[ANNOUNCE] Umbrella-0.6 released
Hi all! --- Umbrella is a security mechanism that implements a combination of Process-Based Access Control (PBAC) and authentication of binaries through Digital Signed Binaries (DSB). The scheme is designed for Linux-based consumer electronic devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The PBAC scheme is enforced by a set of restrictions on each process. This policy is distributed with a binary in form of execute restrictions (attached in the binary) and within the program, where the developer has the opportunity of making a "restricted fork" for setting restrictions for new children. --- We now present you with a new and cool version of Umbrella, namely version 0.6. Besides fulfilling the roadmap of integration with GNU Privacy Guard, the code has also been optimized and undertaken some major changes. Followin is the main major changes: - Complete integration with GNU Privacy Guard to authenticate binaries - Hash tables for storing restrictions is replaced by the new, fast and simple FSR data structure, that mimics the 'dentry' structs in the kernel - The Umbrella system call is eliminated and completely replaced by a /proc filesystem interface - The Umbrella code is now completely independent of all architectures and kernel subversions For instructions on how to try out the Process-Based Access Control and Digitally Signed Binaries in Umbrella, please download the complete 0.6 tarball from SourceForge: http://prdownloads.sourceforge.net/umbrella/umbrella-0.6.tar.bz2?download Please refer to the README file in the tarball for further instructions. As always we appreciate any comments, suggestions etc. you may have :-) Enjoy, The Umbrella Team. -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net E-mail: [EMAIL PROTECTED], Phone: +45 29723816 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Max size of writing to the proc file system
Hi all! What is the maximal data I can write to a /proc file? I write two kilo bytes, but buffer in the proc_write function only contains 1003 bytes :-(( Cheers, Kristian. -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Reading large /proc entry from kernel module
On Wednesday 09 March 2005 00:04, Peter Chubb wrote:
> >>>>> "Kristian" == Kristian Sørensen <[EMAIL PROTECTED]> writes:
>
> Kristian> Hi all! I have some trouble reading a 2346 byte /proc entry
> Kristian> from our Umbrella kernel module.
>
>
> Kristian> static int umb_proc_write(struct file *file, const char *buffer,
> Kristian> unsigned long count, void *data) {
> Kristian> char *policy;
> Kristian> int *lbuf;
> Kristian> int i;
>
> Here's your problem: lbuf should be a char * not an int *.
> When you look lbuf[0] you'll get the first four characters packed
> into the int.
Okay, thanks! :-D That solves the first error :)
However, I still only get the the first 1003 characters, when I traverse the
buffer :-/
--
Kristian Sørensen
E-mail: [EMAIL PROTECTED], Phone: +45 29723816
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Reading large /proc entry from kernel module
Hi all!
I have some trouble reading a 2346 byte /proc entry from our Umbrella kernel
module.
Proc file is created write-only and I am able to write text to the file, and
read it from kernel space. The function reading the entry is in short this:
static int umb_proc_write(struct file *file, const char *buffer,
unsigned long count, void *data) {
char *policy;
int *lbuf;
int i;
if (count != UMB_POLICY_SIZE) {
printk("Umbrella: Error - /proc/umbrella is of invalid size\n");
return -EFAULT;
}
/* Initialization of lbuf */
policy = kmalloc(sizeof(char)*UMB_POLICY_SIZE, GFP_ATOMIC);
lbuf = kmalloc(count, GFP_KERNEL);
if (!lbuf || !policy) {
kfree(lbuf);
kfree(policy);
return -EFAULT;
}
if (copy_from_user(lbuf, buffer, count)) {
kfree(lbuf);
kfree(policy);
return -EFAULT;
}
strcpy(policy, lbuf);
umb_parse_proc(policy);
}
If I read byte by byte will only give the characters on every fourth index.
E.g. reading lbuf with the string "abcd", then lbuf[0]==a and lbuf[1]==d ...
- Do anyone have an explanation for this behaviour? Making the strcpy does fix
the problem - and the complete string is available! :-/ ...
Now that everything works, I want to write a string of excactly 2346
characters to the /proc/umbrella file. However when I make the
copy_from_user, I only get the first 1003 characters :-((
- Do you have a pointer to where I do this thing wrong?
What is the limit regarding the size of writing a /proc entry? (we consider
importing binary public keys to the kernel this way in the future).
Best regards,
Kristian.
--
Kristian Sørensen
- The Umbrella Project -- Security for Consumer Electronics
http://umbrella.sourceforge.net
E-mail: [EMAIL PROTECTED], Phone: +45 29723816
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: UserMode bug in 2.6.11-rc5? autolearn=disabled version=3.0.2
On Wednesday 02 March 2005 19:42, Jeff Dike wrote: > [EMAIL PROTECTED] said: > > Hey! Thanks - that fixed the problem! :-D > > Didn't you say this this setup worked with 2.6.10? That's why I didn't > suggest staring at /etc/inittab. Yes - it works fine with 2.6.10. Does anyone of you know why/where the change was? Cheers, KS. -- Kristian Sørensen E-mail: [EMAIL PROTECTED], Phone: +45 29723816 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: UserMode bug in 2.6.11-rc5? autolearn=disabled version=3.0.2
On Wednesday 02 March 2005 14:59, Kristian Sørensen wrote: > On Wednesday 02 March 2005 14:45, Christophe Lucas wrote: > > Kristian Sørensen ([EMAIL PROTECTED]) wrote: > > > Hi! > > > > > > I've just tried usermode Linux with a 2.6.11-rc5 kernel. My kernel > > > boots, but when the shell is to be spawned it freezes: > > > > > > INIT: Entering runlevel: 2 > > > Starting system log daemon: syslogd. > > > Starting kernel log daemon: klogd. > > > Starting internet superserver: inetd. > > > Starting deferred execution scheduler: atd. > > > Starting periodic command scheduler: cron. > > > INIT: Id "0" respawning too fast: disabled for 5 minutes > > > INIT: Id "1" respawning too fast: disabled for 5 minutes > > > INIT: Id "2" respawning too fast: disabled for 5 minutes > > > INIT: Id "c" respawning too fast: disabled for 5 minutes > > > INIT: no more processes left in this runlevel > > > > > > > > > I've attached the .config for both 2.6.10 (working perfectly) and the > > > one for 2.6.11-rc5. The root filesystem this: > > > http://prdownloads.sourceforge.net/user-mode-linux/Debian-3.0r0.ext2.bz > > >2 > > > > Hi, > > > > What do you have in your /etc/inittab of your root_fs ? > > I think you sould replace tty0 by vc/0 such as. > > > > I have had this on a kernel 2.6.10 and debian-3.1 root_fs. > > > > ~Christophe > > Hey! Thanks - that fixed the problem! :-D Damn :-( Now the terminal is ready - but the passwords is not reconized (both in 2.6.10 and 2.6.11-rc5) :-/ -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net E-mail: [EMAIL PROTECTED], Phone: +45 29723816 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: UserMode bug in 2.6.11-rc5? autolearn=disabled version=3.0.2
On Wednesday 02 March 2005 14:45, Christophe Lucas wrote: > Kristian Sørensen ([EMAIL PROTECTED]) wrote: > > Hi! > > > > I've just tried usermode Linux with a 2.6.11-rc5 kernel. My kernel boots, > > but when the shell is to be spawned it freezes: > > > > INIT: Entering runlevel: 2 > > Starting system log daemon: syslogd. > > Starting kernel log daemon: klogd. > > Starting internet superserver: inetd. > > Starting deferred execution scheduler: atd. > > Starting periodic command scheduler: cron. > > INIT: Id "0" respawning too fast: disabled for 5 minutes > > INIT: Id "1" respawning too fast: disabled for 5 minutes > > INIT: Id "2" respawning too fast: disabled for 5 minutes > > INIT: Id "c" respawning too fast: disabled for 5 minutes > > INIT: no more processes left in this runlevel > > > > > > I've attached the .config for both 2.6.10 (working perfectly) and the one > > for 2.6.11-rc5. The root filesystem this: > > http://prdownloads.sourceforge.net/user-mode-linux/Debian-3.0r0.ext2.bz2 > > Hi, > > What do you have in your /etc/inittab of your root_fs ? > I think you sould replace tty0 by vc/0 such as. > > I have had this on a kernel 2.6.10 and debian-3.1 root_fs. > > ~Christophe Hey! Thanks - that fixed the problem! :-D Best, Kristian. -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net E-mail: [EMAIL PROTECTED], Phone: +45 29723816 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
UserMode bug in 2.6.11-rc5?
Hi! I've just tried usermode Linux with a 2.6.11-rc5 kernel. My kernel boots, but when the shell is to be spawned it freezes: INIT: Entering runlevel: 2 Starting system log daemon: syslogd. Starting kernel log daemon: klogd. Starting internet superserver: inetd. Starting deferred execution scheduler: atd. Starting periodic command scheduler: cron. INIT: Id "0" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "c" respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel I've attached the .config for both 2.6.10 (working perfectly) and the one for 2.6.11-rc5. The root filesystem this: http://prdownloads.sourceforge.net/user-mode-linux/Debian-3.0r0.ext2.bz2 Best regards, Kristian. -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net E-mail: [EMAIL PROTECTED], Phone: +45 29723816 # # Automatically generated make config: don't edit # Linux kernel version: 2.6.10 # Wed Mar 2 12:15:09 2005 # CONFIG_GENERIC_HARDIRQS=y CONFIG_USERMODE=y CONFIG_MMU=y CONFIG_UID16=y CONFIG_RWSEM_GENERIC_SPINLOCK=y # # UML-specific options # CONFIG_MODE_TT=y CONFIG_MODE_SKAS=y CONFIG_NET=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=y CONFIG_HOSTFS=y CONFIG_MCONSOLE=y # CONFIG_HOST_2G_2G is not set # CONFIG_SMP is not set CONFIG_NEST_LEVEL=0 CONFIG_KERNEL_HALF_GIGS=1 CONFIG_KERNEL_STACK_ORDER=2 # CONFIG_UML_REAL_TIME_CLOCK is not set # # Code maturity level options # CONFIG_EXPERIMENTAL=y CONFIG_CLEAN_COMPILE=y CONFIG_BROKEN_ON_SMP=y # # General setup # CONFIG_LOCALVERSION="" CONFIG_SWAP=y CONFIG_SYSVIPC=y # CONFIG_POSIX_MQUEUE is not set CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set CONFIG_SYSCTL=y # CONFIG_AUDIT is not set CONFIG_LOG_BUF_SHIFT=14 # CONFIG_HOTPLUG is not set CONFIG_KOBJECT_UEVENT=y # CONFIG_IKCONFIG is not set # CONFIG_EMBEDDED is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_EXTRA_PASS is not set CONFIG_FUTEX=y CONFIG_EPOLL=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SHMEM=y CONFIG_CC_ALIGN_FUNCTIONS=0 CONFIG_CC_ALIGN_LABELS=0 CONFIG_CC_ALIGN_LOOPS=0 CONFIG_CC_ALIGN_JUMPS=0 # CONFIG_TINY_SHMEM is not set # # Loadable module support # # CONFIG_MODULES is not set # # Generic Driver Options # CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y # # Character Devices # CONFIG_STDIO_CONSOLE=y CONFIG_SSL=y CONFIG_FD_CHAN=y CONFIG_NULL_CHAN=y CONFIG_PORT_CHAN=y CONFIG_PTY_CHAN=y CONFIG_TTY_CHAN=y CONFIG_XTERM_CHAN=y # CONFIG_NOCONFIG_CHAN is not set CONFIG_CON_ZERO_CHAN="fd:0,fd:1" CONFIG_CON_CHAN="xterm" CONFIG_SSL_CHAN="pty" CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y CONFIG_LEGACY_PTY_COUNT=256 # CONFIG_WATCHDOG is not set CONFIG_UML_SOUND=y CONFIG_SOUND=y CONFIG_HOSTAUDIO=y # # Block Devices # CONFIG_BLK_DEV_UBD=y # CONFIG_BLK_DEV_UBD_SYNC is not set CONFIG_BLK_DEV_COW_COMMON=y CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_NBD=y CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_NETDEVICES=y # # UML Network Devices # CONFIG_UML_NET=y CONFIG_UML_NET_ETHERTAP=y CONFIG_UML_NET_TUNTAP=y CONFIG_UML_NET_SLIP=y CONFIG_UML_NET_DAEMON=y CONFIG_UML_NET_MCAST=y CONFIG_UML_NET_SLIRP=y # # Networking support # # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y # CONFIG_NETLINK_DEV is not set CONFIG_UNIX=y # CONFIG_NET_KEY is not set CONFIG_INET=y # CONFIG_IP_MULTICAST is not set # CONFIG_IP_ADVANCED_ROUTER is not set # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set # CONFIG_ARPD is not set # CONFIG_SYN_COOKIES is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # CONFIG_INET_TUNNEL is not set CONFIG_IP_TCPDIAG=y # CONFIG_IP_TCPDIAG_IPV6 is not set # CONFIG_IPV6 is not set # CONFIG_NETFILTER is not set # # SCTP Configuration (EXPERIMENTAL) # # CONFIG_IP_SCTP is not set # CONFIG_ATM is not set # CONFIG_BRIDGE is not set # CONFIG_VLAN_8021Q is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_NET_DIVERT is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # # QoS and/or fair queueing # # CONFIG_NET_SCHED is not set # CONFIG_NET_CLS_ROUTE is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # CONFIG_HAMRADIO is not set # CONFIG_IRDA is not set # CONFIG_BT is not set CONFIG_DUMMY=y # CONFIG_BONDING is not set # CONFIG_EQUALIZER is not set CONFIG_TUN=y # # Ethernet (10 or 100Mbit) #
Re: usb-storage on SMP?
Now you are at the topic... I've had trouble mounting USB units ever since 2.6.7. What changed in the USB Mass Storage department? :) The log says: Jan 17 23:41:24 qbox usb 5-2: new full speed USB device using uhci_hcd and address 2 Jan 17 23:41:24 qbox usb-storage: USB Mass Storage device detected Jan 17 23:41:24 qbox usb-storage: -- associate_dev Jan 17 23:41:24 qbox usb-storage: Vendor: 0x07b4, Product: 0x0102, Revision: 0x1011 Jan 17 23:41:24 qbox usb-storage: Interface Subclass: 0x06, Protocol: 0x50 Jan 17 23:41:24 qbox usb-storage: Vendor: OLYMPUS, Product: u10D,S300D,u300D Jan 17 23:41:24 qbox usb-storage: Transport: Bulk Jan 17 23:41:24 qbox usb-storage: Protocol: Transparent SCSI Jan 17 23:41:24 qbox usb-storage: usb_stor_control_msg: rq=fe rqtype=a1 value= index=00 len=1 Jan 17 23:41:24 qbox usb-storage: GetMaxLUN command result is 1, data is 0 Jan 17 23:41:24 qbox usb-storage: *** thread sleeping. Jan 17 23:41:24 qbox scsi0 : SCSI emulation for USB Mass Storage devices Jan 17 23:41:24 qbox usb-storage: device found at 2 Jan 17 23:41:24 qbox usb-storage: waiting for device to settle before scanning So that is okay, but when I try to mount it: mount -t vfat /dev/scsi/host0/bus0/target0/lun0/part1 /tmp/CAM mount: wrong fs type, bad option, bad superblock on /dev/scsi/host0/bus0/target0/lun0/part1, or too many mounted file systems Does anyone by chance have a solution to this? (2.6.10 .config attached) I'll be happy to buy a beer for the one fixing this! :-) Best regards, Kristian Sørensen. On Monday 17 January 2005 18:17, Thomas Zehetbauer wrote: > Hi, > > can anyone confirm that writing to usb-storage devices is working on SMP > systems? Especially to a SD Card in an USB 1.1 card reader attached to a > 64-bit Dual Opteron with NUMA enabled? > > I have a noname USB 1.1 card reader that identifies itself as 0dda:0001 > 'Integrated Circuit Solution, Inc.' attached to a Tyan Thunder K8W > (S2885) dual Opteron NUMA system. After copying data to the disk, the > activity light flashes for some time and the following messages appear > in syslog: > > 2005-01-15 13:41:39 +0100 kernel: ohci_hcd :03:00.1: urb > 010068400d40 path 1 ep2out 6fce cc 6 --> status -71 2005-01-15 > 13:42:59 +0100 kernel: ohci_hcd :03:00.1: GetStatus roothub.portstatus > [0] = 0x00100103 PRSC PPS PES CCS 2005-01-15 13:42:59 +0100 kernel: usb > 2-1: reset full speed USB device using ohci_hcd and address 10 2005-01-15 > 13:42:59 +0100 kernel: ohci_hcd :03:00.1: GetStatus roothub.portstatus > [0] = 0x00100103 PRSC PPS PES CCS 2005-01-15 13:42:59 +0100 kernel: usb > 2-1: ep0 maxpacket = 8 > 2005-01-15 13:42:59 +0100 kernel: usb 2-1: manual set_interface for iface > 0, alt 0 2005-01-15 13:43:15 +0100 kernel: scsi: Device offlined - not > ready after error recovery: host 7 channel 0 id 0 lun 2 2005-01-15 13:43:15 > +0100 kernel: SCSI error : <7 0 0 2> return code = 0x5 2005-01-15 > 13:43:15 +0100 kernel: end_request: I/O error, dev sdc, sector 147093 > 2005-01-15 13:43:15 +0100 kernel: printk: 310019 messages suppressed. > 2005-01-15 13:43:15 +0100 kernel: Buffer I/O error on device sdc, logical > block 147093 > > The system behaves as expected if I boot the kernel with 'maxcpus=1'. > > Tom -- Kristian Sørensen - The Umbrella Project -- Security for Consumer Electronics http://umbrella.sourceforge.net E-mail: [EMAIL PROTECTED], Phone: +45 29723816 # # Automatically generated make config: don't edit # Linux kernel version: 2.6.10 # Sun Jan 9 22:50:03 2005 # CONFIG_X86=y CONFIG_MMU=y CONFIG_UID16=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_IOMAP=y # # Code maturity level options # CONFIG_EXPERIMENTAL=y CONFIG_CLEAN_COMPILE=y CONFIG_BROKEN_ON_SMP=y CONFIG_LOCK_KERNEL=y # # General setup # CONFIG_LOCALVERSION="" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y # CONFIG_BSD_PROCESS_ACCT_V3 is not set CONFIG_SYSCTL=y # CONFIG_AUDIT is not set CONFIG_LOG_BUF_SHIFT=14 CONFIG_HOTPLUG=y CONFIG_KOBJECT_UEVENT=y # CONFIG_IKCONFIG is not set # CONFIG_EMBEDDED is not set CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_EXTRA_PASS is not set CONFIG_FUTEX=y CONFIG_EPOLL=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SHMEM=y CONFIG_CC_ALIGN_FUNCTIONS=0 CONFIG_CC_ALIGN_LABELS=0 CONFIG_CC_ALIGN_LOOPS=0 CONFIG_CC_ALIGN_JUMPS=0 # CONFIG_TINY_SHMEM is not set # # Loadable module support # # CONFIG_MODULES is not set # # Processor type and features # CONFIG_X86_PC=y # CONFIG_X86_ELAN is not set # CONFIG_X86_VOYAGER is not set # CONFIG_X86_NUMAQ is not set # CONFIG_X86_SUMMIT is not set # CONFIG_X86_BIGSMP is not set # CONFIG_X86_VISWS is not set # CONFIG_X86_GENERICARCH is not set # CONFIG_X86_ES7000 is not set # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586M
