Full Disclosure mailing list archives
OpenBSD 'pf' port (was FreeBSD heap to Linux)
From: "Burnes, James" <james.burnes () gwl com>
Date: Wed, 28 Jan 2004 08:57:49 -0700
Excellent. Is it kernel specific? Also, is it kosher to mix freebsd license with GPL? (stand back while flame throwers are cranked up ;-) But I'd really be interested if anyone has tried porting 'pf' as a netfilter kernel module. I can't stomach iptables anymore, but short of using something like FirewallBuilder sometimes I can't get away from it. I've considered porting 'pf' to Linux 2.6, and while netfilter looks to be a faily powerful mechanism for firewalls, I'm afraid it would be a huge project. Probably better to rewrite the whole program from scratch and make it a work-a-like. The translation of the class-based-queueing mechanisms looks particularly daunting. If anyone is currently working on this I'd like to hear from them. It's not that I don't like OpenBSD, it's just that there are some projects where I need a decent firewall to be co-resident with Linux. IPTables is not an option unless it's my only option. I have considered some sort of virtualizing mechanism. I wonder if it would be easier to clone user-mode-linux into a user-mode-openbsd personality and then install an OpenBSD 'flashdist' image. That way the firewall is completely virtualized away from the normal OS environment. Probably better to take this to the firewalls or bsd lists. j. burnes
-----Original Message----- From: Georgi Guninski [mailto:guninski () guninski com] Sent: Wednesday, January 28, 2004 9:04 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Port of FreeBSD heap to Linux There is a port of the freebsd heap to linux at: http://www.guninski.com/wares/free10.tar.gz md5sum free10.tar.gz c20d5f2d4790fdecc6d1f0005aaa9d2d free10.tar.gz The README: Port of FreeBSD's heap implementation to Linux. This is a linux port of the heap implementation originally written by phk () FreeBSD ORG. Why: It is considered safer than the linux heap implementation. double free bugs does not seem exploitable, some heap overflows also
may
not be exploitable. Of course it *does not* give 100% protection against heap mischief. Ported to linux by Georgi Guninski guninski () guninski com INSTALL 1. make 2. cp mallib.so /usr/local/lib 3. LD_PRELOAD=/usr/local/lib/mallib.so PROGRAM or export LD_PRELOAD=/usr/local/lib/mallib.so mallib.so should be readable and executable by all users. to check if the new heap is loaded: cat /proc/<pid>/maps mallib.so should be in the output. to use the new heap globally: put in /etc/ld.so.preload /usr/local/lib/mallib.so To change the heap options # cd /etc # ln -s <options> /etc/malloc.conf The shared library works with static binaries also. NOTE: if you use it globally, start a program after editing
/etc/ld.so.preload
to check whether it works before booting. If there is a problem, you may need to remove mallib.so from ld.so.preload. DON'T OVERWRITE mallib.so if it is running globally - box may freeze! Globally works on debian and redhat. KNOWN BUGS: 1.memalign() is just a wrapper to malloc() which is not correct. 2.does the mutex stuff work? 3.The only bug I have encountered is a X server and KDE crash on
debian.
4.What are the best options for the bsd heap - /etc/malloc.conf TODO: 1. Make memalign work as expected. CREDITS gbr, peio for testing -- georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OpenBSD 'pf' port (was FreeBSD heap to Linux) Burnes, James (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Georgi Guninski (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Jeremiah Cornelius (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) David Maxwell (Jan 28)
- <Possible follow-ups>
- RE: OpenBSD 'pf' port (was FreeBSD heap to Linux) Burnes, James (Jan 28)
- Re:OpenBSD 'pf' port (was FreeBSD heap to Linux) Ian Latter (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Jeremiah Cornelius (Jan 28)
- Unsecure Password recovery policy [Forgot password...] in hotmail! bipin gautam (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Chris Smith (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Randal L. Schwartz (Jan 28)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Filipe A. (Jan 29)
- Re: OpenBSD 'pf' port (was FreeBSD heap to Linux) Jeremiah Cornelius (Jan 28)