Andi Kleen wrote:
On Tuesday 20 November 2007 04:50, Christoph Lameter wrote:
On Tue, 20 Nov 2007, Andi Kleen wrote:
You could in theory move the modules, but then you would need to implement
a full PIC dynamic linker for them first and also increase runtime overhead
for them because they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
USB isn't working on my zv5405us on a 2.6.10 ubuntu kernel. Or on
gentoo. Or anything. It works in WindowsXP though.
I can extract the error from dmesg.
Here's ACPI first (ACPI works btw)
Nvidia board detected. Ignoring ACPI timer override.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So I've noticed, again, much annoyed, that if I rely on -t auto,
horrible horrible things happen.
I have had floppies and compact flash cards that I've done mkfs.vfat to
make fat32 filesystems on (not fat16), and mounting them brings the
thing on as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christoph Hellwig wrote:
On Sun, Feb 06, 2005 at 12:33:43AM -0500, John Richard Moser wrote:
I dunno. I can never understand the innards of the kernel devs' minds.
filesystem detection isn't handled at the kerne level.
o_o
. . . then I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roman Zippel wrote:
Hi,
On Thu, 3 Feb 2005, Peter Busser wrote:
- What happens when you run existing commercial applications which have not
been compiled using GCC.
From http://pax.grsecurity.net/docs/pax.txt:
The goal of the PaX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Mon, 2005-01-31 at 13:57 +0100, Peter Busser wrote:
Hi!
[...]
the paxtest 0.9.6 that John Moser mailed to this list had this gem in
it:
@@ -39,8 +42,6 @@
*/
int paxtest_mode = 1;
+ /*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
* Lorenzo Hernández García-Hierro ([EMAIL PROTECTED]) wrote:
This patch adds two checks to do_follow_link() and sys_link(), for
prevent users to follow (untrusted) symlinks owned by other users in
world-writable +t directories
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
* John Richard Moser ([EMAIL PROTECTED]) wrote:
I've yet to see this break anything on Ubuntu or Gentoo; Brad Spengler
claims this breaks nothing on Debian. On the other hand, this could
potentially squash the second most
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
* John Richard Moser ([EMAIL PROTECTED]) wrote:
Yes, mkdtemp() and mkstemp().
Of course we can't always rely on programmers to get it right, so the
idea here is to make sure we ask broken code to behave nicely, and stab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm playing Skies of Arcadia Legends on my GameCube and noticing that
software bugs continuously produce errors (no scratch on the disk; I can
have an error, reset, play through it easy). This leads me on and on,
but now it's lead me into thinking
like to understand everything,
it makes things easier.
Felipe Alfaro Solana wrote:
On Thu, 10 Mar 2005 17:32:39 -0500, John Richard Moser
[EMAIL PROTECTED] wrote:
CPL=3 scares me; context switches are expensive. can they have direct
hardware access? I'm sure a security model to isolate user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm using Ubuntu Linux Hoary
[EMAIL PROTECTED]:~# uname -a
Linux icebox 2.6.10-5-686 #1 Tue Mar 15 15:16:01 UTC 2005 i686 GNU/Linux
[EMAIL PROTECTED]:~# fsck.vfat -r /dev/sda1
dosfsck 2.10, 22 Sep 2003, FAT32, LFN
/\uSCK.REN
Duplicate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've been looking at the UDI project[1] and thinking about binary
drivers and the like, and wondering what most peoples' take on these are
and what impact that UDI support would have on the kernel's development.
I know the immediate first reactions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greg KH wrote:
On Thu, Mar 10, 2005 at 11:28:39AM -0500, John Richard Moser wrote:
I've been looking at the UDI project[1] and thinking about binary
drivers and the like, and wondering what most peoples' take on these are
and what impact that UDI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've done more thought, here's a small list of advantages on using
binary drivers, specifically considering UDI. You can consider a
different implementation for binary drivers as well, with most of the
same advantages.
- Smaller kernel tree
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ralf Baechle wrote:
On Thu, Mar 10, 2005 at 11:28:39AM -0500, John Richard Moser wrote:
I've been looking at the UDI project[1] and thinking about binary
drivers and the like, and wondering what most peoples' take on these are
and what impact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stop mailing me, I lost interest when I figured out nobody else cared.
Diego Calleja wrote:
El Thu, 10 Mar 2005 12:24:15 -0500,
John Richard Moser [EMAIL PROTECTED] escribió:
[...]
- Smaller kernel tree
[...]
- Better focused
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
People are still e-mailing me about this?
Lennart Sorensen wrote:
On Thu, Mar 10, 2005 at 12:24:15PM -0500, John Richard Moser wrote:
I've done more thought, here's a small list of advantages on using
binary drivers, specifically considering UDI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Chubb wrote:
John == John Richard Moser [EMAIL PROTECTED] writes:
John I've done more thought, here's a small list of advantages on
John using binary drivers, specifically considering UDI. You can
John consider a different
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OGAWA Hirofumi wrote:
John Richard Moser [EMAIL PROTECTED] writes:
It appears dosfsck may not be working quite right. I've taken this into
account, hence the second pass after each fsck. This is either a
dosfsck issue, a usb-storage issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings.
Currently I'm in need of some information about both vanilla and Exec
Shield kernels in regards to markings emitted by the toolchain,
specifically PT_GNU_STACK. I'd like to check my assumptions, in
preparation for possibly making a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
As I understand, PT_GNU_STACK uses a single marking to control whether a
task gets an executable stack and whether ASLR is applied to the
executable.
you understand wrongly.
PT_GNU_STACK just sets the exec permission
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Mon, 2005-03-28 at 13:50 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
As I understand, PT_GNU_STACK uses a single marking to control whether a
task gets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brandon Hale wrote:
actually Linus was really against adding non-related things to this
flag. And I think he is right...
Makes sense to me.
[...]
IMO you have this backwards, John. Rather than having the majority (ES,
mainline NX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
You need to consider that in the end I'd need PT_GNU_STACK to do
everything PaX wants
why?
Why not have independent flags for independent things?
That way you have both cleanness of design and you don't break anything.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
You need to consider that in the end I'd need PT_GNU_STACK to do
everything PaX wants
why?
Why not have independent flags for independent things?
That way you have both cleanness of design and you don't break anything.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Richard Moser wrote:
Arjan van de Ven wrote:
[...]
Three more notes, then I'll sleep. These notes won't include the two
paragraph long explaination of falling back to PT_GNU_STACK if
PT_PAX_FLAGS isn't there; compatibility has been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Tue, 2005-03-29 at 14:07 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
[...]
/me shrugs. It's a security blanket for him mostly; he fears automagic
security maintainence.
who is him ?
me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How likely is it that I can actually align stuff to 31.5KiB on the
physical disk, i.e. have each block be a track?
Rather than leveraging the track cache, would it be less expensive for
me to simply read in blocks totaling about 16 or 32KiB all at
, shrink) while running. I don't
see how to grow left; shrinking from the left is easy enough. Wait,
suddenly I see how to grow left: Superblock at the end, and a bit of
magic. . . .
Robert Hancock wrote:
John Richard Moser wrote:
How likely is it that I can actually align stuff to 31.5KiB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well the LSM mailing list seems to be dead, even the archives stop at
Jan 15 2005. My own mails don't come back to me (I'm subscribed).
So, Which version of Linux will first implement stacking in LSM as per
Serge Hallyn's patches?
Where is the new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Wright wrote:
* John Richard Moser ([EMAIL PROTECTED]) wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well the LSM mailing list seems to be dead, even the archives stop at
Jan 15 2005. My own mails don't come back to me (I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
icebox linux-2.6.10-grs # make
CHK include/linux/version.h
make[1]: `arch/x86_64/kernel/asm-offsets.s' is up to date.
CHK include/linux/compile.h
CHK usr/initramfs_list
GEN .version
CHK include/linux/compile.h
UPD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Mon, 24 Jan 2005 19:04:53 EST, John Richard Moser said:
fs/built-in.o(.text+0xe413): In function `link_path_walk':
: undefined reference to `gr_inode_follow_link'
fs/built-in.o(.text+0xe933): In function
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What systems exist for complex logging and security auditing in the kernel?
For example, let's say I wanted to register my specific code (i.e. a
security module) to log, and adjust to log level N. I also want another
module to log at log level L,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill Davidsen wrote:
Linus Torvalds wrote:
On Tue, 25 Jan 2005, Bill Davidsen wrote:
Unfortunately if A depends on B to work at all, you have to put A and
B in as a package.
No. That's totally bogus. You can put in B on its own. You do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Tue, 25 Jan 2005, John Richard Moser wrote:
It's kind of like locking your front door, or your back door. If one is
locked and the other other is still wide open, then you might as well
not even have doors. If you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dmitry Torokhov wrote:
On Tue, 25 Jan 2005 13:37:10 -0500, John Richard Moser
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Tue, 25 Jan 2005, John Richard Moser wrote:
It's kind of like
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Tue, 25 Jan 2005, John Richard Moser wrote:
Sure there is. There's the gain that if you lock the front door but not
the back door, somebody who goes door-to-door, opportunistically knocking
on them and testing them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
J. Bruce Fields wrote:
On Tue, Jan 25, 2005 at 02:56:13PM -0500, John Richard Moser wrote:
In this context, it doesn't make sense to deploy a protection A or B
without the companion protection, which is what I meant.
But breaking up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Tue, 25 Jan 2005 14:56:13 EST, John Richard Moser said:
This puts pressure on the attacker; he has to find a bug, write an
exploit, and find an opportunity to use it before a patch is written and
applied to fix
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
linux-os wrote:
On Tue, 25 Jan 2005, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dmitry Torokhov wrote:
On Tue, 25 Jan 2005 13:37:10 -0500, John Richard Moser
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill Davidsen wrote:
On Tue, 25 Jan 2005, John Richard Moser wrote:
Thus, by having fewer exploits available, fewer successful attacks
should happen due to the laws of probability. So the goal becomes to
fix as many bugs as possible
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Wed, 26 Jan 2005 14:31:00 EST, John Richard Moser said:
[*] Grsecurity
Security Level (Custom) ---
Address Space Protection ---
Role Based Access Control Options ---
Filesystem Protections ---
Kernel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
proc_misc_init() has both these lines in it:
entry = create_proc_entry(kmsg, S_IRUSR, proc_root);
proc_root_kcore = create_proc_entry(kcore, S_IRUSR, NULL);
Both entries show up in /proc, as /proc/kmsg and /proc/kcore. So I ask,
as I can't see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sytse Wielinga wrote:
[...]
If you people ever bothered to read what I say, you wouldn't continually
say stupid shit like me You get milk from cows you wtf idiot
chocolate milk doens't come from chocolate cows
I'm sorry about the rant.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sytse Wielinga wrote:
On Tue, Jan 25, 2005 at 03:03:04PM -0500, John Richard Moser wrote:
That being said, you should also consider (unless somebody forgot to
tell me something) that it takes two source trees to make a split-out
patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[]
Did any of you actually READ the link I put? How the heck did we get
the navy into this?
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Randy.Dunlap wrote:
John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
proc_misc_init() has both these lines in it:
entry = create_proc_entry(kmsg, S_IRUSR, proc_root);
proc_root_kcore = create_proc_entry(kcore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Al Viro wrote:
On Wed, Jan 26, 2005 at 09:33:48PM -0500, John Richard Moser wrote:
create_proc_entry(kmsg, S_IRUSR, proc_root);
So this is asking for proc_root to be filled?
create_proc_entry(kcore, S_IRUSR, NULL);
And this is just saying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Wed, 26 Jan 2005 22:35:18 EST, John Richard Moser said:
This particular problem pertains to proc_misc.c and trying to create a
hook for some grsecurity protections that alter the modes on certain
/proc entries
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005 01:51:05 EST, John Richard Moser said:
mmm. I'd thought about that actually-- for modules to get a whack at
this they'd have to be compiled in. Loaded as modules would break the
security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
The patch below replaces the existing 8Kb randomisation of the userspace
stack pointer (which is currently only done for Hyperthreaded P-IVs) with a
more general randomisation over a 64Kb range.
64k of stack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Thu, 2005-01-27 at 12:45 +0100, Julien TINNES wrote:
Arjan van de Ven wrote:
The randomisation patch series introduces infrastructure and functionality
that causes certain parts of a process' virtual address space to
the randomization by tweaking one variable aren't we
cool!!!?
Red Hat is all smoke and mirrors anyway when it comes to security, just
like Microsoft. This just reaffirms that.
Arjan van de Ven wrote:
On Thu, 2005-01-27 at 12:38 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Thu, 27 Jan 2005, John Richard Moser wrote:
What the hell?
John. Stop frothing at the mouth already!
I'm coarse, I'm not angry.
Your suggestion of 256MB of randomization for the stack SIMPLY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Thu, 27 Jan 2005, Linus Torvalds wrote:
Real engineering is about doing a good job balancing different issues.
[...]
test. Maybe such a vendor understands that you have to ease into things,
and you can't just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julien TINNES wrote:
Yeah, if it came from PaX the randomization would actually be useful.
Sorry, I've just woken up and already explained in another post.
Please, no hard feelings.
Speaking about implementation of the non executable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
On Thu, 27 Jan 2005, John Richard Moser wrote:
Your suggestion of 256MB of randomization for the stack SIMPLY IS NOT
ACCEPTABLE for a lot of uses. People on 32-bit archtiectures have issues
with usable virtual memory
In other words, no :)
Here's self-exploiting code to discover its own return address offset
and exploit itself. It'll lend some insight into how this stuff works.
Just a toy.
Arjan van de Ven wrote:
On Thu, 2005-01-27 at 14:19 -0500, linux-os wrote:
Gentlemen,
Isn't the return address on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So 0x02020202 is a no-op?
(somebody finally gets why the randomization range must be the size of
the stack?)
linux-os wrote:
[...]
pointing back into that buffer needs the address of that buffer. That
buffer is on the stack, which is now
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linus Torvalds wrote:
[...]
Your suggestion of 256MB of randomization for the stack SIMPLY IS NOT
ACCEPTABLE for a lot of uses. People on 32-bit archtiectures have issues
with usable virtual memory areas etc.
I feel the need to point
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
I feel the need to point something out here.
[TEXT][BRK][MMAP---][STACK]
Here's a normal layout.
[TEXT][BRK][MMAP---][STACK][MMAP--]
Is this one any worse?
yes.
oracle, db2 and similar like to mmap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill Davidsen wrote:
On Thu, 27 Jan 2005, Zan Lynx wrote:
On Thu, 2005-01-27 at 10:37 -0600, Jesse Pollard wrote:
On Wednesday 26 January 2005 13:56, Bill Davidsen wrote:
On Wed, 26 Jan 2005, Jesse Pollard wrote:
On Tuesday 25 January 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paulo Marques wrote:
John Richard Moser wrote:
In other words, no :)
Here's self-exploiting code to discover its own return address offset
and exploit itself. It'll lend some insight into how this stuff works.
I really shouldn't feed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can someone give me a layout of what exactly is up there? I got the
basic idea
K 4G
A 3G
A 2G
A 1G
App has 3G, kernel has 1G at the top of VM on x86 (dunno about x86_64).
So what's the layout of that top 1G? What's it all used for? Is there
some
is vs a half gig or a gig that can be freed up.
Josh Boyer wrote:
On Fri, 2005-01-28 at 15:06 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can someone give me a layout of what exactly is up there? I got the
basic idea
K 4G
A 3G
A 2G
A 1G
App has 3G, kernel has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Molnar wrote:
* Paulo Marques [EMAIL PROTECTED] wrote:
I really shouldn't feed the trolls, but this must be the most silly
piece of code I saw on this mailing list in a very long time (and
there have been some good examples over time).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rik van Riel wrote:
On Thu, 27 Jan 2005, John Richard Moser wrote:
Arjan van de Ven wrote:
Is this one any worse?
yes.
oracle, db2 and similar like to mmap 2Gb or more *in one chunk*.
Special case?
Absolutely, but ...
Can I
without breaking third party
software, see above for explaination.
Linus Torvalds wrote:
On Thu, 27 Jan 2005, John Richard Moser wrote:
What the hell?
John. Stop frothing at the mouth already!
Your suggestion of 256MB of randomization for the stack SIMPLY IS NOT
ACCEPTABLE for a lot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
These are the only places mprotect() is mentioned; a visual scan
confirms no trickery:
if( fork() == 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
I actually just tried to paxtest a fresh Fedora Core 3, unadultered,
that I installed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jakub Jelinek wrote:
On Sat, Jan 29, 2005 at 01:31:46AM -0500, John Richard Moser wrote:
Finally, although an NX stack is nice, you should probably take into
account IBM's stack smash protector, ProPolice. Any attack that can
evade SSP reliably
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christoph Hellwig wrote:
On Sat, Jan 29, 2005 at 12:49:05PM -0500, John Richard Moser wrote:
The ideas in IBM's ProPolice changes are good and worth
implementing, but the current implementation is bad.
Lies. I've read the paper on the current
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Fitzhardinge wrote:
It would be terribly useful to have some way of
lseeking /proc/pid/maps to the entry of a particular address. So, if
you want to find the information about a mapping containing address
0x12345678, it would set the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there an official Linux Kernel Audit Project to actively and
aggressively security audit all patches going into the Linux Kernel, or
do they just get a cursory scan for bugs and obvious screwups?
- --
All content of all messages exchanged herein
this is arbitrary code
execution from inside the kernel and it doesn't matter who the kernel
thinks you are, you're in control.
Oh well, at least they still get fixed when they're seen.
John Richard Moser wrote:
Is there an official Linux Kernel Audit Project to actively and
aggressively security audit
about having the changes
audited FIRST before releasing; for now that's just not feasible.
Dave Jones wrote:
On Mon, Jan 17, 2005 at 02:17:37AM -0500, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there an official Linux Kernel Audit Project to actively
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Diego Calleja wrote:
El Mon, 17 Jan 2005 02:40:06 -0500 John Richard Moser [EMAIL PROTECTED]
escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On the same line, I've been graphing Ubuntu Linux Security Notices for a
while. I've
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adrian Bunk wrote:
On Mon, Jan 17, 2005 at 02:47:32AM -0500, John Richard Moser wrote:
[...]
What exactly do you want to audit for?
Security holes
If it's only for ordinary bugs, that's simply not feasible.
The amount of patches going
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan Cox wrote:
On Llu, 2005-01-17 at 07:40, John Richard Moser wrote:
On the same line, I've been graphing Ubuntu Linux Security Notices for a
while. I've noticed that in the last 5, the number of kernel-related
vulnerabilities has doubled (3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan Cox wrote:
[...]
There are also people other than Linus who read every single changeset.
I do for one.
Yes but (off the record) you people can't even keep hysterical raisins
out of fs/proc/base.c :)
[...]
- --
All content of all messages
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was looking at what happens to responsiveness when CPU usagee goes up
and I had an idea about CPU and IO scheduling.
Tasks can be grouped by user and nice (and by scheduler type but let's
leave SCHED_RR and friends out of this). Let's say that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Molnar wrote:
* John Richard Moser [EMAIL PROTECTED] wrote:
There was a kernel-based randomization patch floating around at some
point, though. I think it's part of PaX. That's the one I hated.
PaX and Exec Shield both have them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Molnar wrote:
* John Richard Moser [EMAIL PROTECTED] wrote:
Split-out portions of PaX (and of ES) don't make sense. [...]
which shows that you dont know the exec-shield patch at all, nor those
split-out portions. At which point
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
ES has been actively developed since it was poorly implemented in 2003.
PaX has been actively developed since it was poorly implemented in
2000. PaX has had about 4 times longer to go from a poor
proof-of-concept NX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
I respect you as a kernel developer as long as you're doing preemption
and schedulers; but I honestly think PaX is the better technology, and I
think it's important that the best security technology be in place.
the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Wed, 19 Jan 2005 13:50:23 EST, John Richard Moser said:
Arjan van de Ven wrote:
Split-out portions of PaX (and of ES) don't make sense.
they do. Somewhat.
They do to break all existing exploits until someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
On Wed, 19 Jan 2005 15:12:05 EST, John Richard Moser said:
And why were they merged? Because they showed up in 4-8K chunks.
so you want 90-200 split out patches for GrSecurity?
Even better would be a 30-40
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Molnar wrote:
* John Richard Moser [EMAIL PROTECTED] wrote:
I respect you as a kernel developer as long as you're doing preemption
and schedulers; [...]
actually, 'preemption and schedulers' ignores 80% of my contributions to
Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
On Thu, 2005-01-20 at 13:16 -0500, John Richard Moser wrote:
Even when the tagging is all automatic, to really deploy a competantly
formed system you have to review the results of the automated tagging.
It's a bit easier
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does anyone have a p35u based camera? I have an EZCam Pro p35u based,
still no driver I believe. Anything I can do to help with making one,
like dump some sort of hardware data off it (yeah right)?
- --
All content of all messages exchanged herein
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can someone point me to documentation or give me a small patch to add an
LSM hook to kernel 2.6.10 in fs/namei.c at line 1986:
new_dentry = lookup_create(nd, 0);
error = PTR_ERR(new_dentry);
if (!IS_ERR(new_dentry)) {
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was writing a section of my paper (Designing a Secure and Friendly
Operating System) and basically describing and explaining why the
memory protection policy (mprotect() restrictions) supplied by PaX is
a powerful security tool; and I had a thought.
Alan wrote:
I no longer have two kernels to test through; I can't tell if the speed
is back or not. Nothing in dmesg tells me if SATA is using DMA or
32-bit IO support though, so I don't know... lack of knowledge over here
is killing me for troubleshooting this on my own.
The dmesg
I've set up some stuff on my box where /etc/security/limits.conf
contains the following:
@users softnproc 3072
@users hardnproc 4096
I'm in group users, and a simple fork bomb is easily quashed by this:
[EMAIL PROTECTED]:~$ :(){ :|:; };:
bash: fork:
Jan Engelhardt wrote:
I've set up some stuff on my box where /etc/security/limits.conf
contains the following:
@users softnproc 3072
@users hardnproc 4096
I'm in group users, and a simple fork bomb is easily quashed by this:
[EMAIL
[EMAIL PROTECTED] wrote:
On Sat, 23 Dec 2006 19:42:10 EST, John Richard Moser said:
Jan Engelhardt wrote:
I've set up some stuff on my box where /etc/security/limits.conf
contains the following:
@users softnproc 3072
@users hardnproc 4096
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm running on an Athlon 64 in 32-bit mode, running 32-bit Ubuntu with
kernel 2.6.19 (Ubuntu version 2.6.19-7-generic for the curious;
compiled for 586). Apparently, 'noexec=on' on the kernel command line
does nothing; the NX bit seems to not work.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kyle McMartin wrote:
On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote:
I have filed this as a distro bug with Ubuntu; it may be their issue, I
haven't dug deep enough to find out. I am posting this here to disperse
1 - 100 of 217 matches
Mail list logo