actually, I couldn't wait...Being a firm believer in the concept that > things should work as expected, I modified the script to accept either a > package name or number, with the following package names as special cases: > e E all everything - Backup all packages > l L - Backup everything but logs > > Now, whatever you think is, the scripts will probably do what you > want...this functionality will be in the next release. yep, sound good. Are you planning to upgrade to a new busybox version ?? It works o.k. for me (including bb ifconfig and bb route and even ash). If you would use even init and syslogd from bb root.lrp gets quite small, and i think the functionality is o.k for a router , or am i wrong ?? > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > --arne ------ Arne Bernin Netropol Digitale Systeme Lagerstrasse 30a Tel: +49 404325 D-20357 Hamburg/Germany Fax: +49 4028416740 [EMAIL PROTECTED] --- Fppmpppff mpfmm mfpmffmpppff pmfmppfmmmp pmpmmmpp mfffmmfmp ffmfppmfmmmfmf! ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] dachstein rc1 cd won't boot.
Hi, i am sending this only to the list, so you want get it twice... On Fri, Oct 12, 2001 at 10:13:04AM -0500, Charles Steinkuehler wrote: > CS> > For some reason, the system is not automatically detecting your CD-Rom on > /dev/hdd. I'll try to re-create this here and fix the init-scripts (if > they're broken), but in the meantime, you can probably get going with the > following procedure: > > Start with a blank floppy, or the bootdisk.bin image if your system won't > boot from CD with a floppy disk in the drive. > > Create a file called "pkgpath.cfg" on the blank floppy. > > edit pkgpath.cfg, so it contains a single line with the text: > /dev/hdd:iso9660 > NOTE: This file may need a unix EOL...I'm not sure what will happen if the > init script sees a carrige return as well as a line-feed...another thing to > test :) well as i do not have any non UNIX System here around (except for testing ipsec clients), no Problem ;-) Yes and this works! (with the pkgpath.cfg). i just had a look and a i like the idea of putting this on CD (We are selling our systems with an IDE Flashdisk, though). But, i would like to see the config scripts be seperate from the configs itself, thats one difference to the release i made for myself. The other is of course Kernel 2.4... But i like the new lrcfg interface it looks nice. But please change the description there: b ) Backup d ) Set Backup Destination and so on, i tried multiple time to insert: d root ... or something like that would be nicer... > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > ------ Arne Bernin Netropol Digitale Systeme Lagerstrasse 30a Tel: +49 404325 D-20357 Hamburg/Germany Fax: +49 4028416740 [EMAIL PROTECTED] --- ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] dachstein rc1 cd won't boot.
Hi, i have problems with the dachstein rc1 cd. The machine boots from cd, identifies the cdrom at hdd as ATAPI 2xCDROM and then cannot load the other packages (etc.lrp ...). it just says: could not mount the boot device can't install packages. I have not floppy inserted and no harddisk (now) in this machine... -- arne ------ Arne Bernin Netropol Digitale Systeme Lagerstrasse 30a Tel: +49 404325 D-20357 Hamburg/Germany Fax: +49 4028416740 [EMAIL PROTECTED] --- Fppmpppff mpfmm mfpmffmpppff pmfmppfmmmp pmpmmmpp mfffmmfmp ffmfppmfmmmfmf! ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] converting ansi to .dpy
Hi, is it possible to convert a ansi file to the format used by syslinux ?? There are many ansi editors out there but i haven´t found one for syslinux... thanks, arne ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
