Re: Linux executable startup stack structure

[Shachar Shemesh]

Valery Reznic wrote:

P.S. And what do you need it for (except curiosity) ?

  
It's going to be a somewhat long p.s. If you understood the problem I'm 
trying to solve, skip ahead to area marked "proposed solution" for how 
I'll be trying to solve it.


Here's a piece of trivia for you. /lib/ld-linux.so and glibc go 
together. This is true in the sense that they are compiled from the same 
sources, but even more so, it is true in the sense that you cannot 
intermix versions of it. Take an old linux version's chroot you have, 
replace ld-linux there with a new version, and try chrooting into it. 
You will likely get something along the lines of the following error:

# /usr/sbin/chroot /srv/chroot/etch/
/bin/bash: relocation error: /lib/tls/libc.so.6: symbol 
_dl_out_of_memory, version GLIBC_PRIVATE not defined in file 
ld-linux.so.2 with link time reference


I'm not sure whether it's glibc relying on ld-linux or the other way 
around (the first would, at least, make some kind of sense), but any way 
you turn it, things don't work.


As far as I know, there are three approaches to emulating a chroot. 
There is "fakechroot", which uses LD_PRELOAD. This means it cannot 
override anything that ld-linux (a statically compiled library, for 
obvious reasons) do, which means that when you run "chroot 
/srv/chroot/etch/", both ld-linux and glibc (as well as any other 
library mentioned in the ELF header) gets loaded from the real root of 
the system, so no problem there (except the obvious one - that the 
chroot isn't much of one). The second approach is the one employed by 
user mode linux. It basically catches everything and everywhere, and 
replaces the entire tasks otherwise performed by the real kernel, and so 
no problem but a HUGE overhead.


Fakeroot-ng goes the middle path. In concept it does what fakechroot 
does - intercept syscalls and either perform them differently, give 
bogus answers or emulate something. The main difference (well, the main 
core difference) is that fakeroot-ng uses ptrace rather than LD_PRELOAD, 
which means that statically compiled programs (as well as programs 
merely not linked with glibc, or linked with a different version etc..) 
are handled. There is just one problem: Since that is the case, when you 
run "chroot /srv/chroots/etch", you get a chrooted process (i.e. - a 
process that fakeroot-ng emulates all path calls for) that tries to load 
/lib/glibc (which fakeroot-ng redirects to /srv/chroots/etch/lib/glibc). 
The entity loading the interpreter, however, is the kernel, and that is 
not controlled by fakeroot-ng. The result is that the Etch glibc is run 
with Lenny's ld-linux, and you get the same error message as above.


The proposed solution

I can't say I have it firmly, or that I know it will work. This is just 
something I'm investigating. The idea is that we modify the execve 
syscall so that instead of running /bin/cat or 
/srv/chroots/etch/bin/cat, we run /srv/chroots/etch/lib/ld-linux.so. 
This will cause the kernel to set up the memory and process state in a 
way that is almost what we want to eventually happen. After a successful 
execve on a traced program, the debugger gets a signal with the program 
traced before it had a chance to execute a single instruction. We then 
manually load /srv/chroots/etch/bin/cat into the process state, and 
modify the runtime structures so that ld-linux will think it was started 
in interpreter mode rather than in direct mode. This will cause the 
right interpreter to be loaded, and everything should work.


There are many steps to climb in this plan, of course, but the only one 
for which I was missing data was this - where ld-linux found out which 
interpreter is active, and what other data is in there that maybe needs 
to be processed. For example, I found out that auxv also stores the uid 
and euid, and I may wish to modify these (as I'm trying to fool the 
program into thinking it's running as root). Then again, things worked 
fine so far without it, and I only need to delve there if I'm doing a 
chroot, so I may not bother. We'll see.


Hope that answered the curiosity part :-)

Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux executable startup stack structure

[Valery Reznic]

--- On Thu, 7/3/08, Shachar Shemesh <[EMAIL PROTECTED]> wrote:

> From: Shachar Shemesh <[EMAIL PROTECTED]>
> Subject: Re: Linux executable startup stack structure
> To: [EMAIL PROTECTED]
> Cc: "Fakeroot NG" <[EMAIL PROTECTED]>, "linux-il" 
> Date: Thursday, July 3, 2008, 10:46 AM
> Valery Reznic wrote:
> > P.S. And what do you need it for (except curiosity) ?
> >
> >   
> It's going to be a somewhat long p.s. If you understood
> the problem I'm 
> trying to solve, skip ahead to area marked "proposed
> solution" for how 
> I'll be trying to solve it.
Curiosity part is (mostly) satisfied.

I think your proposed solution will work (no reason why not)
And if you change AT_ENTRY in the auxv you'll trick ld-linux to think
it was loaded as interpreter and not directly.
But why you need it and what good it will do ?

Interpreter use this information (interpreter/directly) to adjust argc/argv 
that will be passed to main()

Valery
> 
> Here's a piece of trivia for you. /lib/ld-linux.so and
> glibc go 
> together. This is true in the sense that they are compiled
> from the same 
> sources, but even more so, it is true in the sense that you
> cannot 
> intermix versions of it. Take an old linux version's
> chroot you have, 
> replace ld-linux there with a new version, and try
> chrooting into it. 
> You will likely get something along the lines of the
> following error:
> > # /usr/sbin/chroot /srv/chroot/etch/
> > /bin/bash: relocation error: /lib/tls/libc.so.6:
> symbol 
> > _dl_out_of_memory, version GLIBC_PRIVATE not defined
> in file 
> > ld-linux.so.2 with link time reference
> 
> I'm not sure whether it's glibc relying on ld-linux
> or the other way 
> around (the first would, at least, make some kind of
> sense), but any way 
> you turn it, things don't work.
> 
> As far as I know, there are three approaches to emulating a
> chroot. 
> There is "fakechroot", which uses LD_PRELOAD.
> This means it cannot 
> override anything that ld-linux (a statically compiled
> library, for 
> obvious reasons) do, which means that when you run
> "chroot 
> /srv/chroot/etch/", both ld-linux and glibc (as well
> as any other 
> library mentioned in the ELF header) gets loaded from the
> real root of 
> the system, so no problem there (except the obvious one -
> that the 
> chroot isn't much of one). The second approach is the
> one employed by 
> user mode linux. It basically catches everything and
> everywhere, and 
> replaces the entire tasks otherwise performed by the real
> kernel, and so 
> no problem but a HUGE overhead.
> 
> Fakeroot-ng goes the middle path. In concept it does what
> fakechroot 
> does - intercept syscalls and either perform them
> differently, give 
> bogus answers or emulate something. The main difference
> (well, the main 
> core difference) is that fakeroot-ng uses ptrace rather
> than LD_PRELOAD, 
> which means that statically compiled programs (as well as
> programs 
> merely not linked with glibc, or linked with a different
> version etc..) 
> are handled. There is just one problem: Since that is the
> case, when you 
> run "chroot /srv/chroots/etch", you get a
> chrooted process (i.e. - a 
> process that fakeroot-ng emulates all path calls for) that
> tries to load 
> /lib/glibc (which fakeroot-ng redirects to
> /srv/chroots/etch/lib/glibc). 
> The entity loading the interpreter, however, is the kernel,
> and that is 
> not controlled by fakeroot-ng. The result is that the Etch
> glibc is run 
> with Lenny's ld-linux, and you get the same error
> message as above.
> 
> The proposed solution
> 
> I can't say I have it firmly, or that I know it will
> work. This is just 
> something I'm investigating. The idea is that we modify
> the execve 
> syscall so that instead of running /bin/cat or 
> /srv/chroots/etch/bin/cat, we run
> /srv/chroots/etch/lib/ld-linux.so. 
> This will cause the kernel to set up the memory and process
> state in a 
> way that is almost what we want to eventually happen. After
> a successful 
> execve on a traced program, the debugger gets a signal with
> the program 
> traced before it had a chance to execute a single
> instruction. We then 
> manually load /srv/chroots/etch/bin/cat into the process
> state, and 
> modify the runtime structures so that ld-linux will think
> it was started 
> in interpreter mode rather than in direct mode. This will
> cause the 
> right interpreter to be loaded, and everything should work.
> 
> There are many steps to climb in this plan, of course, but
> the only one 
> for which I was missing data was this - where ld-linux
> found out which 
> interpreter is active, and what other data is in there that
> maybe needs 
> to be processed. For example, I found out that auxv also
> stores the uid 
> and euid, and I may wish to modify these (as I'm trying
> to fool the 
> program into thinking it's running as root). Then
> again, things worked 
> fine so far without it, and I only need to delve there if
> I'm doing a 
> chroot, so I may not bot

Re: Linux executable startup stack structure

[Shachar Shemesh]

Valery Reznic wrote:


I think your proposed solution will work (no reason why not)
  
Actually, I can think of four or five reasons why it may fail, but I'll 
cross those bridges when I get to them.

And if you change AT_ENTRY in the auxv you'll trick ld-linux to think
it was loaded as interpreter and not directly.
But why you need it and what good it will do ?
  
It will allow me to control both which executable is loaded AND which 
interpreter, thus allowing me to emulate the chroot syscall, adding 
another small functionality to what fakeroot-ng can do. I'm not sure 
this program passes the investment/return tradeoff, but it's fun to do 
stuff no one was insane enough to do before, so I go ahead anyways.
Interpreter use this information (interpreter/directly) to adjust argc/argv 
that will be passed to main()
  
Except the argv array passed is the one for interpreter mode, not direct 
mode.


You app does:
chroot("/srv/chroots/etch")
chdir("/");
execve("/bin/bash", array("-bash", NULL))

You would expect to get a login shell, whose "ps" show up as being 
called "-bash" (what makes it a login shell), chrooted.


If you just run your program, chroot will return EPERM because you are 
not root.


If you run it using fakechroot, you will get the chroot version of bash, 
but using the real root's glibc, ld-linux, curses and whatever else bash 
uses.


When you run it with fakeroot-ng, this is what happens today:
chroot - the call is intercepted, and turned into a "geteuid" (or, in 
other words, a NOP). Fakeroot resolves /srv/chroots/etch, and marks that 
as the new root for your process.
chdir - fakeroot-ng intercepts that, and resolves "/" to mean 
"/srv/chroots/etch/", it lets the original chroot continue using the 
altered argument.
excve - fakeroot-ng intercepts that, and turns "/bin/bash" into 
"/srv/chroots/etch/bin/bash". execve continues, load /lib/ld-linux.so.2 
to handle the dynamic linking, which call open on "/lib/libc.so.6". 
Fakeroot-ng intercepts that and turns it into an open on 
"/srv/chroots/etch/lib/libc.so.6". Since /lib/ld-linux.so.2 and 
/srv/chroots/etch/lib/libc.so.6 are of different versions, things break 
down.


What will happen:
execve - intercepted. Fakeroot-ng converts /bin/bash into 
/srv/chroots/etch/bin/bash, reads the file, sees it is ELF, checks the 
interpreter, sees that it is /lib/ld-linux.so.2, converts that to 
/srv/chroots/etch/lib/ld-linux.so.2, make some sanity checks, and alter 
the arguments. Now the syscall that actually goes into the kernel is:

execve("/srv/chroots/etch/lib/ld-linux.so.2", array("-bash", NULL))
As soon as the kernel finishes the setup, fakeroot-ng again takes 
control. It parses /srv/chroots/etch/bin/bash, and make the calls 
(somehow) in the process context to open that file, and map it into 
memory in the correct areas. It also patches auxv's entry points to be 
the correct ones for bash. It then allows the process to go on executing.
ld-linux figures out it was loaded in interpreter mode, parses the bash 
ELF headers (which fakeroot-ng, rather than the kernel, placed in 
memory), and figures it needs to load /lib/libc.so.6. It calls 
open("/lib/libc.so.6")
fakeroot-ng intercepts that call, and converts it to 
open("/srv/chroots/etch/lib/libc.so.6")
Both interpreter and libc are loaded from the chroot environment, so 
everything works


profit


Valery

Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Grub weirdness

[Noam Rathaus]

Hi,

We encountered a grub weirdness and I can't find any reference to this issue 
on the Internet.

Recipe:
1) Install debian via debian-installer (testing version)
2) Get a "standard desktop" running
3) Download a tar.gz of another debian-installer based system
4) Boot into a network-based rescue disk
5) untar the tar.gz into the system
6) Reboot

From this point the grub boots and shows the prompt, Internet sites suggest 
that the /boot/grub/ directory is malformed, or missing, or doesn't have the 
configuration files - this is not true, everything is there :)

If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then move 
it back to /boot/ (replacing the one found inside the tar.gz) the system 
boots - but with a wrong kernel, obviously.

Ideas?

-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Yedidyah Bar-David]

On Thu, Jul 03, 2008 at 01:26:48PM +0300, Noam Rathaus wrote:
> Hi,
> 
> We encountered a grub weirdness and I can't find any reference to this issue 
> on the Internet.
> 
> Recipe:
> 1) Install debian via debian-installer (testing version)
> 2) Get a "standard desktop" running
> 3) Download a tar.gz of another debian-installer based system
> 4) Boot into a network-based rescue disk
> 5) untar the tar.gz into the system
> 6) Reboot
> 
> From this point the grub boots and shows the prompt, Internet sites suggest 
> that the /boot/grub/ directory is malformed, or missing, or doesn't have the 
> configuration files - this is not true, everything is there :)
> 
> If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then 
> move 
> it back to /boot/ (replacing the one found inside the tar.gz) the system 
> boots - but with a wrong kernel, obviously.
> 
> Ideas?

Did you try to reinstall grub? E.g.
grub-install /dev/sda
Do this after untarring etc.
-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Shachar Shemesh]

Noam Rathaus wrote:

Hi,

We encountered a grub weirdness and I can't find any reference to this issue 
on the Internet.


Recipe:
1) Install debian via debian-installer (testing version)
2) Get a "standard desktop" running
3) Download a tar.gz of another debian-installer based system
4) Boot into a network-based rescue disk
5) untar the tar.gz into the system
6) Reboot

From this point the grub boots and shows the prompt, Internet sites suggest 
that the /boot/grub/ directory is malformed, or missing, or doesn't have the 
configuration files - this is not true, everything is there :)


If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then move 
it back to /boot/ (replacing the one found inside the tar.gz) the system 
boots - but with a wrong kernel, obviously.


Ideas?

  
Is /boot on the same partition as the root of the system? If not, are 
they after the tar extraction? Are they the same file system?


Is the version of grub in the tar the same as the version installed?

I'm not sure I understand what the problem is. Is it that the menu 
doesn't come up? If so, does /boot/grub/ exist, and is it populated with 
the stage* files? /boot/grub/device.map? Does the content of 
/boot/grub/device.map make sense?


Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

I will try and get back to you :)

On Thursday 03 July 2008 13:46:48 Yedidyah Bar-David wrote:
> On Thu, Jul 03, 2008 at 01:26:48PM +0300, Noam Rathaus wrote:
> > Hi,
> >
> > We encountered a grub weirdness and I can't find any reference to this
> > issue on the Internet.
> >
> > Recipe:
> > 1) Install debian via debian-installer (testing version)
> > 2) Get a "standard desktop" running
> > 3) Download a tar.gz of another debian-installer based system
> > 4) Boot into a network-based rescue disk
> > 5) untar the tar.gz into the system
> > 6) Reboot
> >
> > From this point the grub boots and shows the prompt, Internet sites
> > suggest that the /boot/grub/ directory is malformed, or missing, or
> > doesn't have the configuration files - this is not true, everything is
> > there :)
> >
> > If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then
> > move it back to /boot/ (replacing the one found inside the tar.gz) the
> > system boots - but with a wrong kernel, obviously.
> >
> > Ideas?
>
> Did you try to reinstall grub? E.g.
> grub-install /dev/sda
> Do this after untarring etc.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

Hi,

The "blue" menu doesn't appear, only the prompt.

Everything is "identical" the only different between "before" and "after" is 
that the "tar.gz" is based on stable kernel, while the installer was based on 
a testing kernel.

But that shouldn't affect it, as I am basically replacing everything...

Maybe a better approach would be to "format" the /dev/sda partition first?

On Thursday 03 July 2008 13:49:09 Shachar Shemesh wrote:
> Noam Rathaus wrote:
> > Hi,
> >
> > We encountered a grub weirdness and I can't find any reference to this
> > issue on the Internet.
> >
> > Recipe:
> > 1) Install debian via debian-installer (testing version)
> > 2) Get a "standard desktop" running
> > 3) Download a tar.gz of another debian-installer based system
> > 4) Boot into a network-based rescue disk
> > 5) untar the tar.gz into the system
> > 6) Reboot
> >
> > From this point the grub boots and shows the prompt, Internet sites
> > suggest that the /boot/grub/ directory is malformed, or missing, or
> > doesn't have the configuration files - this is not true, everything is
> > there :)
> >
> > If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then
> > move it back to /boot/ (replacing the one found inside the tar.gz) the
> > system boots - but with a wrong kernel, obviously.
> >
> > Ideas?
>
> Is /boot on the same partition as the root of the system? If not, are
> they after the tar extraction? Are they the same file system?
>
> Is the version of grub in the tar the same as the version installed?
>
> I'm not sure I understand what the problem is. Is it that the menu
> doesn't come up? If so, does /boot/grub/ exist, and is it populated with
> the stage* files? /boot/grub/device.map? Does the content of
> /boot/grub/device.map make sense?
>
> Shachar


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

Hi,

I mounted the problematic disk with a rescue disk.

Under /mnt/custom

Now when I try to run grub-install:
grub-install --root-directory=/mnt/custom /dev/sda

I get 
The file /mnt/custom/grub/boot/stage1 not read correctly


On Thursday 03 July 2008 13:46:48 Yedidyah Bar-David wrote:
> On Thu, Jul 03, 2008 at 01:26:48PM +0300, Noam Rathaus wrote:
> > Hi,
> >
> > We encountered a grub weirdness and I can't find any reference to this
> > issue on the Internet.
> >
> > Recipe:
> > 1) Install debian via debian-installer (testing version)
> > 2) Get a "standard desktop" running
> > 3) Download a tar.gz of another debian-installer based system
> > 4) Boot into a network-based rescue disk
> > 5) untar the tar.gz into the system
> > 6) Reboot
> >
> > From this point the grub boots and shows the prompt, Internet sites
> > suggest that the /boot/grub/ directory is malformed, or missing, or
> > doesn't have the configuration files - this is not true, everything is
> > there :)
> >
> > If I "move" the /boot/ directory to /boot.backup/ prior to untaring, then
> > move it back to /boot/ (replacing the one found inside the tar.gz) the
> > system boots - but with a wrong kernel, obviously.
> >
> > Ideas?
>
> Did you try to reinstall grub? E.g.
> grub-install /dev/sda
> Do this after untarring etc.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Shachar Shemesh]

Noam Rathaus wrote:

Hi,

The "blue" menu doesn't appear, only the prompt.
  
Can you boot anyways? Take the commands written in the menu.lst file 
under the kernel version you want and type them at the prompt one at a 
time, adding "boot" as the last command. It should start the right kernel.


Was the tar taken from an installed or an uninstalled image?

As part of the install process, grub adjusts info so it can find the 
parameter file. It seems to be the only part not loaded in your setup, 
so I'm assuming that's the problem. Try reinstalling grub.



Maybe a better approach would be to "format" the /dev/sda partition first?
  
The only thing you really need is to chroot into the system and run 
grub-install from there.


Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Shachar Shemesh]

Noam Rathaus wrote:

Hi,

I mounted the problematic disk with a rescue disk.

Under /mnt/custom

Now when I try to run grub-install:
grub-install --root-directory=/mnt/custom /dev/sda

I get 
The file /mnt/custom/grub/boot/stage1 not read correctly


  
Don't use "--root-directory". Chroot into it. Either that, or break your 
teeth on the "setup" and "install" commands available by running grub 
itself.


Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Yedidyah Bar-David]

On Thu, Jul 03, 2008 at 02:03:13PM +0300, Noam Rathaus wrote:
> Hi,
> 
> The "blue" menu doesn't appear, only the prompt.
> 
> Everything is "identical" the only different between "before" and "after" is 
> that the "tar.gz" is based on stable kernel, while the installer was based on 
> a testing kernel.
> 
> But that shouldn't affect it, as I am basically replacing everything...
> 
> Maybe a better approach would be to "format" the /dev/sda partition first?

I think that if your aim is to only replace kernel(s), you make sure
your tar does not replace other files, only kernels, plus perhaps
menu.lst (so that these kernels are selectable from the menu).
Specifically, do not replace under /boot/grub any files except for,
perhaps, menu.lst and device.map.
-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

Hi,

Issue is that if I chroot, there is no /dev/sda there.. unless u tell me how 
to manually create it :)

On Thursday 03 July 2008 14:17:46 Shachar Shemesh wrote:
> Noam Rathaus wrote:
> > Hi,
> >
> > I mounted the problematic disk with a rescue disk.
> >
> > Under /mnt/custom
> >
> > Now when I try to run grub-install:
> > grub-install --root-directory=/mnt/custom /dev/sda
> >
> > I get
> > The file /mnt/custom/grub/boot/stage1 not read correctly
>
> Don't use "--root-directory". Chroot into it. Either that, or break your
> teeth on the "setup" and "install" commands available by running grub
> itself.
>
> Shachar


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

Hi,

My aim is to take a dump of one server (tar.gz) and put it on a new server, 
effectively duplicating the computer.

On Thursday 03 July 2008 14:21:54 Yedidyah Bar-David wrote:
> On Thu, Jul 03, 2008 at 02:03:13PM +0300, Noam Rathaus wrote:
> > Hi,
> >
> > The "blue" menu doesn't appear, only the prompt.
> >
> > Everything is "identical" the only different between "before" and "after"
> > is that the "tar.gz" is based on stable kernel, while the installer was
> > based on a testing kernel.
> >
> > But that shouldn't affect it, as I am basically replacing everything...
> >
> > Maybe a better approach would be to "format" the /dev/sda partition
> > first?
>
> I think that if your aim is to only replace kernel(s), you make sure
> your tar does not replace other files, only kernels, plus perhaps
> menu.lst (so that these kernels are selectable from the menu).
> Specifically, do not replace under /boot/grub any files except for,
> perhaps, menu.lst and device.map.


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Noam Rathaus]

I got the /dev/sda created under /mnt/custom

The error still presists though...

This is what I can find:
> If you get an error that says The file /boot/grub/stage1 not read correctly,
> it probably means that your fstab/mtab is incorrect for some reason and
> needs to be fixed. These files are /etc/mtab and /etc/fstab. Edit them and
> make sure they point to the correct partitions, then rerun grub-install.   

I checked /etc/fstab points correctly :)

> If this still doesn't fix the error message and you're using ext2/3 as
> filesystem for your boot partition, use "tune2fs -l /dev/sda1" to check for
> the Inode size of your root/boot partition. Anything else than 128 will make
> grub unable to read the partition. The only solution for this problem is to
> recreate your rootfs with the correct options (fix /etc/mke2fs.conf and set
> inode_size to 128).  

The data returned shows inode size is 256, is this a problem? :)

I am not sure how recent this documentation is 
(http://wiki.archlinux.org/index.php/Reinstalling_GRUB)



On Thursday 03 July 2008 15:03:22 Noam Rathaus wrote:
> Hi,
>
> Issue is that if I chroot, there is no /dev/sda there.. unless u tell me
> how to manually create it :)
>
> On Thursday 03 July 2008 14:17:46 Shachar Shemesh wrote:
> > Noam Rathaus wrote:
> > > Hi,
> > >
> > > I mounted the problematic disk with a rescue disk.
> > >
> > > Under /mnt/custom
> > >
> > > Now when I try to run grub-install:
> > > grub-install --root-directory=/mnt/custom /dev/sda
> > >
> > > I get
> > > The file /mnt/custom/grub/boot/stage1 not read correctly
> >
> > Don't use "--root-directory". Chroot into it. Either that, or break your
> > teeth on the "setup" and "install" commands available by running grub
> > itself.
> >
> > Shachar


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Omer Zak]

Since no one has already suggested the following, I'm making this
suggestion:
1. cp -r /boot /tmp/boot-before
2. Untar the tarfile
3. cp -r /boot /tmp/boot-after
4. diff -r /tmp/boot-before /tmp/boot-after
5. Study the differences.
6. ???
7. Profit!

On Thu, 2008-07-03 at 15:04 +0300, Noam Rathaus wrote:
> Hi,
> 
> My aim is to take a dump of one server (tar.gz) and put it on a new server, 
> effectively duplicating the computer.
> 
> On Thursday 03 July 2008 14:21:54 Yedidyah Bar-David wrote:
> > On Thu, Jul 03, 2008 at 02:03:13PM +0300, Noam Rathaus wrote:
> > > Hi,
> > >
> > > The "blue" menu doesn't appear, only the prompt.
> > >
> > > Everything is "identical" the only different between "before" and "after"
> > > is that the "tar.gz" is based on stable kernel, while the installer was
> > > based on a testing kernel.
> > >
> > > But that shouldn't affect it, as I am basically replacing everything...
> > >
> > > Maybe a better approach would be to "format" the /dev/sda partition
> > > first?
> >
> > I think that if your aim is to only replace kernel(s), you make sure
> > your tar does not replace other files, only kernels, plus perhaps
> > menu.lst (so that these kernels are selectable from the menu).
> > Specifically, do not replace under /boot/grub any files except for,
> > perhaps, menu.lst and device.map.
-- 
42 is the answer to everything.  Food is the answer to everything except
obesity.
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness [solved]

[Noam Rathaus]

Hi,

The problem is solved, the error still there if I do it from the rescue disk, 
but it boots if I do it manually from the grub prompt.

Once it booted, I re-run grub-install and now it works without doing it from 
the prompt :)

Thanks guy.

On Thursday 03 July 2008 15:34:28 Noam Rathaus wrote:
> I got the /dev/sda created under /mnt/custom
>
> The error still presists though...
>
> This is what I can find:
> > If you get an error that says The file /boot/grub/stage1 not read
> > correctly, it probably means that your fstab/mtab is incorrect for some
> > reason and needs to be fixed. These files are /etc/mtab and /etc/fstab.
> > Edit them and make sure they point to the correct partitions, then rerun
> > grub-install.
>
> I checked /etc/fstab points correctly :)
>
> > If this still doesn't fix the error message and you're using ext2/3 as
> > filesystem for your boot partition, use "tune2fs -l /dev/sda1" to check
> > for the Inode size of your root/boot partition. Anything else than 128
> > will make grub unable to read the partition. The only solution for this
> > problem is to recreate your rootfs with the correct options (fix
> > /etc/mke2fs.conf and set inode_size to 128).
>
> The data returned shows inode size is 256, is this a problem? :)
>
> I am not sure how recent this documentation is
> (http://wiki.archlinux.org/index.php/Reinstalling_GRUB)
>
> On Thursday 03 July 2008 15:03:22 Noam Rathaus wrote:
> > Hi,
> >
> > Issue is that if I chroot, there is no /dev/sda there.. unless u tell me
> > how to manually create it :)
> >
> > On Thursday 03 July 2008 14:17:46 Shachar Shemesh wrote:
> > > Noam Rathaus wrote:
> > > > Hi,
> > > >
> > > > I mounted the problematic disk with a rescue disk.
> > > >
> > > > Under /mnt/custom
> > > >
> > > > Now when I try to run grub-install:
> > > > grub-install --root-directory=/mnt/custom /dev/sda
> > > >
> > > > I get
> > > > The file /mnt/custom/grub/boot/stage1 not read correctly
> > >
> > > Don't use "--root-directory". Chroot into it. Either that, or break
> > > your teeth on the "setup" and "install" commands available by running
> > > grub itself.
> > >
> > > Shachar


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: I need your addvice on ISP troubleshooting.

[Dotan Cohen]

2008/6/30 sara fink <[EMAIL PROTECTED]>:
> My first advice is to lie about the OS. Sadly that's the case.  Or tell them
> you have  another pc with windows and  you have the same problem.

They will ask you to click on all sorts of things as the idiot with
the checklist checks things off. This route leads to them knowing that
we lied!

> 2nd advice, tell them that you checked at a neigbour and everything is ok.
> See their reaction on that.

You are talking to people reading from a card. That contingency is not
on the card it means nothing.

> 3. Business account, threaten them. You lose money. Assertive, that's the
> name of the game.

Maybe.

> For the technical problems, try the following things:
> 1. reduce mtu to 1400-1450. That's what I was adviced from an expert.
> 2.  When you ping change the size of the packet gradually. the default for
> ping on linux is 64 bytes. Try to increase it. I bet you will have more
> packet loss as you increase.
> 3. Install the program mtr and see exactly where the packet loss occurs.
> http://www.bitwizard.nl/mtr/

No, they will tell you that their routers dropping mtr packets is
normal. Look at this:
http://dotancohen.com/images/examples/bezeq.html
I get that when I cannot browse to google.com and slashdot.org. And
they tell me that is normal. So the situation is that both Google.com
and slashdot.org go down at the same time, but no one else on the
internet notices, and that at the same time that their router dropping
normal mtr packets.

> Once you pinpoint where the problem is, you can go to complain. Not sure it
> will help. I have the same saga with hot. ;-( Hot are even worse, because
> they don't want to admit.
>

I am with Hot via Bezeq.

> If they say configure the router, ask them what parameters you should
> reconfigure.  If they don't know, ask a superior person.
>

Ha! They will say that they don't support routers. They want people to
connect directly from a Windows computer.

> The packet loss is outside the country or in Israel?
>

For me at least, Israeli sites work fine with the exception of the
Technion websites.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

New network device causes 'jump' from eth0 to eth1

[Noam Rathaus]

Hi,

I moved an HD from one computer to another (not related to the grub issue :D), 
and because there is a different network card, eth0 is not longer present and 
now eth1 is the deacto network card.

I don't want to reconfigure a few products I have bounded to eth0 (mainly 
firewall rules).

How can I "force" it to use the new network card driver on eth0 instead of 
eth1?

Or basically, where is it written that eth0 is 'thismodule' while eth1 
is 'thisothermodule'?

I tried modprobe.conf/modules.conf:
alias eth0 e1000e

Without success - it still - after modprobe e1000e - gives me access to it 
only through eth1


-- 
Noam Rathaus
CTO
[EMAIL PROTECTED]
http://www.beyondsecurity.com

"Know that you are safe."

Beyond Security Finalist for the "Red Herring 100 Global" Awards 2007

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: New network device causes 'jump' from eth0 to eth1

[Shachar Shemesh]

Noam Rathaus wrote:

Hi,

I moved an HD from one computer to another (not related to the grub issue :D), 
and because there is a different network card, eth0 is not longer present and 
now eth1 is the deacto network card.


I don't want to reconfigure a few products I have bounded to eth0 (mainly 
firewall rules).


How can I "force" it to use the new network card driver on eth0 instead of 
eth1?


Or basically, where is it written that eth0 is 'thismodule' while eth1 
is 'thisothermodule'?


I tried modprobe.conf/modules.conf:
alias eth0 e1000e

Without success - it still - after modprobe e1000e - gives me access to it 
only through eth1



  
On Debian systems, check out /etc/udev/rules.d/z25-persistent-network. 
Just delete the lines for the old and the new network card, and let it 
choose automatically eth0.


Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: New network device causes 'jump' from eth0 to eth1

[Omer Zak]

--=-norL4QRk5t43W51udD8G
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

The relevant file is /etc/network/interfaces - see man 5 interfaces.


On Thu, 2008-07-03 at 16:27 +0300, Noam Rathaus wrote:
> Hi,
> 
> I moved an HD from one computer to another (not related to the grub issue 
> :D), 
> and because there is a different network card, eth0 is not longer present and 
> now eth1 is the deacto network card.
> 
> I don't want to reconfigure a few products I have bounded to eth0 (mainly 
> firewall rules).
> 
> How can I "force" it to use the new network card driver on eth0 instead of 
> eth1?
> 
> Or basically, where is it written that eth0 is 'thismodule' while eth1 
> is 'thisothermodule'?
> 
> I tried modprobe.conf/modules.conf:
> alias eth0 e1000e
> 
> Without success - it still - after modprobe e1000e - gives me access to it 
> only through eth1
-- 
42 is the answer to everything.  Food is the answer to everything except
obesity.
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html

--=-norL4QRk5t43W51udD8G
Content-Disposition: attachment; filename=check-mac-address.sh
Content-Type: application/x-shellscript; name=check-mac-address.sh
Content-Transfer-Encoding: 7bit

#!/bin/sh
# Checks if the given interface matches the given ethernet MAC
# if it does it exits with 0 status, if it doesn't then it exists
# with 1 (error) status.

set -e

export LANG=C

if [ ! -n "$1" -o ! -n "$2" ] ; then
echo "Usage: $0 IFACE targetMAC"
exit 1
fi
iface="$1"
targetmac=`echo "$2" | sed -e 'y/ABCDEF/abcdef/'`
mac=$(/sbin/ifconfig "$iface" | sed -n -e '/^.*HWaddr 
\([:[:xdigit:]]*\).*/{s//\1/;y/ABCDEF/abcdef/;p;q;}')

if [ "$targetmac" = "$mac" ]; then exit 0; else exit 1; fi

--=-norL4QRk5t43W51udD8G--


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: New network device causes 'jump' from eth0 to eth1

[Baruch Siach]

Hi Noam,

On Thu, Jul 03, 2008 at 04:27:29PM +0300, Noam Rathaus wrote:
> Hi,
> Or basically, where is it written that eth0 is 'thismodule' while eth1 is 
> 'thisothermodule'?

udev takes care of this. On Debian machines the relevant configuration file is 
/etc/udev/rules.d/z25_persistent-net.rules. I guess there is something similar 
for other distributions.

baruch

-- 
 ~. .~   Tk Open Systems
=}ooO--U--Ooo{=
   - [EMAIL PROTECTED] - tel: +972.2.679.5364, http://www.tkos.co.il -

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

source for libtermcap

[Aharon Schkolnik]

Hi.

I am looking for the source for  /lib/libtermcap.so.2.0.8 which comes from rpm 
libtermcap-2.0.8-35.

Everything I have found so far points me to sunsite, but I can not find the 
sources there.

Does anyone know where I can find the sources ?

TIA


-- 
  The day is short, and the work is great,|  Aharon Schkolnik
  and the laborers are lazy, and the reward   |  
  is great, and the Master of the house is|  [EMAIL PROTECTED]
  impatient. - Ethics Of The Fathers Ch. 2|  054 3344135

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

source for libtermcap - more information

[Aharon Schkolnik]

Hi.

I am looking for the source for  /lib/libtermcap.so.2.0.8 which comes from rpm 
libtermcap-2.0.8-35.

Everything I have found so far points me to sunsite, but I can not find the 
sources there.




I have also seen references to   

Homepage:   ftp://metalab.unc.edu/pub/Linux/GCC/

but it doesn't seem to be there either.




Does anyone know where I can find the sources ?

TIA


-- 
  The day is short, and the work is great,|  Aharon Schkolnik
  and the laborers are lazy, and the reward   |  
  is great, and the Master of the house is|  [EMAIL PROTECTED]
  impatient. - Ethics Of The Fathers Ch. 2|  054 3344135

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Yedidyah Bar-David]

On Thu, Jul 03, 2008 at 03:48:15PM +0300, Omer Zak wrote:
> Since no one has already suggested the following, I'm making this
> suggestion:
> 1. cp -r /boot /tmp/boot-before
> 2. Untar the tarfile
> 3. cp -r /boot /tmp/boot-after
> 4. diff -r /tmp/boot-before /tmp/boot-after
> 5. Study the differences.

I am not a grub expert, but I'd point out the principal problem with
this method (which usually works as expected): grub is a boot loader, it
has parts which are outside of the filesystem. The files in /boot/grub
are installed by the grub package of your distribution, and grub-install
installs stage1 of grub where you tell it (usually on the mbr of your
boot disk). During this, it checks where stage2 (and perhaps other
things I do not know about) is on disk, and puts the offsets inside
stage1 so that it can load and execute it. As I said - this is only
principal. In reality there is stage1.5 and all kinds of interesting
things. BTW, in case you did not realize that, grub "legacy" (what you
know as grub) is basically frozen for many years now, and all energy of
the developers is put into grub2.
-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness

[Yedidyah Bar-David]

On Thu, Jul 03, 2008 at 03:04:05PM +0300, Noam Rathaus wrote:
> Hi,
> 
> My aim is to take a dump of one server (tar.gz) and put it on a new server, 
> effectively duplicating the computer.

OK, so I repeat my suggestion below: Do not duplicate the files that
belong to grub, only the rest of the system. That is, do replace
everything outside /boot, and the kernels, and menu.lst, but not the
other files in /boot/grub. If you insist on replacing them too, do this:
1. Do as I suggested (replace everything but them).
2. Boot your new installation.
3. untar /boot of the original server, and run grub-install.
-- 
Didi


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux executable startup stack structure

[Valery Reznic]

--- On Thu, 7/3/08, Shachar Shemesh <[EMAIL PROTECTED]> wrote:

> From: Shachar Shemesh <[EMAIL PROTECTED]>
> Subject: Re: Linux executable startup stack structure
> To: [EMAIL PROTECTED]
> Cc: "linux-il" , "Fakeroot NG" <[EMAIL PROTECTED]>
> Date: Thursday, July 3, 2008, 12:50 PM
> Valery Reznic wrote:
> >
> > I think your proposed solution will work (no reason
> why not)
> >   
> Actually, I can think of four or five reasons why it may
> fail, but I'll 
> cross those bridges when I get to them.
Could you list them ?

> > And if you change AT_ENTRY in the auxv you'll
> trick ld-linux to think
> > it was loaded as interpreter and not directly.
> > But why you need it and what good it will do ?
> >   
> It will allow me to control both which executable is loaded
> AND which 
> interpreter, thus allowing me to emulate the chroot
> syscall, adding 
I don't think so. You intercept execve syscall, and instead of
 
you give it 
  

I.e you already have full control of both program and interpreter that are 
going to be loaded.

But after you execve as
ld-linux program args
 
tricking interpreter to think that it was loaded directly should be a problem. 
Unless you are going to change argc/argv before interpreter get control.
But why bother ?
execve interpreter looks like good solution.

Valery.




> another small functionality to what fakeroot-ng can do.
> I'm not sure 
> this program passes the investment/return tradeoff, but
> it's fun to do 
> stuff no one was insane enough to do before, so I go ahead
> anyways.
Sure, it should be fun.

Valery.


> > Interpreter use this information
> (interpreter/directly) to adjust argc/argv 
> > that will be passed to main()
> >   
> Except the argv array passed is the one for interpreter
> mode, not direct 
> mode.
> 
> You app does:
> chroot("/srv/chroots/etch")
> chdir("/");
> execve("/bin/bash", array("-bash",
> NULL))
> 
> You would expect to get a login shell, whose "ps"
> show up as being 
> called "-bash" (what makes it a login shell),
> chrooted.
> 
> If you just run your program, chroot will return EPERM
> because you are 
> not root.
> 
> If you run it using fakechroot, you will get the chroot
> version of bash, 
> but using the real root's glibc, ld-linux, curses and
> whatever else bash 
> uses.
> 
> When you run it with fakeroot-ng, this is what happens
> today:
> chroot - the call is intercepted, and turned into a
> "geteuid" (or, in 
> other words, a NOP). Fakeroot resolves /srv/chroots/etch,
> and marks that 
> as the new root for your process.
> chdir - fakeroot-ng intercepts that, and resolves
> "/" to mean 
> "/srv/chroots/etch/", it lets the original chroot
> continue using the 
> altered argument.
> excve - fakeroot-ng intercepts that, and turns
> "/bin/bash" into 
> "/srv/chroots/etch/bin/bash". execve continues,
> load /lib/ld-linux.so.2 
> to handle the dynamic linking, which call open on
> "/lib/libc.so.6". 
> Fakeroot-ng intercepts that and turns it into an open on 
> "/srv/chroots/etch/lib/libc.so.6". Since
> /lib/ld-linux.so.2 and 
> /srv/chroots/etch/lib/libc.so.6 are of different versions,
> things break 
> down.
> 
> What will happen:
> execve - intercepted. Fakeroot-ng converts /bin/bash into 
> /srv/chroots/etch/bin/bash, reads the file, sees it is ELF,
> checks the 
> interpreter, sees that it is /lib/ld-linux.so.2, converts
> that to 
> /srv/chroots/etch/lib/ld-linux.so.2, make some sanity
> checks, and alter 
> the arguments. Now the syscall that actually goes into the
> kernel is:
> execve("/srv/chroots/etch/lib/ld-linux.so.2",
> array("-bash", NULL))
> As soon as the kernel finishes the setup, fakeroot-ng again
> takes 
> control. It parses /srv/chroots/etch/bin/bash, and make the
> calls 
> (somehow) in the process context to open that file, and map
> it into 
> memory in the correct areas. It also patches auxv's
> entry points to be 
> the correct ones for bash. It then allows the process to go
> on executing.
> ld-linux figures out it was loaded in interpreter mode,
> parses the bash 
> ELF headers (which fakeroot-ng, rather than the kernel,
> placed in 
> memory), and figures it needs to load /lib/libc.so.6. It
> calls 
> open("/lib/libc.so.6")
> fakeroot-ng intercepts that call, and converts it to 
> open("/srv/chroots/etch/lib/libc.so.6")
> Both interpreter and libc are loaded from the chroot
> environment, so 
> everything works
> 
> profit
> 
> > Valery
> Shachar
> 
> -
> Sponsored by: SourceForge.net Community Choice Awards: VOTE
> NOW!
> Studies have shown that voting for your favorite open
> source project,
> along with a healthy diet, reduces your potential for
> chronic lameness
> and boredom. Vote Now at
> http://www.sourceforge.net/community/cca08
> ___
> Fakerootng-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/fakerootng-devel


  

==

X cursor problem

[Shlomo Solomon]

My cursor dissappeared. By randomly movng the mouse, I could see that the 
mouse was functioning (icons, windows, etc were highlighted so I 
could "guess" where the cursor should have been). 

I tried 2 possible solutions but neither solved the problem:
1 - ctrl-alt-Backspace to restart X
2 - ctrl-alt-F1 and from the terminal init 3 and then back to init 5
In both cases, my new X/KDE sessions came up with no cursor.

In the end, I rebooted and everything is back to normal - but, hey, I 
shouldn't have to boot for something like this.

What am I missing? 

BTW - I've had this problem before (although very rare - last time was several 
months ago).


-- 
Shlomo Solomon  
http://the-solomons.net
Sent by KMail 1.9.9 (KDE 3.5.9) on LINUX Mandriva 2008.1


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Gedit accelerator keys not working under KDE?

[Omer Zak]

I was not successful in using accelerator keys in Gedit, when running it
under KDE desktop.
Is this a known problem, or am I doing anything wrong?

The relevant versions are:
* Debian Etch Linux
* KDE desktop, version 3.5.5 (the kdebase package version is
3.5.5a.dfsg.1-6etch2).
* gedit 2.14.4 (the kedit package version is 2.14.4-8)

--- Omer


-- 
One does not make peace with enemies.  One makes peace with former
enemies.
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Linux executable startup stack structure

[Shachar Shemesh]

Valery Reznic wrote:



Actually, I can think of four or five reasons why it may
fail, but I'll 
cross those bridges when I get to them.


Could you list them ?

  
Let's see. Off the top of my head, these are not necessarily "won't 
work" problems, but obstacles to overcome:
- I need to execute several syscalls in the process context. Usually 
that is a solved problem, as I turn the syscall it was doing anyways 
into a mmap, put the command for syscall in the memory I allocate, and 
then set the program counter there for any additional syscall I need. 
This won't work here because the process is not entering a syscall.
- So we need to initiate a syscall. If the stack is executable, we can 
write a "syscall" command there. If not, we need to look for one inside 
the code. Long and slow process.
- When the kernel loads the interpreter, it uses a different load 
address than when it loads it as an executable. This may cause problems 
for us.
- The memory WE allocate is allocated earlier than we would before. It 
may interfere with other things.


It will allow me to control both which executable is loaded
AND which 
interpreter, thus allowing me to emulate the chroot
syscall, adding 


I don't think so. You intercept execve syscall, and instead of
 
you give it 
  


  
There are three parameters that we need to control, and only two that 
are passed to execve. The three are "which executable to use", "which 
interpreter to load it with" and "what to call argv[0]". My way allows 
controlling all three, your way allows no control over how argv[0] is 
called. I thought of it, and decided it's enough of a problem to justify 
the horrendous thing I'm suggesting here.


I don't remember all of the reasons why I abandoned this route (one of 
them is what appears on "ps", btw), so I don't remember the details, but 
I believe you may also have problems if you try to run a shell script 
that runs a binary that needs an interpreter (i.e. - any shell script).

I.e you already have full control of both program and interpreter that are 
going to be loaded.

But after you execve as
ld-linux program args
 
tricking interpreter to think that it was loaded directly should be a problem. 
  
Which is why I touch execve's first argument (the command to run), but 
not the second (the command line to pass it). I am running ld-linux with 
a command line that is nonsense to it, but then patch the runtime 
environment so that the command line retroactively makes sense again. 
This way, ps still displays the right thing.

Unless you are going to change argc/argv before interpreter get control.
But why bother ?
execve interpreter looks like good solution.
  
Maybe if the above problems prove too much. I don't want to lose argv[0] 
control just yet.

Valery.

  

Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: X cursor problem

[Omer Zak]

Looks like your cursor was loaded by an empty or transparent cursor
image.


On Thu, 2008-07-03 at 18:03 +0300, Shlomo Solomon wrote:
> My cursor dissappeared. By randomly movng the mouse, I could see that the 
> mouse was functioning (icons, windows, etc were highlighted so I 
> could "guess" where the cursor should have been). 
> 
> I tried 2 possible solutions but neither solved the problem:
> 1 - ctrl-alt-Backspace to restart X
> 2 - ctrl-alt-F1 and from the terminal init 3 and then back to init 5
> In both cases, my new X/KDE sessions came up with no cursor.
> 
> In the end, I rebooted and everything is back to normal - but, hey, I 
> shouldn't have to boot for something like this.
> 
> What am I missing? 
> 
> BTW - I've had this problem before (although very rare - last time was 
> several 
> months ago).
-- 
You haven't made an impact on the world before you caused a Debian
release to be named after Snufkin.
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: X cursor problem

[Shlomo Solomon]

Sounds logical, but:
1 - how did this happen in the middle of a session (uptime of a few weeks)?
2 - why didn't restarting X or the runlevel solve this?
3 - how could I have solved this without the re-boot?

On Thursday 03 July 2008, Omer Zak wrote:
> Looks like your cursor was loaded by an empty or transparent cursor
> image.
>
> On Thu, 2008-07-03 at 18:03 +0300, Shlomo Solomon wrote:
> > My cursor dissappeared. By randomly movng the mouse, I could see that the
> > mouse was functioning (icons, windows, etc were highlighted so I
> > could "guess" where the cursor should have been).
> >
> > I tried 2 possible solutions but neither solved the problem:
> > 1 - ctrl-alt-Backspace to restart X
> > 2 - ctrl-alt-F1 and from the terminal init 3 and then back to init 5
> > In both cases, my new X/KDE sessions came up with no cursor.
> >
> > In the end, I rebooted and everything is back to normal - but, hey, I
> > shouldn't have to boot for something like this.
> >
> > What am I missing?
> >
> > BTW - I've had this problem before (although very rare - last time was
> > several months ago).



-- 
Shlomo Solomon
http://the-solomons.net
Sent by KMail 1.9.9 (KDE 3.5.9) on LINUX Mandriva 2008.1


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness [solved]

[Ehud Karni]

On Thu, 3 Jul 2008 16:00:11 +0300, Noam Rathaus <[EMAIL PROTECTED]> wrote:
>
> The problem is solved, the error still there if I do it from the rescue disk,
> but it boots if I do it manually from the grub prompt.
>
> Once it booted, I re-run grub-install and now it works without doing it from
> the prompt :)

You can run the grub-install from the rescue disk by the following
commands (assume you have the root partition mounted on /mnt/newroot)

## 1st, you need to create /dev/sda or /dev/hda devices
## (depending on your kernel and hard disk) on /mnt/newroot/dev
## sda
mknod /mnt/newroot/dev/sda  b 8 0
mknod /mnt/newroot/dev/sda1 b 8 1
## hda
mknod /mnt/newroot/dev/hda  b 3 0
mknod /mnt/newroot/dev/hda1 b 3 1

## 2nd, chroot to the installed root & grub-install
chroot /mnt/newroot
  mount /sys   ## I'm not sure if you really need this command
   ## Anyway, You should have sysfs in your fstab
  if you need to make init ram disk:
##  /sbin/mkinitrd -f /boot/initrd-.img 
  /sbin/grub-install /dev/sda

I did it several times to duplicate a Fedora installation.

I have a script that does all the needed operation: fdisk, mkfs, mkswap
mount and untarring, fix some etc files (motd, mail) and grub install.

I advise you to at least delete the /etc/ssh/ssh_host* files (they will
be recreated - i.e. new keys - when you run sshd).

Ehud.


--
 Ehud Karni   Tel: +972-3-7966-561  /"\
 Mivtach - Simon  Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 GnuPG: 98EA398D Better Safe Than Sorry

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: New network device causes 'jump' from eth0 to eth1

[Ehud Karni]

On Thu, 3 Jul 2008 16:41:20 Baruch Siach wrote:
>
> On Thu, Jul 03, 2008 at 04:27:29PM +0300, Noam Rathaus wrote:
> > Hi,
> > Or basically, where is it written that eth0 is 'thismodule' while eth1 is
> > 'thisothermodule'?
>
> udev takes care of this. On Debian machines the relevant configuration file is
> /etc/udev/rules.d/z25_persistent-net.rules. I guess there is something similar
> for other distributions.

On Fedora/Centos the file /etc/sysconfig/network-scripts/ifcfg-eth
can have the line:   HWADDR=xx:xx:xx:xx:xx:xx  (mac address)
to assign the eth to specific network card.

Ehud.


--
 Ehud Karni   Tel: +972-3-7966-561  /"\
 Mivtach - Simon  Fax: +972-3-7966-667  \ /  ASCII Ribbon Campaign
 Insurance agencies   (USA) voice mail and   X   Against   HTML   Mail
 http://www.mvs.co.il  FAX:  1-815-5509341  / \
 GnuPG: 98EA398D Better Safe Than Sorry

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: X cursor problem

[Shachar Shemesh]

Shlomo Solomon wrote:

Sounds logical, but:
1 - how did this happen in the middle of a session (uptime of a few weeks)?
2 - why didn't restarting X or the runlevel solve this?
3 - how could I have solved this without the re-boot?
  
I'd actually wager on a hardware problem. Modern VGA adapters display 
the cursor as a sprite (i.e. - it does not get rendered into the main 
screen memory). If something is wrong with your card, then maybe it 
stopped displaying sprites until a reboot re-initialized all the registers.


Shachar

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: source for libtermcap - more information

[Shlomi Fish]

Hi!

On Thursday 03 July 2008, Aharon Schkolnik wrote:
> Hi.
>
> I am looking for the source for  /lib/libtermcap.so.2.0.8 which comes from
> rpm libtermcap-2.0.8-35.
>
> Everything I have found so far points me to sunsite, but I can not find the
> sources there.
>

As a fallback, you can unpack the .src.rpm (using rpm -Uvh) or see:

http://svn.mandriva.com/svn/packages/cooker/libtermcap/current/SOURCES/

Note that RedHat may have some downstream patches.

Regards,

Shlomi Fish

>
> 
>
> I have also seen references to
>
> Homepage:   ftp://metalab.unc.edu/pub/Linux/GCC/
>
> but it doesn't seem to be there either.
>
> 
>
>
> Does anyone know where I can find the sources ?
>
> TIA



-- 
-
Shlomi Fish   http://www.shlomifish.org/
Original Riddles - http://www.shlomifish.org/puzzles/

The bad thing about hardware is that it sometimes works and sometimes doesn't.
The good thing about software is that it's consistent: it always does not
work, and it always does not work in exactly the same way.

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: X cursor problem

[Matan Ziv-Av]

On Thu, 3 Jul 2008, Shachar Shemesh wrote:


Shlomo Solomon wrote:

Sounds logical, but:
1 - how did this happen in the middle of a session (uptime of a few weeks)?
2 - why didn't restarting X or the runlevel solve this?
3 - how could I have solved this without the re-boot?

I'd actually wager on a hardware problem. Modern VGA adapters display the 
cursor as a sprite (i.e. - it does not get rendered into the main screen 
memory). If something is wrong with your card, then maybe it stopped 
displaying sprites until a reboot re-initialized all the registers.


A driver problem is more likely in this case.

Adding

Option "SWCursor" "true"

to the correct device section in /etc/X11/xorg.conf (and then 
restarting X11 server) would probably hide the problem at a very slight 
performance price. You can add this line when the problem happens, and 
remove it immediately after restarting X.



--
Matan Ziv-Av. [EMAIL PROTECTED]


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: I need your addvice on ISP troubleshooting.

[sara fink]

Technion web site doesn't support ping not in and not out. So don't be
surprised if you get the ???.

Try a ftp transfer from technion and see the speed.

About the router, try the same thing without router. If the problem
persists, you can tell them.

For
http://dotancohen.com/images/examples/bezeq.html
 I can't see anything written. It's 1k. I saw the images from the examples
directory.
I saw similar patterns with bezeqint in my neighborhood.

Only a couple of the support people know what is mtr. From all my talks with
support at 012, only 1 knew about mtr.  You need to reach to higher levels
of support.  At 012 it's called network department. They support if you have
few pc at home. Their level is higher than others who read from the page.

My brother has windows, when he had problems with internet, they had the
famous sentence "Something on your pc is blocking. go to restore. If that
doesn't help, format the hd." And you know what else, they told him to use
the microsoft built in firewall, nothing else.

Here are some dns lists of all isp in israel
http://www.petri.co.il/dns_ip_addresses_for_israeli_isps_he.htm
try this also https://www.opendns.com/start





On Thu, Jul 3, 2008 at 4:28 PM, Dotan Cohen <[EMAIL PROTECTED]> wrote:

> 2008/6/30 sara fink <[EMAIL PROTECTED]>:
> > My first advice is to lie about the OS. Sadly that's the case.  Or tell
> them
> > you have  another pc with windows and  you have the same problem.
>
> They will ask you to click on all sorts of things as the idiot with
> the checklist checks things off. This route leads to them knowing that
> we lied!
>
> > 2nd advice, tell them that you checked at a neigbour and everything is
> ok.
> > See their reaction on that.
>
> You are talking to people reading from a card. That contingency is not
> on the card it means nothing.
>
> > 3. Business account, threaten them. You lose money. Assertive, that's the
> > name of the game.
>
> Maybe.
>
> > For the technical problems, try the following things:
> > 1. reduce mtu to 1400-1450. That's what I was adviced from an expert.
> > 2.  When you ping change the size of the packet gradually. the default
> for
> > ping on linux is 64 bytes. Try to increase it. I bet you will have more
> > packet loss as you increase.
> > 3. Install the program mtr and see exactly where the packet loss occurs.
> > http://www.bitwizard.nl/mtr/
>
> No, they will tell you that their routers dropping mtr packets is
> normal. Look at this:
> http://dotancohen.com/images/examples/bezeq.html
> I get that when I cannot browse to google.com and slashdot.org. And
> they tell me that is normal. So the situation is that both Google.com
> and slashdot.org go down at the same time, but no one else on the
> internet notices, and that at the same time that their router dropping
> normal mtr packets.
>
> > Once you pinpoint where the problem is, you can go to complain. Not sure
> it
> > will help. I have the same saga with hot. ;-( Hot are even worse, because
> > they don't want to admit.
> >
>
> I am with Hot via Bezeq.
>
> > If they say configure the router, ask them what parameters you should
> > reconfigure.  If they don't know, ask a superior person.
> >
>
> Ha! They will say that they don't support routers. They want people to
> connect directly from a Windows computer.
>
> > The packet loss is outside the country or in Israel?
> >
>
> For me at least, Israeli sites work fine with the exception of the
> Technion websites.
>
> Dotan Cohen
>
> http://what-is-what.com
> http://gibberish.co.il
> א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>

Re: X cursor problem

[Shlomo Solomon]

On Thursday 03 July 2008, Matan Ziv-Av wrote:
> A driver problem is more likely in this case.
>
> Adding
>
> Option "SWCursor" "true"
>
> to the correct device section in /etc/X11/xorg.conf (and then
> restarting X11 server) would probably hide the problem at a very slight
> performance price. You can add this line when the problem happens, and
> remove it immediately after restarting X.

I'll remember to try that next time it happens. As I said, the last time 
before yesterday was months ago so who knows when that will be?


-- 
Shlomo Solomon
http://the-solomons.net
Sent by KMail 1.9.9 (KDE 3.5.9) on LINUX Mandriva 2008.1


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Grub weirdness [solved]

[Amos Shapira]

2008/7/4 Ehud Karni <[EMAIL PROTECTED]>:
> On Thu, 3 Jul 2008 16:00:11 +0300, Noam Rathaus <[EMAIL PROTECTED]> wrote:
>>
>> The problem is solved, the error still there if I do it from the rescue disk,
>> but it boots if I do it manually from the grub prompt.
>>
>> Once it booted, I re-run grub-install and now it works without doing it from
>> the prompt :)
>
> You can run the grub-install from the rescue disk by the following
> commands (assume you have the root partition mounted on /mnt/newroot)
>
> ## 1st, you need to create /dev/sda or /dev/hda devices
> ## (depending on your kernel and hard disk) on /mnt/newroot/dev
> ## sda
> mknod /mnt/newroot/dev/sda  b 8 0
> mknod /mnt/newroot/dev/sda1 b 8 1
> ## hda
> mknod /mnt/newroot/dev/hda  b 3 0
> mknod /mnt/newroot/dev/hda1 b 3 1

I am aware the the OP got it solved, but just as an exercise -
wouldn't it make more sense to use "mount --bind" like this:

mount --bind /dev /mnt/newroot/dev
and while we are at it:
mount --bind /boot /mnt/newroot/boot (if required)
mount --bind /sys /mnt/newroot/sys
mount --bind /proc /mnt/newroot/proc

?

That's what I use as part of getting Ubuntu desktop installation to use lvm2.

--Amos

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]