Re: [osol-discuss] Laptop testing OpenSolaris (Indiana) on ODM laptops

[Ken Gunderson]

On Tue, 08 Jan 2008 23:23:15 PST
"W. Wayne Liauh" <[EMAIL PROTECTED]> wrote:

> Hi Dave,
> 
> Thanks for the quick reply.  Does the ECS (Elitegroup, 精英) notebook come with 
> e-Sata and HDMI ports?  Do they work under Solaris X?  Thanks again.  (I am 
> visiting Taipei around the Chinese New Year, maybe I will find time to visit 
> their notebook HQ in Wu-Gu 五股--Just wish that I could be a more experienced 
> Solaris user.）
>  

You might want to check out these boards:



there are some Notebook ODM Gurus there that can probably tell you
everything you wanted to know and more. 

HTH-- Ken
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] Laptop testing OpenSolaris (Indiana) on ODM laptops

[W. Wayne Liauh]

Hi Dave,

Thanks for the quick reply.  Does the ECS (Elitegroup, 精英) notebook come with 
e-Sata and HDMI ports?  Do they work under Solaris X?  Thanks again.  (I am 
visiting Taipei around the Chinese New Year, maybe I will find time to visit 
their notebook HQ in Wu-Gu 五股--Just wish that I could be a more experienced 
Solaris user.）
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] Kernel Panic with sfmmu_tsbmiss_exception+0x54() in stack trace

[Vamsee Priya]

Hi All,

 

We have a kernel module called IPFS which lies in between VFS and UFS.
We are getting a kernel panic (with the following stack trace) very
frequently on ATCA blades where as the panic is almost rare on CPCI
blades.

 

sfmmu_tsbmiss_exception+0x54(2a1038555a0, 42001, 31, 0, d5b28,
6001e6d0800)

ktl0+0x64(60008a47564, 42f98, 1, fff8, 1e5b76, 1)

uiomove+0x90(60008a4755c, 8, 0, 2a103855950, 0, 8)

struiocopyout+0x38(60008cf2fc0, 2a103855950, 2a103855864, 0,
60008a47564, 1)

strread+0x4b4(0, 2a103855950, 0, 6001f93fd28, 0, 0)

ipfs_in+0x1e8(0, 30022006540, 6001f93fd28, 8, 2a103855ab0, 0)

ipfs_active_in+0xec(60005e8c000, 30022006540, 3001f1f5ec0, 60011bc6000,
0, 

60005e8c0d8)

thread_start+4(60005e8c000, 0, 0, 0, 0, 0).

 

 

When can this sfmmu_tsbmiss_exception occur?

 

 

Thanks in advance

 

 

Regards,

Priya

 

 


___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] SIGSEGVinlibc.so.1`_malloc_unlockedonSolarisx86machine

[Vamsee Priya]

Hi all,

I searched the internet and could not find any good book which explains
about crash dump analysis on Sparc with some good examples. I could find
one for crash dump analysis on x86. Could you suggest me any book?

Regards
Priya,

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vamsee
Priya
Sent: Monday, January 07, 2008 2:21 PM
To: [EMAIL PROTECTED]
Cc: opensolaris-discuss@opensolaris.org; [EMAIL PROTECTED]
Subject: Re: [osol-discuss]
SIGSEGVinlibc.so.1`_malloc_unlockedonSolarisx86machine

Hi all,

I could find out the reason for my earlier posting which said that
ufs_dirremove panicked saying that namelen==0. 

We have an HA application which reads directory contents on one machine
and sends them to the other one. The second machine compares the
directory contents sent by the first one with those on present machine.
The data retrieved from other machine is getting retrieved wrong because
of which the panic occurred. 

When there are small number of directories on the first machine
everything works fine, where as if the number is around 2000 there is
this problem of not getting correct data. Everything with the same code
works on sparc platform. This problem is only on Intel architecture.

Can you suggest me as to what areas should I look into to solve this
issue.


Thanks
Priya

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 03, 2008 3:06 PM
To: Vamsee Priya
Cc: [EMAIL PROTECTED]; opensolaris-discuss@opensolaris.org
Subject: RE: [osol-discuss] SIGSEGV
inlibc.so.1`_malloc_unlockedonSolarisx86machine


Try to run this on OpenSolaris, not on something older.
The advantages are:

- the failure mode below doesn't exist in OpenSolaris
  (check the code - you won't find that ufs_fault call anymore)

- you can DTrace on function arguments easily (ok, that's on
  S10 as well)

- you get function arguments even in a kernel crashdump just
  by "$C".

For S10, the strategy how to pry func arguments out of kernel stacks is 
outlined in this piece:

http://opensolaris.org/os/community/documentation/files/book.pdf

Read chapters 3 and the examples 6/7.


Best wishes,
happy new year !
FrankH.



On Thu, 3 Jan 2008, Vamsee Priya wrote:

> Hi
>
> Thanks a lot for your helpI could find the bug in my programI
> corrected one of the data types and everything worked fine
> I have a kernel module which uses this user program...I am getting a
> panic with the following stack trace.
>
> Jan  3 10:42:16 upsuite1 genunix: [ID 938853 kern.notice]
ufs_dirremove:
> namlen == 0
> Jan  3 10:42:16 upsuite1 genunix: [ID 938853 kern.notice]
ufs_dirremove:
> namlen == 0
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851770 genunix:vcmn_err+13 (fe80008517a0, 8)
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe80008517a0 ufs:real_panic_v+120 ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe80008517f0 ufs:ufs_fault_v+b6 ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe80008518d0 ufs:ufs_fault+9b ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe80008519a0 ufs:ufs_dirremove+245 ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851a10 ufs:ufs_rmdir+ad ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851a20 genunix:fop_rmdir+e ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851a20 genunix:fop_rmdir+e ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851ae0 ipfs:ipfs_lose+36d ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851de0 ipfs:ipfs_ioctl+2075 ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851df0 genunix:fop_ioctl+b ()
> Jan  3 10:42:16 upsuite1 genunix: [ID 655072 kern.notice]
> fe8000851ed0 genunix:ioctl+ac ()
>
> When does name length for ufs_rmdir comes as zero? I tried to print in
> some statements to get what is the actual name and length. But I don't
> get them printed
>
>
> Thanks
> Priya
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of [EMAIL PROTECTED]
> Sent: Thursday, December 27, 2007 2:48 PM
> To: Vamsee Priya
> Cc: [EMAIL PROTECTED]; opensolaris-discuss@opensolaris.org
> Subject: Re: [osol-discuss] SIGSEGV in
> libc.so.1`_malloc_unlockedonSolarisx86machine
>
>
>> Hi
>>
>> I have tried LD_PRELOAD and UMEM_DEBUG with my program on Sparc.
>> Everything worked. I also am unable to find any bug in my program.
>>
>> No clue as to who is the culprit..
>
> You will need to go over your code and check it carefully.
> Something is copying a few extra bytes into a structure.
>
> (Note that structures aligments and sizes are different in x86
> (smaller) and that therefor overruns which happen on x86 may not
happen
> on
> SPARC.
>
> Casper
>
>
>
>

Re: [osol-discuss] Laptop testing OpenSolaris (Indiana) on ODM laptops

[David Clack]

Hi,

 It's going to take a little while to get something like setkeycodes
into OpenSolaris.

 Apart from the function key _ Fn key issues everything else is working
on the laptop.

 Just finished testing the express pc card slot it's fine.

 Henry is the VP Sales for ECS in North America.

Dave

BTW just ran a alpha version of the new SD Card software on the ASUS
C90S, it actually loaded up an SD card on the Ricoh controller, way to
go Garrett

On Tue, 2008-01-08 at 18:25 -0800, W. Wayne Liauh wrote:

> > Hi All,
> 
> > As I mentioned at the OpenSolaris Developer conference, I've been working 
> > with a couple of laptop 
> > ODMs to try and find a laptop for OpenSolaris vs the other way round. 
> > Trying to get Solaris installed  
> > with drivers missing.
>  
> > Both ECS and ASUS have supplied me with laptops that have an Nvidia GPU and 
> > Intel chipset.
>  
> > Both laptop are clocking 7000 FPS on the glxgears benchmark.
>  
> > Attached is my testing spreadsheet for each machine, they are both running 
> > B75a.
>  
> > On the ECS 15.4 (this is not on the market yet) all the components 
> > including the webcam work, I'm just  
> > working on keyboard mapping and e-sata, even the hdmi works.
>  
> > All hardware for this laptop is supported of the DVD.
>  
> > On the ASUS C90S I do have to add a couple of drivers for the ethernet and 
> > atheros pci-e mini card.
>  
> > I'm working on the webcam and card reader.
>  
> > As it has a desktop CPU on board currently a Intel Dual Core 2.44Ghz the 
> > performance is stunning.
>  
> > I'll update you on the e-sata and keyboard Fn-Function key issues as I 
> > proceed.
>  
> > Thanks
>  
> >   Dave
> 
> Has any progress being further made on the ECS notebook(s)?  Also, could you 
> point me to any info that talks about how to write the Fn-Function key file?  
> Thanks again.
>  
> 
> This message posted from opensolaris.org
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org










David Clack

Solaris X86 Evangelist
Senior Systems Engineer 
OEM Software Sales
Sun Microsystems
642, Chinook Ave SE,
Ocean Shores, WA, USA,
98569
Phone +1-360-289-2158
Fax +1-360-289-2091
Mobile +1-206-265-1904
Email
[EMAIL PROTECTED]






















___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] kernel holding too much memory

[Eric Maurer]

You are right, an "RTM" reply wouldn't be nice from paid support but with paid 
support I shouldn't be the one doing the debugging either. Commercial Solaris 
has behaved well enough for long enough that I am out of practice, I haven't 
had to do this since the early days, long before Dtrace, back when people 
thought adb was hot stuff. 

So far it doesn't look like a memory leak, Dtrace reports a continual growth in 
the size of the kernel and specifically the directory name lookup cache (dnlc). 
In /etc/system I added:
set dnlc_dir_max_size=4096
# without this setting the default dnlc_dir_max_size=-1 meaning unlimited
# The kernel knows where the memory is - so i don't think it's a leak

Given the same file-create script that demos the problem, this setting clearly 
slows the rate of growth just not enough. Are there other similar tunable's 
that may add to the effectiveness of this one?

Asking for help is not a sign of weakness, it's a way to get the job done.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] Laptop testing OpenSolaris (Indiana) on ODM laptops

[W. Wayne Liauh]

> Hi All,

> As I mentioned at the OpenSolaris Developer conference, I've been working 
> with a couple of laptop 
> ODMs to try and find a laptop for OpenSolaris vs the other way round. Trying 
> to get Solaris installed  
> with drivers missing.
 
> Both ECS and ASUS have supplied me with laptops that have an Nvidia GPU and 
> Intel chipset.
 
> Both laptop are clocking 7000 FPS on the glxgears benchmark.
 
> Attached is my testing spreadsheet for each machine, they are both running 
> B75a.
 
> On the ECS 15.4 (this is not on the market yet) all the components including 
> the webcam work, I'm just  
> working on keyboard mapping and e-sata, even the hdmi works.
 
> All hardware for this laptop is supported of the DVD.
 
> On the ASUS C90S I do have to add a couple of drivers for the ethernet and 
> atheros pci-e mini card.
 
> I'm working on the webcam and card reader.
 
> As it has a desktop CPU on board currently a Intel Dual Core 2.44Ghz the 
> performance is stunning.
 
> I'll update you on the e-sata and keyboard Fn-Function key issues as I 
> proceed.
 
> Thanks
 
>   Dave

Has any progress being further made on the ECS notebook(s)?  Also, could you 
point me to any info that talks about how to write the Fn-Function key file?  
Thanks again.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] can I run solaris express

[vuthecuong]

Thanks for following my thread and reply my question. 
Now I'm downloading the community express ones.

In fact, I already gave it a try about 6 months ago.
Of course I knew that unlike linux that can be installed at extended partition, 
solaris must be installed in primary partition, but right from first booting 
for installation, I remembered that after dialog (with red border) showing that 
it was extracting runtime JRE or something like that (I not remembered 
exactly), the installation hang forever :(
At that time I was too busy with other works so I gave up soon without asking 
forum about solution. What's a shame of my efforts :)
Now I would like to give it a try again and post questions here if I have probs.

The info that P5LD2 worked with opensolaris convinced me.
Just one more confirmation. Does community express version always the latest 
build, right?

Thank you and sorry for my bad English.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] Solaris noob: I can't find how compile pyLucene on Solaris 10

[Mario Montoya]

If this is not the right group, tell me.

I have a joyent accelerator and try to build a facebook aplication on 
django/python. I have a dependency on pyLucene 
(http://pylucene.osafoundation.org/), but I can't compile it.

I have try this for 1 full week now. I have not experience on C/C++/Java 
development, or make and that stuff.

I post on joyent : 

http://discuss.joyent.com/viewtopic.php?pid=159014#p159014 

but here are not solaris developers, and of course, try the mail group of 
pyLucene

http://lists.osafoundation.org/pipermail/pylucene-dev/2008-January/002155.html

but they tell me have not experience on Solaris.

I post here because is necesary fix the makefile and maybe with expert solaris 
developers this become easy.

Pylucene could be build using two ways: Invoking java jdk 6 (installing and 
working) or using GCJ.

I prefer get it to work with GCJ for performance reason but I'm timming out on 
this project so anything that work is ok for me.

The makefile adjust for the JCC version (on /jcc/setup.py):

INCLUDES = {
'sunos5': [':/usr/sfw/lib',
   '/usr/jdk/instances/jdk1.6.0/include',
   '/usr/jdk/instances/jdk1.6.0/include/solaris'],
}

LFLAGS = {
'sunos5': ['-L/usr/jdk/instances/jdk1.6.0/jre/lib/amd64', '-ljava',
   
'-Wl,-rpath=/usr/jdk/instances/jdk1.6.0/jre/lib/amd64:/usr/jdk/instances/jdk1.6.0/jre/lib/amd64/server'],
}


and for the GCJ:

PREFIX=/opt/local/lib/
PREFIX_PYTHON=$(PREFIX)
LIBDIR_NAME=lib
GCJ_HOME=/usr/local/gcc-3.4.4
GCJ_LIBDIR=$(GCJ_HOME)/$(LIBDIR_NAME)
GCJ_STATIC=0
LIB_INSTALL=libstdc++.so.6 libgcc_s.so.1
#DB=$(PYLUCENE)/db-$(DB_VER)
#PREFIX_DB=$(PREFIX)/BerkeleyDB.$(DB_LIB_VER)
ANT=ant
PYTHON=/opt/local/bin/python2.4
PYTHON_VER=2.4
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] SXDE 9/07 install "fails immediately"

[Sarah Jelinek]

Hi Mark,

Sorry for the delay in responding..just catching up from the holiday break.

It would be good to see the /tmp/gui-install_log and /tmp/install_log 
when this occurs. Obviously, this shouldn't happen.

sarah


Mark Drummond wrote:
> I am trying to install SXDE 9/07 in a vmware 6.x vm. After stepping through
> the installation GUI, when I click the last button to begin the install, the
> GUI comes back immediately with an "installation failed" error message,
> *but* the installer is actually still running in teh background. My disk and
> the dvd drive are still spinning and you can see installf in the ps output.
>
> Anyone else seeing this?
>
>   
> 
>
> ___
> opensolaris-discuss mailing list
> opensolaris-discuss@opensolaris.org
>   
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Alan Coopersmith]

Brian Cameron wrote:
> True.  However, at least a11y is off by default.  You can't run
> X and turn off the ability to snoop via xspy.  :)

Sure you can - you just need to do a lot of work to setup the
security extension, or use a multi-level desktop like Trusted
Extensions that's done the work for you.

-- 
-Alan Coopersmith-   [EMAIL PROTECTED]
 Sun Microsystems, Inc. - X Window System Engineering

___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] kernel holding too much memory

[Akhilesh Mritunjai]

> Thanks for the mdb ::findleaks hint.  I only offered
> the kernel number as a reference point, I know
> OpenSolaris is not the same as the packaged Solaris.
> But it is from similar base code and I have had a
> ticket open on this problem with Sun for over 2
> months, with no progress. So I tried asking the
> people that seem to know how to debug it better than
> Sun. With just the first reply I got more here, than
> by paying Sun.

Sorry, but it is my understanding that this and assorted other "admin" stuff is 
already extremely well documented on docs.sun.com. I knew about this before I 
installed my first OpenSolaris build ever.

Please look for mdb, kmdb and dtrace. These topics explain very nicely the fine 
art of debugging anything wrong in the system.

> Sun. With just the first reply I got more here, than
> by paying Sun.

Well an "RTM" reply won't be nice from a paid support, wouldn't it ?

- Akhilesh
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] Solaris intrusion hack? Good luck.

[Dennis Clarke]

[ subject line changed to something sane ]

> In my opinion, one of the most worrying hacks that would be
> fairly easy to target a UNIX or Solaris system is the well
> known xspy hack.  If you can get a user to run a program

Again, this all depends on some one being on the system already and they
open the door one way or another.

Suppose that there is a server somewhere, running Solaris, and you want to
crack into it.  There are no users there to help you. You have no one that
you can drag out to the local pub and ply with free booze, women, money or
threats. You have no access to the server physically and there is no sshd
daemon listening.

If we run nmap ( or whatever the name du jour is ) we see :

Warning:  OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
Interesting ports on xxx.xxx.xxx.xxx:
(The 1667 ports scanned but not shown below are in state: filtered)
PORT   STATE SERVICE
123/tcp open  ntp
Device type: general purpose
Running: Sun Solaris 9
OS details: Sun Solaris 9 with TCP_STRONG_ISS set to 2
OS Fingerprint:
TSeq(Class=TR%IPID=I%TS=100HZ)
T1(Resp=Y%DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

Uptime 392.121 days (since Sat Nov 17 18:25:16 2006)
TCP Sequence Prediction: Class=truly random
 Difficulty=999 (Good luck!)
TCP ISN Seq. Numbers: 7E932964 D0425673 DBFFBE65 ADDAC32C D1E4BB03 79E893E7
IPID Sequence Generation: Incremental

That is what a typical Solaris server looks like.  Like a damned slammed
shut door into which nothing enters unless you allow it.

So ... what do you do ?

Dennis
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Brian Cameron]

Alan:

> Xspy is so last decade 

The fact that this hack has existed for over a decade should
make me feel more comfortable.  :)  Anyway, I was just trying
to share another, perhaps more practical, example of how easy
it might be to hack a Solaris or UNIX box.

 > - the accessibility framework makes it
> much easier to monitor and modify keystrokes going through X,
> and required us to make various programs stop grabbing the X
> server, which blocked out all other clients while it was grabbed.

True.  However, at least a11y is off by default.  You can't run
X and turn off the ability to snoop via xspy.  :)

Brian
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Alan Coopersmith]

Brian Cameron wrote:
> In my opinion, one of the most worrying hacks that would be
> fairly easy to target a UNIX or Solaris system is the well
> known xspy hack.

Xspy is so last decade - the accessibility framework makes it
much easier to monitor and modify keystrokes going through X,
and required us to make various programs stop grabbing the X
server, which blocked out all other clients while it was grabbed.

Of course, secure sites use Trusted Extensions which protects
you against such things.

-- 
-Alan Coopersmith-   [EMAIL PROTECTED]
 Sun Microsystems, Inc. - X Window System Engineering
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Brian Cameron]

In my opinion, one of the most worrying hacks that would be
fairly easy to target a UNIX or Solaris system is the well
known xspy hack.  If you can get a user to run a program
(perhaps by getting them to click on an attachment, or
convincing a user to download and install some "cool new
freware" patched with a little extra code or via other
trojan techniques), then you can easily snoop on all
keyboard entry, even password entry into lockscreen programs.

http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html

If the user runs things like "su -" in their X windows
terminal programs, it wouldn't be to hard to automatically
figure out the keystrokes that follows are the root password.
Then this sensitive information could easily be logged somewhere
or automatically emailed/ftped/uploaded to someone malicious.

That's probably why some people say that it's a bit dangerous
to enter the root password while running X.

Since it's fairly easy to embed the xspy code into other
programs, it would be hard to identify your system has been
compromised by running "ps".

Isn't this the sort of problem that got Microsoft into a lot
of trouble a few years ago and made a mess of their security
reputation?  All we're missing on Solaris is some nasty
exploit to automatically launch attachments in your favorite
mail reader.

Brian
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] How to determine what caused crash/freeze under load on Thinkpad T61p

[Jürgen Keil]

> > Does it lock up solid and require a reset, or just
> > run slow? 
> 
> Locks up, doesn't even respond to ssh requests from
> another machine. Although 
> sometimes 'locking up' and 'running really really
> really slow' are indistingushable :-)

You can try to enable "deadman panics", by adding
this to /etc/system and rebooting:

set snooping=1

With certain hangs (> 50 seconds of kernel clock code
inactivity) the kernel will automatically panic the machine
with a "deadman panic" and writes a crash dump, when
snooping is set:

http://docs.sun.com/app/docs/doc/817-5789/6ml7kh1eq?a=view



You can also try to run the system under kmdb control
(boot the kernel with option "-k"), and either use
the text console (don't start the X11 server) or
use a serial console (you can use X11).  When the
system hangs, try to break into the kmdb debugger
("F1" + "a" on the text console, or a BREAK signal on
the serial console).
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] can I run solaris express

[James Carlson]

vuthecuong writes:
> My box is ASUS P5LD2-VM
> (PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run 
> smoothly).
> I would like to try opensolaris express comunity version.
> 
> I checked HCL but found that my above motherboard not listed there.
> (although many other ASUS motherboards listed).

The P5LD2-VM looks like a better fit to me than the older P5LD2, which
is on the HCL, because the -VM version has an Intel Ethernet
controller, and other 945G-based systems are in the HCL.  I'd be very
surprised if this one didn't work.

> This means I can not install solaris express???

No ... it only means that nobody who is using one has bothered to
submit a report for the HCL.

> Why I ask this question because I heared that solaris is not "friendly" with 
> hardware as linux such as redhat etc.

That doesn't sound like entirely reliable information to me.

-- 
James Carlson, Solaris Networking  <[EMAIL PROTECTED]>
Sun Microsystems / 35 Network Drive71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Jan Pechanec]

On Tue, 8 Jan 2008, UNIX admin wrote:

hi,

>> Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 (
>> from Blastwave.org )
>> pretty much everywhere and I disable the SunSSH
>> entirely. It is updated too
>> slowly for my tastes.
>
>Sun just finished a sync with OpenSSH.

that's correct but the resync was partial only. Only selected 
features were resynced. More info is on SSH's page on opensolaris.org.

>However, one of the problems is that Sun managed to piss Theo off (I'm not 
>going into who's right and who's wrong). Long story short, Theo swore that 
>if a vulnerability in OpenSSH is found, Sun won't be notified. This could 

we do notify them (CVE-2007-4752)

>pose a slight problem. What it means is that Solaris folk is more or less 
>left to themselves to audit SSH; no help will come from OpenBSD/OpenSSH 
>team. If it's a general vulenarbility, hopefully you had your eye on the 
>bulletins; if it's a Solaris specific one, you're on your own.

it doesn't matter if it's a general vulnerability or Solaris 
specific one, I'm quite sure that OpenSSH team will fix it in their code 
base simply because they take security seriously.

J.

-- 
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Casper . Dik]

>> With MD5 key hashes the keyspace is (much) longer and
>> brute force is still
>> the only option, yet the algorithm takes longer to
>> run and the size of the 
>> keyspace makes finding non-trivial passwords much
>> harder.
>
>According to the paper, it can take as fast as 67 seconds.
>I wouldn't dismiss it so quickly.

The paper is NOT about MD5 password hashes.

The paper is about creating two documents with the same MD5 hash.
I'm not sure but even the problem of taking a random hash and creating a 
document with that particular hash is unsolved.

This has little or no significance when it comes to md5 password
hashing which is a completely different beast altogether.

The current state of the art is something like:

you can find a "A and B" such that MD5(A) = MD5(B).


The MD5 password has is something like:

H = MD5(pw + salt)

for (i = 0; i < 1000; i++) {
H = MD5(H + some stuff (variable strings, depending on
the digest);

}

You run MD5 not once but 1000 or more times on MD5 hashes.

>One can never be paranoid enough.


Right.  But at this point there is nothing to suggest even a theoretical
attack on MD5 password hashing.

The only reason why we sat together and defined a SHA based password hash 
with other vendors is because of the "MD5 is broken, therefor MD5 password
hashing must be broken also" knee-jerk reaction which is more a sign of the
immaturity of the computer security industry than anything else.

Casper

___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] [Fwd: Re: NSA has backdoors into Windows?]

[Jan Pechanec]

>> Just hope that any OpenSSH vulnerabilities (which Sun SSH is based upon)
>> are fixed and your systems patched before you get hit.
>>
>
>Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 ( from Blastwave.org )
>pretty much everywhere and I disable the SunSSH entirely. It is updated too
>slowly for my tastes. Also I try to watch the IPFilter maillists closely and

hi Dennis, what are you missing in SunSSH now?

>while I know that Darren Reed is a Sun guy now I don't think that the
>ipfilter in Solaris is anywhere kept up to date.
>
>So long as the door is slammed shut I'm safe. I hope.

the fact that you run latest OpenSSH version doesn't necessarily 
mean that you are safer than if running SunSSH. CVE-2007-4752 is an example 
of that. And yes, SunSSH doesn't follow all OpenSSH changes but that's not a 
bad thing as such.

Jan.

--
Jan Pechanec
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[UNIX admin]

> With MD5 key hashes the keyspace is (much) longer and
> brute force is still
> the only option, yet the algorithm takes longer to
> run and the size of the 
> keyspace makes finding non-trivial passwords much
> harder.

According to the paper, it can take as fast as 67 seconds. I wouldn't dismiss 
it so quickly.

One can never be paranoid enough.

Like Martin Englund of Sun once wrote:

"the question is not whether you're a paranoid git, but whether you're paranoid 
enough."
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[UNIX admin]

> Thankfully I run openssh-4.7,REV=2007.12.26_rev=p1 (
> from Blastwave.org )
> pretty much everywhere and I disable the SunSSH
> entirely. It is updated too
> slowly for my tastes.

Sun just finished a sync with OpenSSH.

However, one of the problems is that Sun managed to piss Theo off (I'm not 
going into who's right and who's wrong). Long story short, Theo swore that if a 
vulnerability in OpenSSH is found, Sun won't be notified. This could pose a 
slight problem. What it means is that Solaris folk is more or less left to 
themselves to audit SSH; no help will come from OpenBSD/OpenSSH team. If it's a 
general vulenarbility, hopefully you had your eye on the bulletins; if it's a 
Solaris specific one, you're on your own.

> Also I try to watch the
> IPFilter maillists closely and
> while I know that Darren Reed is a Sun guy now I
> don't think that the
> ipfilter in Solaris is anywhere kept up to date.
> 
> So long as the door is slammed shut I'm safe. I hope.

Hope dies last; however, all it takes is somebody uncovering the next SSH 
vulnerability. These are normally uncovered by professional black hats and 
guarded as the strictest secret, so nobody knows that a patch will be needed.

A pro is very likely to go after Solaris boxes, because, unlike script kiddies, 
the pros know that Solaris is the workhorse where the valuable data is usually 
stored.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] Firefox 3.0 Beta 2 for Solaris

[Alfred Peng]

Hi Richard,

I had the similar issue which seems to be related to pango. Upgrade to 
the latest svn could partly fix this. Please also note the bug here: 
https://bugzilla.mozilla.org/show_bug.cgi?id=405268 in case you meet the 
same stack.

-Alfred

Richard L. Hamilton wrote:
>> In case you're wondering if there's actually builds
>> of the betas for Solaris. There are, if you look
>> really really close.
>>
>> x86 and SPARC builds for Solaris Nevada to be found
>> here:
>>
>> http://releases.mozilla.org/pub/mozilla.org/firefox/re
>> leases/3.0b2/contrib/solaris_pkgadd/
>>
>> That build appears relatively stable to me. Be sure
>> to back up the profile though, and be prepared to
>> wave good bye to some extensions and skins that
>> aren't updated already to work this this.
>> 
>
> Not working so well for me:
>
> $ uname -a
> SunOS paradox 5.11 snv_66 sun4u sparc SUNW,Sun-Blade-1000
> $ /opt/sfw/bin/firefox
>
> (Gecko:2633): Pango-WARNING **: shape engine failure, expect ugly output. the 
> offending font is 'Arial Not-Rotated 0'
> Segmentation Fault - core dumped
>
> pstack output for the thread that seems to have been the one having problems:
>
> -  lwp# 1 / thread# 1  
>  ff0c4be8 _lwp_kill (b, ffbfb0c0, 0, 0, fffc, 1) + 8
>  fd93e938 __1cNnsProfileLockSFatalSignalHandler6Fi_v_ (b, 219f54, 70464, 28, 
> fedc7e78, fd93e720) + 1cc
>  ff0c3b24 __sighndlr (b, 0, ffbfb248, fd93e76c, 0, 0) + c
>  ff0b8434 call_user_handler (b, 0, ffbfb248, fc18b1c0, 480b0, ff100658) + 41c
>  f7f18e88 FT_Get_Char_Index (fc18b198, 30, 1, fc13c428, b17fa0, fc18b118) + 18
>  fc12af24 _cairo_scaled_font_text_to_glyphs (fc18b198, 0, 1, ffbfb668, 3, 
> ffbfb5e8) + 124
>  fc12ab10 cairo_scaled_font_text_extents (fc18b198, ffbfbb26, ffbfba80, 
> ffbfb66c, f8088570, ffbfb668) + 28
>  f8074160 _pango_cairo_font_get_hex_box_info (fc18b198, b54c00, 0, 1, 
> f8088570, b5e3c0) + 4e0
>  f8074530 _pango_cairo_get_glyph_extents_missing (b54c00, 1045, 0, 
> ffbfbbe8, f807764c, 14054) + 18
>  f836af80 fallback_engine_shape (b55730, b1f948, fc9ba708, 4c, 75df4c, 
> 1045) + 94
>  f837ec00 pango_shape (b1f948, d, 75df4c, b55730, 0, 22ec0) + 1f4
>  f83718b4 shape_run (b53a58, ffbfbdf0, 75df40, b55730, fc9b8684, 9b5630) + 6c
>  f8371a14 process_item (9b5630, b53a58, ffbfbdf0, 1, 0, 1000) + 44
>  f837213c process_line (9b5630, ffbfbdf0, , 75df40, f83a18d0, b53a58) 
> + 114
>  f8372a38 pango_layout_check_lines (ffbfbdf0, b1f948, 9b5630, 0, d, b1f955) + 
> 3b8
>  f8370aac pango_layout_get_extents_internal (0, 0, ffbfbf38, 0, 9b5630, 0) + 
> 13c
>  f8029ea4 pango_fc_font_create_metrics_for_context (b3a5e8, a15090, f838ff58, 
> 34840, b52c60, f805e664) + 84
>  f80772c0 pango_cairo_fc_font_get_metrics (b3a5e8, 5cac10, f838ff58, b0f8d0, 
> a15090, 0) + 9c
>  fe72c59c __1cMgfxPangoFontKGetMetrics6M_rknHgfxFontHMetrics__ (b4f428, 
> 5cac10, fefdca64, fefdd100, b4f450, fedc7e78) + 118
>  fe586ed0 __1cTnsThebesFontMetricsSGetExternalLeading6Mri_I_ (b436a8, 
> ffbfc3ec, fedc7e78, ff7bf010, 840c00, 11b0824) + 20
>  fdc1766c __1cTGetNormalLineHeight6FpnOnsIFontMetrics__i_ (b436a8, b4ea54, 
> fefac7f8, ffbfc478, 879d80, fe586eb0) + 24
>  fdc17848 
> __1cRnsHTMLReflowStateOCalcLineHeight6FpnTnsIRenderingContext_pnOnsStyleContext__i_
>  (ac7910, ac86c8, fedc7e78, 3c, ac8774, 0) + dc
>  fdbe670c 
> __1cSnsBlockReflowState2t5B6MrknRnsHTMLReflowState_pnNnsPresContext_pnMnsBlockFrame_rknTnsHTMLReflowMetrics_iii_v_
>  (ffbfc690, ffbfc944, a56298, ac8774, 4000, 1dd30) + 2b0
>  fdbd8d14 
> __1cMnsBlockFrameGReflow6MpnNnsPresContext_rnTnsHTMLReflowMetrics_rknRnsHTMLReflowState_rI_I_
>  (ac8774, a56298, ffbfc9f4, ffbfc944, ffbfcb84, 0) + b4
>  fdbd639c 
> __1cZnsAbsoluteContainingBlockTReflowAbsoluteFrame6MpnInsIFrame_pnNnsPresContext_rknRnsHTMLReflowState_iii2rIpnGnsRect__I_
>  (fdbd8c60, ab23dc, a56298, ffbfcff4, fedc7e78, fef011d8) + 1b8
>  fdbd5b74 
> __1cZnsAbsoluteContainingBlockGReflow6MpnQnsContainerFrame_pnNnsPresContext_rknRnsHTMLReflowState_rIipnGnsRect__I_
>  (ab2428, ab23dc, a56298, ffbfcff4, e2e0, ee98) + 488
>  fdbd9348 
> __1cMnsBlockFrameGReflow6MpnNnsPresContext_rnTnsHTMLReflowMetrics_rknRnsHTMLReflowState_rI_I_
>  (ab23dc, a56298, ffbfd0a4, ffbfcff4, ffbfd21c, ee98) + 6e8
>  fdbee238 
> __1cQnsContainerFrameLReflowChild6MpnInsIFrame_pnNnsPresContext_rnTnsHTMLReflowMetrics_rknRnsHTMLReflowState_iiIrIpnbDnsOverflowContinuationTracker__I_
>  (fdbf7748, ab23dc, a56298, ffbfd0a4, ffbfcff4, 0) + 68
>  fdc12f04 
> __1cLCanvasFrameGReflow6MpnNnsPresContext_rnTnsHTMLReflowMetrics_rknRnsHTMLReflowState_rI_I_
>  (ffbfd228, a56298, ffbfd38c, ffbfd228, ffbfd21c, a80754) + 108
>  fdbee238 
> __1cQnsContainerFrameLReflowChild6MpnInsIFrame_pnNnsPresContext_rnTnsHTMLReflowMetrics_rknRnsHTMLReflowState_iiIrIpnbDnsOverflowContinuationTracker__I_
>  (fdbf7748, a80754, a56298, ffbfd38c, ffbfd228, 0) + 68
>  fdc0901c 
> __1cRnsHTMLScrollFrameTReflowScrolledFrame6MpnRScrollReflowState_iipnTnsHTMLReflowMetrics_

Re: [osol-discuss] NSA has backdoors into Windows?

[Casper . Dik]

>
>I have to dissapoint you again: MD5 has been broken and can no longer be 
>considered safe:


But that is nearly completely irrelevant for MD5 password hashing.

And even though "DES" is broken, there are no breaks for original UNIX 
crypt which are faster than brute force (though pre-computing all hashes is
probably feasible by now)

With MD5 key hashes the keyspace is (much) longer and brute force is still
the only option, yet the algorithm takes longer to run and the size of the 
keyspace makes finding non-trivial passwords much harder.


Casper

___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[Casper . Dik]

>This is an example. If the attacker found and exploited a zero day 
>vulnerability
>in SSH, he would be root, and would need no password for `su -`. I thought that
>much was clear.

If, indeed, he exploited a bit of ssh which runs as root as a (large)
part of it does not.

(There are two daemons for each connection: one running as the user with
the user's privileges, the other running as root to perform authentication 
chores but not much else)


Casper

___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[UNIX admin]

> You example only works if you are actually on the box
> already. Sort of silly
> really.

It was meant to be silly. It was meant to be silly and highlight that breaking 
into a Solaris system can happen in the stupidest ways possible.

> Also, I always edit /etc/security/policy.conf to use
> MD5 hashs in the
> /etc/shadow so even if someone were to gain access to
> the hard drive they
> would have a super tough time getting a valid
> password. Once they do, they
> rae stuck with key exchange access anyways.

I have to dissapoint you again: MD5 has been broken and can no longer be 
considered safe:

"In 2004, more serious flaws were discovered making further use of the 
algorithm for security purposes questionable."
http://en.wikipedia.org/wiki/MD5

"In this paper, we present an improved attack algorithm to find two-block 
collisions
of the hash function MD5. The attack uses the same differential path of MD5 and 
the
set of sufficient conditions that was presented by Wang et al. We present a new 
technique
which allows us to deterministically fulfill restrictions to properly rotate 
the differentials in
the first round. We will present a new algorithm to find the first block and we 
will use an algorithm
of Klima to find the second block."

http://www.win.tue.nl/hashclash/fastcoll.pdf

Since you're good at math, reading that paper up there should be right up your 
alley.

> So .. I feel better about Solaris and its
> hack-ability. Not worse.

Still?
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] NSA has backdoors into Windows?

[UNIX admin]

> AFAIK cd00r.c and dtrace need root privs, I your
> hacker has obtained  
> root privs you are screwed anyway...

Correct. And in a major way, no less.

> And where did the hacker get this password from ?

This is an example. If the attacker found and exploited a zero day 
vulnerability in SSH, he would be root, and would need no password for `su -`. 
I thought that much was clear.

> Why limit this to only one pid ? Just have it trigger
> on all crypts  
> and you might even get some telnet users.

You can do just about anything with DTrace. Again, this example was meant to 
highlight that one should not be lulled by a false sense of security.

> Trivial if you have root ( or the required dtrace
> privileges),  
> probably a lot harder without them.

If SSH is exploited, an attacker will have root. DTrace magic won't work in a 
zone unless the zone has been specifically configured that way, but that's a 
story for another day.

What's important here is to have an understanding what will and won't work, and 
under which circumstances. However, believing that it's next to impossible to 
break into a Solaris system means living dangerously.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

Re: [osol-discuss] can I run solaris express

[Ian Collins]

vuthecuong wrote:
> My box is ASUS P5LD2-VM
> (PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run 
> smoothly).
> I would like to try opensolaris express comunity version.
>
> I checked HCL but found that my above motherboard not listed there.
>   
Try the install check tool:

http://www.sun.com/bigadmin/hcl/hcts/install_check_sx.html

Ian
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org

[osol-discuss] can I run solaris express

[vuthecuong]

My box is ASUS P5LD2-VM
(PentiumD 2.8Ghz, Ram 1gb, Sata 60GB with centos,fedora,freebsd 7 run smoothly).
I would like to try opensolaris express comunity version.

I checked HCL but found that my above motherboard not listed there.
(although many other ASUS motherboards listed).
This means I can not install solaris express???
Why I ask this question because I heared that solaris is not "friendly" with 
hardware as linux such as redhat etc.
Sorry If I'm wrong.
 
 
This message posted from opensolaris.org
___
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org