debian tag cloud

Sponsored by
HostEurope Logo

debian tag cloud

All 1 2 3 4 5 6 7 8 9

Well, I suppose I should be happy that mksh is actually used…

  • [tg] Correct shf buffer I/O routines to avoid a memory corruption bug discovered by Waldemar Brodkorb and other bad effects
  • [tg] Fix NULL pointer dereference during iteration loop when checking for alias recursion; discovered by Michal Hlavinka

That’s OpenADK (Waldemar’s fork of FreeWRT, which is Waldemar’s fork of OpenWrt), and Red Hat Enterprise Linux, respectively. Popcon in Debian and its derivates is also pleasant.

I could use some help bugfixing this though:

	(sleep 3; exit 12) &
	bgprocpid=$!
	sleep 6
	# background process is done by now
	wait $bgprocpid
	# POSIX mandates that, since $! was asked
	# for, wait is to reply its errorlevel

Somehow, JF_KNOWN is never set – and I can’t debug this with gdb(1).

(There’s also a dashism in some *buntu start scripts that does pretty much the same except it uses “wait %1” there. In fact it doesn’t even seem to use $! – no idea whether we can support that at all in a POSIX shell – which dash clearly isn’t… – without keeping track of background processes forever.)

I’ve got some interesting results using r1.1 of an example test programme (r1.2 got cleaned up and more output) on various systems, regarding ASLR. The 1.1 revision tests everything mksh R40+ will use (except there will probably no larger than page sized allocations) for its LCG PRNG. On OpenBSD (MirBSD, ÆrieBSD) malloc(3) uses in fact mmap(2), which is randomised. (Though -pie doesn’t yet work as it’s supposed to.) Some OSes are better than others… but look for yourself. (Read on to continue, not part of the RSS for size reasons. This wlog entry may be updated – with bumped date – unperiodically.)

MirBSD-current/i386

tg@blau:~ $ mgcc -static x.c
x.c:0: note: someone does not honour COPTS correctly, passed 0 times
x.c: In function `foo':
x.c:27: warning: function returns address of local variable
tg@blau:~ $ ./a.out
0xa9332000 0xaba65000 0xa0ae7000 0xcfbed990 0xcfbed994
tg@blau:~ $ ./a.out
0xa91b4000 0xa02b1000 0xa1602000 0xcfbf8680 0xcfbf8684
tg@blau:~ $ ./a.out
0x9f731000 0x9cb2a000 0xa94ca000 0xcfbf5840 0xcfbf5844
tg@blau:~ $ ./a.out
0x9c2af000 0xa6a0b000 0xa4ce1000 0xcfbefac0 0xcfbefac4
tg@blau:~ $ ./a.out
0xa3b61000 0xa96de000 0xa96df000 0xcfbedcc0 0xcfbedcc4

Debian Ätsch/i386

tg@frozenfish:~ $ gcc -static x.c
x.c: In function ‘foo’:
x.c:27: warning: function returns address of local variable
x.c: In function ‘bar’:
x.c:33: warning: function returns address of local variable
tg@frozenfish:~ $ ./a.out
0x80b2a20 0x80b2a30 0xb7745008 0xbf985ce0 0xbf985cd4
tg@frozenfish:~ $ ./a.out
0x80b2a20 0x80b2a30 0xb7726008 0xbfb911b0 0xbfb911a4
tg@frozenfish:~ $ ./a.out
0x80b2a20 0x80b2a30 0xb7784008 0xbf83d040 0xbf83d034
tg@frozenfish:~ $ ./a.out
0x80b2a20 0x80b2a30 0xb77e8008 0xbfc0f840 0xbfc0f834

tg@frozenfish:~ $ sid
I: [sid chroot] Running command: “mksh -l”
tg@frozenfish:~ $ gcc -static x.c
x.c: In function ‘foo’:
x.c:27: warning: function returns address of local variable
x.c: In function ‘bar’:
x.c:33: warning: function returns address of local variable
tg@frozenfish:~ $ ./a.out
0x80c86a8 0x80c86b8 0xb77c3008 0xbfaa1900 0xbfaa18f4
tg@frozenfish:~ $ ./a.out
0x80c86a8 0x80c86b8 0xb77d2008 0xbfcc0260 0xbfcc0254
tg@frozenfish:~ $ ./a.out
0x80c86a8 0x80c86b8 0xb77c1008 0xbfbe2120 0xbfbe2114

uname: Linux frozenfish 2.6.18-6-686 #1 SMP Fri Feb 19 23:40:03 UTC 2010 i686 GNU/Linux

Solaris 8/sparc64

tg@stinky:~ $ gcc -static x.c
x.c: In function `foo':
x.c:27: warning: function returns address of local variable
tg@stinky:~ $ ./a.out
595f0 59bf0 59d00 ffbefbb4 ffbefb5c
tg@stinky:~ $ ./a.out
595f0 59bf0 59d00 ffbefbb4 ffbefb5c
tg@stinky:~ $ ./a.out
595f0 59bf0 59d00 ffbefbb4 ffbefb5c
tg@stinky:~ $ gcc x.c
x.c: In function `foo':
x.c:27: warning: function returns address of local variable
tg@stinky:~ $ ./a.out
20950 20f50 21060 ffbefb3c ffbefae4
tg@stinky:~ $ ./a.out
20950 20f50 21060 ffbefb3c ffbefae4

MidnightBSD/amd64

mirabilos@stargazer:~ $ gcc -static x.c
x.c: In function 'foo':
x.c:27: warning: function returns address of local variable
x.c: In function 'bar':
x.c:33: warning: function returns address of local variable
mirabilos@stargazer:~ $ ./a.out
0x800603080 0x800605040 0x800700000 0x7fffffffe62c 0x7fffffffe62c
mirabilos@stargazer:~ $ ./a.out
0x800603080 0x800605040 0x800700000 0x7fffffffe63c 0x7fffffffe63c
mirabilos@stargazer:~ $ ./a.out
0x800603080 0x800605040 0x800700000 0x7fffffffe62c 0x7fffffffe62c

uname: MidnightBSD stargazer.midnightbsd.org 0.3-CURRENT MidnightBSD 0.3-CURRENT #1: Thu May 27 22:13:45 EDT 2010 root@stargazer.midnightbsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Debian sid/mipsel

(QEMU, thanks to Aurélien! Debian unstable from approx. Jan 2010)

root@debian-mipsel:~ # gcc-4.4 -static x.c
x.c: In function 'foo':
x.c:27: warning: function returns address of local variable
x.c: In function 'bar':
x.c:33: warning: function returns address of local variable
root@debian-mipsel:~ # ./a.out
0x4aa740 0x4aa750 0x2aaa8008 0x7fa417e8 0x7fa417d8
root@debian-mipsel:~ # ./a.out
0x4aa740 0x4aa750 0x2aaa8008 0x7fc67708 0x7fc676f8
root@debian-mipsel:~ # ./a.out
0x4aa740 0x4aa750 0x2aaa8008 0x7fb68238 0x7fb68228
root@debian-mipsel:~ # ./a.out
0x4aa740 0x4aa750 0x2aaa8008 0x7fc586c8 0x7fc586b8

uname: Linux debian-mipsel 2.6.32-trunk-4kc-malta #1 Mon Jan 11 03:45:08 UTC 2010 mips GNU/Linux

Gentoo GNU/Linux on amd64

gcc-4.4.4, glibc-2.11.2-r0, 2.6.35-rc4 x86_64

0x20cc010 0x20cc030 0x7fef0c497010 0x7fff32148fec 0x7fff32148fec
 0xa35010  0xa35030 0x7f575d0e4010 0x7fff0dd7220c 0x7fff0dd7220c
0x1f90010 0x1f90030 0x7f8657107010 0x7fff6116813c 0x7fff6116813c
 0x9dd010  0x9dd030 0x7f1eab0a6010 0x7fff3dcc638c 0x7fff3dcc638c

Conclusion

Not everyone does ASLR… but there’s enough variety (and with eglibc’s AT_RANDOM even proper entropy) inside for our purposes. On OpenBSD and MirBSD, we’ll still use KERN_ARND as it’s extremely cheap entropy (code paths checked on both) but not for every call of $RANDOM. On things like Debian/m68k mksh(1) ought to have gained a possibly noticeable speed-up.

Back home

11.07.2010 by tg@
Tags: bug debian event geocache mksh news release snapshot

Bordeaux was very nice (and towards the end much cooler… it’s actually hotter here at more than 50½° north – too warm to think, or do anything) but the LSM/RMLL was very french. They’ll be in Straßburg and Lüttich the next two years so we can probably be expected to attend. I don’t think I can eat duck (which, in south-west france, is a vegetable) or like all that classic french multi-course food so much, but I had enough Couscous Merguez and Thé à la menthe fraîche… and similar good stuff. Many people spoke English and actually asked me whether I do (probably they couldn’t bear me trying to spea^W^W^Wbutchering the language of the Grande Nation) and in general were a friendly bunch. I did see some people with machine guns in the city on the last day, though. No idea what/why… didn’t dare asking ☻

Just another reason to boycott flying: Mario Lang (one of the speakers) was apparently held on the airport and treated as a terrorist due to his Braille line… they thought it was a bomb or somesuch thing.

Read on for more…

Travelling with the Thalys and TGV was nice (but I loathe the Métro parisienne… they should build a ring train like the Berlin S-Bahn and just put another stop before Paris Nord and Montparnasse for people who just want to switch trains to take the ring train to the other line). And I want air conditioned trams in Germany too!

I met Uriel (invited him for some food and talked lengthy with him and some 9grid guy), XTaran (who was rather busy organising things), and a number of other people. Did some PGP keysigning as well. There’s now an experimental MirOS presence at Launchpad, not sure what exactly we’re going to do with it but, as Canonical does not care (as Jonathan said in his talk – great slides, by the way, really impressive), there’s no harm in having it. Some Perl guy from America (USA… just to make sure ☺) wanted a photograph of me with a sign “I love CVS” just so people back at home would believe him he’s met such a person *grins* of course I plugged in a little advertising but cvs(GNU) is honestly good. The forge hacking session was a little under-visited (but still a success in terms of getting more communication and maybe collaboration underways, especially thinking of common interfaces, DC, semantic web, OSLC-CM) and since the room was (in contrast to my hotel room and the trams!) not air conditioned we didn’t get much hacking done. The Debian booth was about 40% of one FOSDEM style table wide… and subsequently crowded. There were more people (of course, I was trying to get mksh into Haikuports, Mandriva, and other things; talked about KDE 3.5.11 (Trinity), Qt 3 vs Qt 4, and kwalletcli, and in general to a not-so-usual bunch of suspects – like I said, LSM/RMLL really is pretty french-only).

It is too hot, but I still committed src/etc/rc,v version 1.110 which you want to upgrade your /etc/rc to before upgrading mksh(1) in MirBSD. (All in the name of better performance on platforms such as Debian/m68k and not raiding Linux’ inferior RNG… but it does simplify things.)

I could probably write more but at the moment just want to lie down and die until it gets cooler… even the rain didn’t help. My feet hurt (Montparnasse-Bienvenue didn’t help) too.

The current version of mksh had use of arc4random(3) removed, including “set -o arc4random”, to speed it up (on some architectures, a lot) – this will break some existing scripts (such as /etc/rc *cough* on MirBSD…). Hence I decided to publish the next version of mksh(1) as R40 based upon current development, and defer plans for associative arrays (and multidimensional arrays) for mksh R41. There’s also already the change to Build.sh arguments, so this suits me quite fine.

(Read: if running MirBSD, don’t upgrade mksh at the moment.) There will be a new MirBSD snapshot once this is fixed, maybe a few more changes to the shell for better POSuX compliance, and the recently mentioned patent on LFNs (long filename) in FAT will be taken into account with a patch to msdosfs.

I’ll travel to LSM/RMLL 2010, the Libre Software Meeting (Rencontres Mondiales du Logiciel Libre) tomorrow until the weekend, to hack some on FusionForge (this is worktime for me), visit XTaran, Uriel, and maybe a couple of other “usual people”.

Thundersday, between 10:00 UTC and 12:00 UTC, eurynome will be shut down by gecko2@ due to power supply maintenance on the host system data centre.

We have a new mirror in the Americas, thanks a lot to Mike 'Fuzzy' Partin! Benny will mention it on the webpages once it’s working.

SPARCstation 20 (75 MHz)

09.06.2010 by tg@
Tags: debian rant

Wenn Du denkst, MirBSD wäre langsam und sein Installer in irgendeiner Art und Weise doof, dann installiere mal Debian (etch, neuere Versionen können nur noch sun4u und sun4v, kein sun4m mehr) auf einer SPARCstation 20.

Lahm wie Sau, das Teil. Und der Installer ist schwarz auf weiß – was nicht so schlimm wäre, wenn der Cursor (und die dialog-Markierungen) nicht ebenfalls schwarz auf weiß wären…

Ich bin ja mal gespannt, ob das durchläuft.

In response to a planet.d.o series (mentioned in #grml on IRC) of postings: In a sensible shell, Esc+# not only pushes it back but also re-enables the command. Try it out: l s Esc # Cursor-Up Esc #

tg@blau:~ $ #ls
tg@blau:~ $ ls

The command sticks in the history, and is not immediately shown in the next interactive input line, which I consider a plus in most use cases. Anyway, try mksh (just a-g i it), there are a lot of goodies. I found out about Ctrl-O only a year or so ago myself…

I wonder why schizo didn’t write about how to do it in posh tho ☺

Some things are ugly.

Waldi’s suggestion fails.

db4.6_upgrade: Program version 4.6 doesn’t match environment version 4.4
db4.6_upgrade: DB_ENV->open: DB_VERSION_MISMATCH: Database environment version mismatch

Can’t start it manually.

debian-sks@dev:~$ /usr/sbin/sks recon
Fatal error: exception Bdb.DBError(“Program version 4.6 doesn’t match environment version 4.4″)

The log only shows:

2010-05-09 16:59:29 Opening log
2010-05-09 16:59:29 sks_db, SKS version 1.1.0
2010-05-09 16:59:29 Copyright Yaron Minsky 2002, 2003, 2004
2010-05-09 16:59:29 Licensed under GPL. See COPYING file for details
2010-05-09 16:59:29 http port: 11371
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Opening KeyDB database
2010-05-09 16:59:29 Shutting down database

The solution is ugly as hell, too:

root@dev:/ # su – debian-sks
debian-sks@dev:~$ cd DB
debian-sks@dev:~/DB$ db4.4_checkpoint -1
debian-sks@dev:~/DB$ db4.4_recover
debian-sks@dev:~/DB$ db4.4_archive
log.0000002839
log.0000002840
log.0000002841
log.0000002842
log.0000002843
log.0000002844
log.0000002845
debian-sks@dev:~/DB$ db4.6_archive -d
debian-sks@dev:~/dump$ cd ../PTree/
debian-sks@dev:~/PTree$ db4.4_checkpoint -1
debian-sks@dev:~/PTree$ db4.4_recover
debian-sks@dev:~/PTree$ db4.4_archive
debian-sks@dev:~/PTree$ db4.6_archive -d
debian-sks@dev:~/PTree$ logout
root@dev:/ # /etc/init.d/sks start
Starting sks daemons: sksdb.. sksrecon.. done.

Wow, our internal keyserver works again. Thank you, Debian…

This solution courtesy of Uwe Hermann, although it was for Suckwürstchen.

CLT 2010

07.03.2010 by tg@

Quite surprisingly, I’ll attend the Chemnitzer Linuxtage 2010 in Eastern Germany. This is a happenstance, I managed to get fast transportation (via my boss) and accomodation (in a hotel). I will try to help staffing the booth of Debian this time (so I cannot be called Traitor any longer). Schedule, due to the spontaneousness of this, no, though. I may not even be there on Sunday, dunno…

No RCBD (or night) though, some real life and a new release (with fix of an FTBFS-on-hurd-i386 bug) though:
RMD160 (/MirOS/dist/mir/makefs/makefs-20100306.tar.gz) = f65bd8ef5cf3306a9112587dd4915b6255e479fe
This version pulls in NetBSD® changes (Acorn Archimedes support, for one), but I’ve also coded support for boot-info-table (J�rg compatible), as well as setting the PVD dates (used by GNU GRUB 2 for “UUID”s).

On MirBSD, cdio(1) can now be used to burn (TAO) and blank (quick) CD-RW media (I backported some OpenBSD changes) too.

RCBD #2

04.03.2010 by tg@
Tags: debian

My ex-AM now sort-of mentor Zack asked for help of an Autoconf/Libtool guru with an RC bug... well, The MirPorts Framework taught benz and me, under consumption of a bottle of wine, how to deal with that stuff. So I've fixed #559822 (CVE-2009-3736, another of them...) and NMU'd.

Sort of a PITA, considering gettextize runs interactively, and there's a lot of files to remove in debian/rules:clean for a double-build to not add nonsensical files to the .diff.gz; but I did it in the end.

On ranting...

04.03.2010 by tg@
Tags: debian

Yes, my rant was more against the things I encountered during keysigning, not keysigning itself. However, I still feel X.509 doesn't have these problems, and nothing I can think of will persuade me to think PGP/MIME better than Inline PGP. (Especially when the recipient's key contains a notation that he wants the latter, but not the former.)

Jonathan does have some good points about the (PGP) Web of Trust.

Again, that wlog entry of mine was a rant; I had let the topic stew over night, trying to get the anger out, but on the next day it just wanted to get out of me, I merely wanted a good old rant. I think I'll not include Planet Debian next time I do rant, though (it's not the place to do so).

The Command-Line Interface for the KDE Wallet, Version 2.02, has been released and dput into Debian unstable. (The lenny-backports version will follow.) It took me quite a while to reproduce, then track down, the bug; having unrelated problems at the same time didn’t help either…

Update: This wlog entry uses aggressive tone because I somehow needed to vent frustration from using some of the tools. I should probably provide some constructive critics, too... but this is a rant. Be warned.

Keysigning is useless. I boot up a suitable live GNU/Linux system, install signing-party, take the trouble that is to set up caff, transfer my secret key from the secure box, sign. I think caff providing the keys in a different order than they're given on the command line sucks and just run caff once per key. I did even start Postwreck. But no, people just don't accept any mail from "EHLO grml" systems, and I still cannot control my reverse DNS despite having a static IPv4 address (and IPv6, which looks to be unused). People also pretend I'm on dial-up. Great!

I will no longer participate in any (mass) PGP keysigning but will continue to do so on a per-person basis. Probably sign but one uid, either apply common sense and upload it to t̲h̲e̲ keyserver, or mail the entire signed key to one address.

By the way, how crazy is it that I need to use the deprecated $CONFIG{'mailer-send'} to pass an envelope-from to the mailer? It also suffers from the same delusion as e.g. nmudiff, namely that my Debian box is a fully set up workstation able to send out eMail and configured correctly. At least, it, unlike a number of others, does not assume I use mud (Mutt). grml…

Oh, and caff does a protocol violation (by always sending out GnuPG/MIME and not offering the standardised Inline OpenPGP), I think people just don't care about such. (There is a notation people can use to signal they want PGP/MIME, Inline PGP – which is called "partitioned" – or both (and which order of priority) but, alas, despite Inline PGP being the only one useful for the MUAs without integratin, and being more widely spread than that PGP/MIME crap, the followers of the latter do some (FSF-style?) kind of vendor lockin by not speaking anything else.

Anyway. I'm all for X.509 except there seems to be no sane CA (Startcom is... trouble, even with Opera; CAcert.org is dying). I'll just buy a certificate (not from Verisign though) for www, and roll my own again (I can do it, I have experience with that actually).

On an unrelated side note, still waiting for an OpenSSL patch for that recent TLS extension...

ObRant: password policies, be they required characters or any kind of length restrictions, suck. People I will eventually end up with less secure passwords on such systems, because even if some of mine may appear to be derived from some kind of dictionary (what language that is I'd be interested in, though...) they aren't, and I have my schemes. You got to have them with a gazillion of passwords used. And I probably will forget them more often (and sending them via eMail is also not a solution).

Unrelated notice: mksh R39c with bug fixes coming RSN.

(Updated 24.02. because I was, rightfully, told the language, and the title, were too strong. I also would like to excuse for going so low as to write an ad-hominem attack, which I've since redacted.

All 1 2 3 4 5 6 7 8 9

MirOS Logo