Dailydave mailing list archives
Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1)
From: Steve Grubb <sgrubb () redhat com>
Date: Fri, 17 Nov 2006 08:54:45 -0500
<waited appropriate cooling off time and trimmed cc list> On Monday 13 November 2006 10:30, L.M.H wrote:
I'm just wanting to see how you take advantage of this without root privileges or physical access to the machine.Using Fedora Core, RHEL, and friends. That's how you take advantage
What I was thinking of (but poorly articulated) was could anybody rootkit my machine with the ext3 softlockup detected bug? That I'd love to see. Also, I was curious if anyone out there has been taking these images and putting them on a USB stick and trying them out? I'd be curious what the results are and how much you had to do to actually get a crash in a simulated "attack".
Only ISO9660? You miss JFS, etc. on purpose? or accidentally?
We don't ship JFS so I didn't care.
iso9660, and the msdos file systems worked. I tested those and found nothing interesting. (This was also back in 2.6.14 kernel days.)from the perspective of a QA lead?
I don't work in QA - never have.
I would like to know what arguments you had by that time, to decide when an issue was 'interesting' or not.
Crashing the machine outright is interesting. Noisy output to syslog is not. For example, you have http://projects.info-pull.com/mokb/MOKB-12-11-2006.html this is typical of the stuff that is uninteresting. I downloaded this image and put it in cfs directory and ran it through the test: [root@localhost fsfuzzer]# cp ~/MOKB-12-11-2006.img cfs/ext2.1.img [root@localhost fsfuzzer]# ./run_last ++ Testing /test/fuzzers/fsfuzzer/fs/ext2.1.img... +++ Checking dir... +++ Making files... +++ Checking stat... +++ Writing to files... ./run_test: line 90: /media/test/file: Input/output error +++ Reading from files... +++ device files... +++ Writing to dirs... ./run_test: line 107: /media/test/dir1: Input/output error +++ Checking unlink... ++ unmounting ./cfs/ext2.1.img ++ Checking results [root@localhost fsfuzzer]# uname -r 2.6.18-1.2798.fc6 So...where's the bug? Syslog has some entries in it, but the machine works just fine and never hung.
or did you find them on your own and kept them private to redhat only?I found these bugs and filed bugzilla #'s 209907, 211237, 211668 before the month of kernel bugs was ever announced.Finally, you're getting to the hot spot. Nice. OK, please clarify why you mentioned *LITERALLY* the 'month of kernel bugs (nov. 1)' in that bug report.
Because it was public knowledge and I was trying to motivate some people to get the patch out of bugzilla and into people's hands. That's all.
I should have probably developed a plot to abduct and feed you to crocodiles instead. That way I wouldn't have to waste my time replying to BS.
ROTFL...Hey, I've been married twice and the crocodiles might be more favorable. :D
Sigh, these are bugs *I found* and we are getting people to fix these robustness issues.Demonstrate you found them.
The dates in bugzilla speak for themselves.
If you have any technical matters to discuss, I'll be more than happy to check.
One thing I'd like to point out from this week's batch of bugs is this one: http://projects.info-pull.com/mokb/MOKB-14-11-2006.html This has nothing to do with SE Linux. Its purely an hfs issue and the patch is a 1 liner. The SE Linux code was passed a NULL pointer from the hfs subsystem. Another thing I'd like to point out regarding Linux is that you can turn off the automounter. In FC6 you just click on "Application" | "System Tools" | Configuration Editor". That brings up gconf-editor and you select "Desktop" | "Gnome" | "Volume Manager" in the left hand browser window. In the right hand is 2 entries: automount_drives and automount_media. Uncheck them. -Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) PERFECT . MATERIAL (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Gadi Evron (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 13)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 17)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) L . M . H (Nov 17)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Gadi Evron (Nov 12)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) PERFECT . MATERIAL (Nov 11)
- Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1) Steve Grubb (Nov 12)