Re: Kernel 'developer' makes fuzzy FUD (RH Episodes: Volume 1)

[Steve Grubb <sgrubb () redhat com>]

<waited appropriate cooling off time and trimmed cc list>

On Monday 13 November 2006 10:30, L.M.H wrote:
> > I'm just wanting to see how you take advantage of this without root
> > privileges or physical access to the machine.
>
> Using Fedora Core, RHEL, and friends. That's how you take advantage 

What I was thinking of (but poorly articulated) was could anybody rootkit my 
machine with the ext3 softlockup detected bug? That I'd love to see.

Also, I was curious if anyone out there has been taking these images and 
putting them on a USB stick and trying them out? I'd be curious what the 
results are and how much you had to do to actually get a crash in a 
simulated "attack".

> Only ISO9660? You miss JFS, etc. on purpose? or accidentally?

We don't ship JFS so I didn't care.

> > iso9660, and the msdos file systems worked. I tested those and found
> > nothing interesting. (This was also back in 2.6.14 kernel days.)
>
> from the perspective of a QA lead? 

I don't work in QA - never have.

> I would like to know what arguments you had by that time, to decide when an
> issue was 'interesting' or not.

Crashing the machine outright is interesting. Noisy output to syslog is not. 
For example, you have http://projects.info-pull.com/mokb/MOKB-12-11-2006.html 
this is typical of the stuff that is uninteresting. I downloaded this image 
and put it in cfs directory and ran it through the test:

[root@localhost fsfuzzer]# cp ~/MOKB-12-11-2006.img cfs/ext2.1.img
[root@localhost fsfuzzer]# ./run_last
++ Testing /test/fuzzers/fsfuzzer/fs/ext2.1.img...
+++ Checking dir...
+++ Making files...
+++ Checking stat...
+++ Writing to files...
./run_test: line 90: /media/test/file: Input/output error
+++ Reading from files...
+++ device files...
+++ Writing to dirs...
./run_test: line 107: /media/test/dir1: Input/output error
+++ Checking unlink...
++ unmounting ./cfs/ext2.1.img
++ Checking results
[root@localhost fsfuzzer]# uname -r
2.6.18-1.2798.fc6

So...where's the bug? Syslog has some entries in it, but the machine works 
just fine and never hung.

> > > or did you find them on your own and kept them private to redhat only?
> >
> > I found these bugs and filed bugzilla #'s 209907, 211237, 211668 before
> > the month of kernel bugs was ever announced. 
>
> Finally, you're getting to the hot spot. Nice. OK, please clarify why
> you mentioned *LITERALLY* the 'month of kernel bugs (nov. 1)' in that
> bug report.

Because it was public knowledge and I was trying to motivate some people to 
get the patch out of bugzilla and into people's hands. That's all.

> I should have probably developed a plot to abduct and feed you to crocodiles
> instead. That way I wouldn't have to waste my time replying to BS.

ROTFL...Hey, I've been married twice and the crocodiles might be more 
favorable.  :D

> > Sigh, these are bugs *I found* and we are getting people to fix these
> > robustness issues.
>
> Demonstrate you found them. 

The dates in bugzilla speak for themselves.

> If you have any technical matters to discuss, I'll be more than happy to
> check.

One thing I'd like to point out from this week's batch of bugs is this one:

http://projects.info-pull.com/mokb/MOKB-14-11-2006.html

This has nothing to do with SE Linux. Its purely an hfs issue and the patch is 
a 1 liner. The SE Linux code was passed a NULL pointer from the hfs 
subsystem.

Another thing I'd like to point out regarding Linux is that you can turn off 
the automounter. In FC6 you just click on "Application" | "System Tools" | 
Configuration Editor". That brings up gconf-editor and you 
select "Desktop" | "Gnome" | "Volume Manager" in the left hand browser 
window. In the right hand is 2 entries: automount_drives and automount_media. 
Uncheck them.

-Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave