Slashdot Mirror
Linux 2.2 DoS Attack
A small bug in the Linux networking code has been found, and just as quickly patched. The
bug affects all Linux 2.2 kernels, and can be fixed by removing "kfree_skb(skb);" from around line 455 of
linux/net/ipv4/ip_options.c. Big thanks to Alan Cox on this one.
The orignal notice of it went out a little less then 5hours before Alan posted a fix to linux-kernel.. *not bad* Esp considering the alert was kind of vague (something about 'panicing under a high volume of weird (perhaps size wrong) ICMP packets')..
Kudos to Alan and the rest of the Linux community.. Lets see a close source vendor come back with a 5hour turn around on a obscure one line logic boob bug.
I ment Alan not Alen!!!
Software that's new is insecure, because it hasn't been tested. This is an axiom. People laugh at NASA and at the Space Shuttle's dated hardware and software. But NASA tests the bajeezez out of their systems because they *have* *to* *work* or poeple die. So by the time they finish fixing bugs and testing, their system looks dated. In the consumer software market, the attitude toward bugs is always, "it'll be fixed in the next release". But the next release has new features or rewritten features. The result is that the old bug may be fixed, but there are new bugs to take its place. No one ever goes back to the already released code, fixes reported bugs, makes no other changes and adds no new features and then releases the same software again. This is why Linux (and Windows 9x and NT and SunOS and...) will always be inherently unreliable. Even in the automotive world, cars with discovered problems get recalled and fixed. Why? The gov't has quality regulations (lemon laws) that force manufacturers to actually fix problems (and to fix them for FREE) in their products. Given a choice, I'm sure the auto industry would happily tell consumers with flakey cars that all will be better in next year's model and that they should upgrade/trade up. It's only because they are forced to fix the old cars that they actually do so. Software has been unregulated and "disclaiming all liability and fitness for any purpose" (from any EULA) for far too long. And if they don't shape up on their own, the gov't will step in and do it for them.
ipchains..tons of new drivers..i believe Video4Linux.
im sure theres a lot more
I heard that RAF bombers still use core memory in the onboard navigation systems. Apparently they upgraded to pentium systems a couple of years ago, and they crashed too much. (the computers, not the planes ;) )
I would rather have a computer on my desk that crashes occasionally, than core memory.
A panic is a kernel crash message.. The Linux equiv of a BSOD (although many Linux panics dont cause a hard lock, and usually only kernel developers or people with bad hardware see Linux panics).
"All" 2.2 kernels? What about those that weren't compiled with Ipv4 support?
ran it against 2 boxes.
(all boxes are running 2.2.9)
Exploiter is a PII 233
exploited 1 is a dual pentium 133Mhz and crashed after 74 and 138 "b00m"s.
exploited 2 is a single 21164 600Mhz (DEC Alpha) and caused the "b00m" program to die after 367 packets with the following line "Unable to get host name: Connection refused".
will continue playing and see how many will be needed to bring down the PII, but I wanna know if anyone else has noticed similar "oddities" in this exploit (ie., has anyone crashed a non-x86)?
It goes with the purpose of moderation to weed the needless posts out from the good.
This criteria makes no sense. The post *is* a good post. What it is repetitive aka needless in your words.
We all know that he was trying to be helpful, and had he gotten here about 2 minutes earlier, he probably would have gained points instead of getting a -1.
Ridiculous. He's penalized for the time it takes a slashdot page to update with the other person's post? or the time it took him to (after checking for like postings) cut, paste, and preview?
Mind you, I agree that repetitive posts need to be cut down on. I do not see it fair, however, to negatively moderate. Don't cast it off as solely an aspect of "moderation." In most cases of moderation, there is not a peer review system. In most cases, a repetitive post would never make it through, but would also not be held against someone.
You could simply fix the problem by adding a criteria of "useful but repetitive" such that it acts as a -1 or -2 when comments are viewed, but does not contribute to the person's "average."
Sure, OPENBSD is a great OS. But, if you think for one second that means that your system is automagically secure, then you are in for some unpleasant surprises. Security is a continuous process. Just ask the guys at the sites you mentioned. If you think you have security just because you run OpenBSD, you are a fool.
...so that you can find and report bugs.
If all you're worried about is what Linux can do for you, it would seem you don't totally GET what Open Source is about. We all participate. If you can't code, document or test or something.
But don't just sit back and say "2.0 works for me," because then you're just taking other peoples' work without giving anything back, and that's no way to run a community.
If you have a machine that's not 100% mission-critical, run 2.2.x on it. And in a few months, when 2.2 settles down, run it on your mission-critical machines.
And when 2.3.x gets past the point of exploding, start running it, and find bugs and report them and help make Linux better.
Contribute, people, don't just take.
That's too negative. If a particular version of open source software meets somebody's needs, who are you to say they are not benefitting the open source community unless they try a newer version and send back code and/or bug reports? One type of contribution you are completely ignoring is the satisfied user who becomes an open source advocate to potential new users.
Quite a few people have parallel port Zip drives these days, and the driver for it under 2.2 is so much better than the driver under 2.0.x that it's not even funny. Well, at least if you have a decent parallel port, which most people do. Under 2.0.x, I was getting disk access rates so slow on my Zip drive that I would
rather reboot into Windows just to copy files from my Zip disk. Now, the access rates are about the same as in Windows if not better.
The frame buffer devices are also _very_ nice. Not to mention better management for modules and such.
Really though, the clincher was the vastly improved parallel port driver. Oh, and you can print and access the Zip drive at the same time too. Very nice.
It allows a remote user to panic a affected machine with a bogus packet.
This just came to me from BUGTRAQ.
../linux.vanilla/net/ipv4/ip_options.c Wed May 12 16:49:38 1999
Can someone tell me what that output means?
--------------cut here---------------------
Ok problem confirmed. Its not icmp however - in fact the program given
has some bugs that cause it. If it had been a correctly written icmp tester
it wouldnt have worked. A blessing in disguise.
Anyway the fix seems to be this. Sorry it took so long to sort out.
---
+++ net/ipv4/ip_options.c Tue Jun 1 22:11:46 1999
@@ -452,7 +452,6 @@
error:
if (skb) {
icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)- kfree_skb(skb);
}
return -EINVAL;
}
Alan
ARGH! It's a remote crash.. Most people would rather there be a remote crash then a remote exploit.. (RE in most people's minds means the attacker gets root)
PLEASE update the post to indicate that this is a crash and not a root explot.. PLEASE!
No. Censorship. Evil.
This comment is at -1.. Another comment which was dated 1 minute earlier that contains the same information is at 5. This guy wasn't TRYING to be redundant! This post doesn't deserve to be at negative one. He posted this to try to be a nice guy.. Look what happened. He got slammed 2 points because he was down a minute, and now there's a good chance he won't be a moderator because of his negative alignment. This scares me, because I don't want to only people left with postive alignments to be moderators who hit the -1 far too liberally. Read the guidelines. Focus on promoting, not demoting!
oh, and if you're not behind at LEAST one firewall and you're connected to the Internet, you deserve anything you get hit with-- regardless of OS.
Period.
So, my grandmother.. On a dialup account on a win95 box.. In a support for disability channel on IRC.. deserves to be teardroped?
Well.. the exploit was out there.. just not in the public. I got hit on IRC w/ nestea before the patch came out. 'Twas annoying..
Bleading Edge hacker types run 2.2? Hrm. It's the stable kernel for distribution now. Anyone with RedHat 6 or whatever the latest Debian version is (Potato or something) will have this exploit. RedHat better have a fix up on their server pretty damn swiftly.
--
David Coulson (TechNoir)
themes.org Senior Developer
LinuxHQ is having DNS problems (the owner of the name took it back). The maintainer (Jim Pick) had just enough warning to preemptively get another DNS name (kernelnotes.org). Therefore, the LinuxHQ site is currently up and happily running at http://kernelnotes.org. If you want more info, check out the announcement.
----
Open mind, insert foot.
The same number of security holes are present in proprietary OS's. They're not easy to find without the source code, however. The holes that are found, if they're announced by the vendor (or kept secret), typically do not come with solutions.
I had similar problems with 2 IOMEGA Jaz Drives. The fact is that a good number of IOMEGA Jaz/Zip drives are defective. One of the better known problems is discussed at this page.
IOMEGA makes garbage hardware. It's a cryin' shame that they have established such a monopoly in the removable media industry.
----------------- ------------ ---- --- - - - -
----------------- ------------ ---- --- - - - -
Your honor is perfectly understandishable.
- A.P.
--
"One World, One Web, One Program" - Microsoft Promotional Ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
banner -w80 'Linux Still Sucks!'
A classic newbie prank is to pipe the output of banner to write to disply obnoxious stuff on someone else's screen. (It's almost as classic as using xloadimage to change someone's root window to a hardcore porn pic). This guy obviously hasn't gotten over it, though honestly I laughed my ass off when I saw it.
Can anyone confirm whether or not this affects 2.3.x kernels? The line in question is present in 2.3.4 (which came out today, though you'd never know it, 'cause Rob appears to have knuckled under to the 31337 weenies and quit announcing dev releases), so my guess would be yes...
The new 2.2.10pre2 patch includes this fix.
But what good are all those if you have to reboot every two days every time a new bug is found?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Posted by FascDot Killed My Previous Use:
...from someone who doesn't know how to use a dictionary.
"censorship - the prevention of publication, transmission, or exhibition of material considered undesirable for the general public to possess or be exposed to."
--
"Please remember that how you say something is often more important than what you say." - Rob Malda
Posted by Rafl:
...I'm learning.
So, when it says 'to comment', means that section of the code is 'not to be executed'!
All the time I thought that the author is requesting critiques or comments on the quality of his code.
Posted by The Masked Miscreant >:):
/. than you realize. Me, for example. There's probably a fair number of 'suits' who browse through here too.
There's more 'casual users' here at
Mind you, I have no intention of remaining a 'casual user' forever, I just don't have the experience with the OS yet to be comfortable enough with it to be of any real help on any of the projects I'm potentially interested in.
2.0? Most Linux users would be served well by 1.2.13. For that matter, most people don't need computers at all so who cares what version of Linux they want to run? In any case, 2.2 is just fine. If you think it's so unstable, you have two choices:
1. Find and fix these innumerable horrible bugs [that nobody else seems to know anything about], or
2. Fork the codebase; start with 2.0.36 (since it's obviously the best version ever [except that it sucks]) and make your own 2.2.
Did removing this kfree_skb call cause a memory leak? Or was the memory free always unnecessary?
... I'm not suggesting that the people in the know kernel-wise haven't considered this, I just find it odd that a free can be so readily removed without requiring new code elsewhere to make sure that the memory really does get freed at the right time.
If I ever fix a bug in my code by removing a call to free() I tend to get very suspicious
Probably a little of (b) and some of (c) as well. Someone had too much time on their hands, methinks. Apparently the original poster didn't get the concept of quick turnaround on fixes - there may be bugs, but when they're found, they can be fixed, and that fix propagated quickly. Some people never learn...
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Hmmm... how does that make it not an exploit? It seems like it could be used as a denial of service exploit at the very least. Also, crashing can be used to run specific code in some cases where there is a buffer overflow (although I don't know if that's applicable here). There was a bug found in IE awhile back that caused it to crash (I think it's archived at the l0pht somewhere) and the person who found the bug (dildog) was resourceful enough to turn it into a serious exploit by controlling the buffer overflow.
-----
Free P2P Backup, Windows & Linux
I was amazed when I discovered how long a 2.2 was out before the first 2.3 became public. Shouldn't there be roughly 2-2 2.3 releases for each 2.2 release? Shouldn't there have been at least several 2.3 releases out before 2.2.0 went out?
Nope, the 2.1 series led up to 2.2, while 2.3 leads to 2.4. There were "at least several" (ahem!) releases in the 2.1 series.
dylan_-
--
Igor Presnyakov stole my hat
I was more impressed when the patch for the nestea exploit was released 2 days BEFORE the code to exploit it was released. It would be nice of everyone who found a bug wrote a patch for it instead of an exploit.
I 'bother' to use 2.2.x myself because it's helluva lot faster than 2.0.x in my experience. If you run a P/100 with 32MB RAM, you know what I mean.
In Soviet Russia, Jesus asks: "What Would You Do?"
The past of Red Hat's security measures? eh? They always seemed fairly fast to me. They beat any commercial vendors, and as far as I can see any Linux distributions except debian.
I would rather have a computer on my desk that crashes occasionally, than core memory.
Maybe, but you don't fly your desk. I think.
Is that a mix between a segfault and a SIGSEGV? Don'
...from someone who can't think.
"sarcasm - a mode of satirical wit depending for its effect on bitter, caustic, and often ironic language that is usually directed against an individual"
On the other hand, if it takes you more than 3 minutes to write and compile a C filter program to remove C++ comments from a file, you're not a Real Programmer(TM). But seriously, it's a trivial task -- so trivial that I don't see this as a good reason for not using C++ style comments these days in straight C code...
--
"Convictions are more dangerous enemies of truth than lies."
Or you can keep the problem private, meaning the cracker will almost certainly hear about it before the sysadmin, assuming he's out looking for vulnerabilities while the sysadmin is busy doing his job, which unfortunately encompasses much more than spending 24/7 looking for vulnerabilities no one will tell him about.
The suits may think twice, but what are they going to do, stop using computers? That's the only way to prevent this sort of thing.
Since you say "that isn't good enough", what should be done instead? What would be "good enough"? For software to never have bugs in the first place? That would be great! Oh, and have I have a little of what you're smoking? It sounds positively blissful...
Stick our heads in the sand and ignore the problem? That doesn't strike me as useful.
Switch to an OS where solutions don't appear within hours? That doesn't sound very smart.
Please, pray tell, since the situation here isn't "good enough", what is?
--
"Convictions are more dangerous enemies of truth than lies."
It's about 4hrs slower than the teardrop fix, if your calculations are correct. Still, much faster than any patch or bugfix MS has ever made.
*All* OS'es suffer from DoS exploitable bad code. /sys dir on my FreeBSD box for
I had to patch the
some exploit too.
Well, there goes 70+ days of uptime. Damn.
:)
:)
Good thing with a full packet log though, running on a box with a non-affected kernel
Isn't this the first serious remote crash bug in the 2.2.x series ? There have been other bugs allright, and there still is, but I believe this is the first remote one.
That is not bad, if one thinks about the _huge_ changes that went into the 2.2 series from the 2.0 series. I'm pretty amazed we haven't seen a few more of these already... They may be coming though.
I would have expected a bug like this to appear sooner. And I would have expected more of these bugs. Well, either the developers are blessed with luck, or they are really skilled. We'll see which, in the next few months I guess. Luck don't last.
Good work guys ! Also on the fix btw.
ipchains and ipmasqadm. two *awesome* tools that I don't know how I lived so long without.
what OS he/she(it? are trolls gendered?) used to make that banner? ;-)
/dev
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
knfs.
...
Speed!!!
2.2 also kicks ass on multiproc machines. but you
already knew that
traffic shaping too...
/dev
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
The people I knew in school that would do that kinda crap would just pipe over a 10 mb gziped binary to your ptty. If you didn't know better it was enough to piss ya off and wreck your whole day.
...
or your whole term session anyway
/dev
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
I would love to agree with you, but can't.
:-) You can't ever really test this kind of general purpose system.
...
It would be damn near impossible to run a full qual. test on a modern OS. The complexity level is just to high and there are really no requirements to test anyway. The government will not (I hope) step in here. There is no reason for them to do so.
Think of it this way: it takes WEEKS of 24 hour computing to run a FQT on an aircraft digital flight control system. WEEKS. and this is a system with super super rigid, well defined, realtime requirements. There is no code in the system that is not used.
Now consider the Linux kernel. How many system calls are in there that joe average user never touches? How many combinations of things could be going on at one time? For all intents and purposes we are dealing with an infinite combination regression test situation here. or something.
With the complexity in modern realtime and avionics systems, we are pushing the limits of software test. Formal qual testing of general purpose software is a lost cause.
i'll stop rambling on now
/dev
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
From the archives at www.geek-girl.com
Linux kernel 2.2.x vulnerability/exploit
Piotr Wilkin (pwl@WOTAN.2SLO.WAW.PL)
Tue, 1 Jun 1999 17:43:17 +0200
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Previous message: aleph1@UNDERGROUND.ORG: "New Allaire Security Bulletin (ASB99-09)"
I'm sorry if this has been noticed before, but since I did't find anything
in the archives, I post it here.
There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that
causes them to panic when they are sent a large number of specific ICMP
packages. I think the problem comes from the combination of the mangled
header length (shorter or longer ihl's don't cause hangup) and the random
ICMP packets (random type/subtype and source address) this program sends.
Windows 9x and FreeBSD 3.0 seem to be unaffected.
I think the most interesting thing is the date, though... I'm sure I'm making a timezone mistake here, but isn't that 8 hours ago? Is that faster or slower than the Linux teardrop fix?
It's annoying to find out about a new DOS attack, but the resolution is all that you could hope for.
It's a little less annoying that there don't seem to be any outstanding instant-crash attacks against Win98 to laugh about - they finally fixed the series of attacks that crashed 95 for 8 months straight, and I haven't seen anything since. Did Microsoft finally get their IP stack right?
echo 'main() {exit(0);} // useless program' |
sed 's#//\(.*\)$#/*\1 */#'
Hyuck! Jus' kidding!
**>>BELCH
When "found" = "fixed" I think it's well worth it.
**>>BELCH
Oracle, eh? Hmph. Ever used it?
I'll go with the College kids. Hell, I'll go with the drunk college kids!
**>>BELCH
With Linux, just figure out where the offending instructions are by groveling through the compiler and linker output, and write to the relevant locations in /dev/kmem. For this particular bug, you probably only have to NOP out a few instructions.
Personally, I'm just as happy to reboot. It's not like it takes very long, and it's easier and safer. But if I were running a mission-critical 24x7 system, perhaps I'd think about it some more.
What you propose won't work for several reasons:
Can you cite a single example of a software project of comparable complexity to the Linux 2.2 kernel which had fewer bugs at initial release? I didn't think so.
Rather than let this dipshit have the last word, thought I'd mention that my box running 2.2.8 with ipchains firewalling and a rule banning incoming ICMP is NOT, i repeat ***NOT*** vulnerable to this exploit... just FYI. oh, and if you're not behind at LEAST one firewall and you're connected to the Internet, you deserve anything you get hit with-- regardless of OS.
Period.
Linux is buggy! Yay Microsoft!
Sorry, just had a moment of strangeness.
Look at the version number on your 2.0.36 kernel. Thirty-six. This means that it went through over *THIRTY* major revisions before it became "stable" ... and that's if you *don't* count the AC patches.
It's more stable solely because it's older. Wait until 2.2 gets a bit more mature, and it'll be just as stable (if not moreso) than 2.0 is, and will beat it senseless in the performance department as well.
Read my stuff.
Uh... before you apply this patch, notice that the "less-than" in the icmp line should actually be doubled (i.e., a left shift opperation)! The second less-than symbol got swallowed somewhere in the HTML conversion.
Your Servant, B. Baggins
This is known for long. Win95 (and 98?) count time as milliseconds since boot in a 32-bit variable. If you do some calculations you will find out that it will wrap around after 49.71 days.
For a comparison: Linux counts hundredths of seconds (except on the Alpha, where it too is ms but 64-bit) and will therefore last ten times longer until wrap around. However, kernel code is expected to survive a wrap and debugging is done in this area (like setting the timer variable to a few minutes before wrap at boot time and see where problems arise - 2.2 should have eliminated most of them).
See the following:
= /security/casesensitive.htm
http://www.ntsecurity.net/scripts/loader.asp?iD
In short, every version of NT has a security exploit that allows any user to get root access. That's a far greater security risk than this DoS attack, which can simply crash your system.
It has been known for over ten weeks. And AFAIK, Microsoft hasn't released a fix (at least I can't find one on microsoft.com). It is possible that NT 4.0 Service Pack 5, released six weeks after the hole was found, fixes it -- for NT 4.0 users and NT users willing to pay to upgrade to 4.0 only.
Now, which is a bigger deal -- a DoS attack fixed eight hours after publication, or a root exploit unfixed for at least six weeks after publication?
"Do you think the suits want to 'become part of the linux community'? "
One certainly hopes. It would be a good step in accord with linux becoming part of the business community.
"Do you think the casual user actually wants to be involved in tracking down and reporting bugs?"
No, I realize the casual user wants to be blissfully unaware of anything at all. This applies to lots more than computers. (Driving, for instancce -- I don't think the casual driver wants to be involved in avoiding traffic accidents except those involving him.)
"No average user is interested in 'running a community'."
Wait just a minute. The average Linux user is,
or ought to be. Or else somebody missed something fundamental about what linux is somewhere along the way.
"They don't want to contribute to making an operating system, and that's why they
continue to pay for software instead of going open-source."
What's wrong with that? Is this how you characterize the average *linux* user? You're using windows users to illustrate the beliefs and
behaviors of linux users. I have a real problem with that.
-fb Everything not expressly forbidden is now mandatory.
I was trying to figure out why this kfree()
broke things, and trying to figure out where
it was freed elsewhere.
Could the root of the problem really be the
program logic, which is implemented using a nonzero number of goto's?
I realize that goto is only being used for throwing exceptions, but still... if you're
using goto's in code with malloc's, you're asking for trouble.
But then, I'm no kernel hacker...
-fb Everything not expressly forbidden is now mandatory.
2.2 is a stable kernel, not a "bleeding edge" kernel. They're very stable...
In fact, I consider them more stable than 2.0 systems in many way... better, more dependable memory management is just the first of these improvements.
Try a system with 256 meg of ram. It leaks all over the place... even over 128 meg, it's a known problem that only 2.1/2.2 fixes.
:)
There are also quite a few networking bugs that were worked out for the never-quite-released 2.0.37 that are in 2.2... really, staying back on 2.0.36 because it does everything you need is fine, but so is staying with 1.2... a good lot of people can make their lives a lot easier with 2.2 and I'm surely one of them
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
ipchains. use and love.
-- i will protect you from ideals to save you from defeat
i believe NT 3.51 was also affected, but it was patched/fixed for 4.0
This is not quite accurate. The actual bug was in Windows 95 (still in 98? Don't know). They discovered that the uptime counter rolled over after approximately the number of days you mentioned, and crashed the box. This was discovered, if I remember correctly, earlier this year (it seems that in 3 and 1/2 years NO ONE had ever successfully kept a Win95 box up for that long!).
NT, however, does not suffer from this particular bug. I have a client who managed to keep his NT box up for at least 78 days -- mostly because the machine was so little used (he's an exec, not a geek). After 78 or so days, he had next to no free RAM left for anything. The leaks in the OS itself had plugged the system horribly. Nevertheless, this man did successfully run it for 78+ days.
DFL
Never send a human to do a machine's job.
For Windows 98: "I sure hope that there aren't any more delays on that service release! It's been a year already! I hope this bug's covered in it or I'll have to wait another 6 to 8 months!"
For Windows NT: "Lessee, I can apply this 'unsupported' hotfix that Microsoft released...or I can wait for Service Pack 6 due in 3-6 months..."
Meanwhile, for Linux, it's this: "5 hours for a patch? What TOOK so long???"
DFL
Never send a human to do a machine's job.
>>*ahem* BSD does stand for Berkley Systems >>Development, as in UC Berkley. Think before you >>speak.
I thought it stands for
Berkley Standart Distribution....
try g++ sploit.c -o sploit
Not being a programmer (I can write a "hello world" from memory on a good day) but having compiled many kernels, it was pretty easy to edit ip_options.c and recompile. In fact, using the other methode, I'd still be downloading an 18Mb "service pak" or a small "hotfix" from source code central & Fort Knocks, days afterward (and that's IF the supreme dictators decide it's in THEIR best interest to divert limited resources from other projects to address the issue).
Keep up the great work guys
Chuck
try { do() || do_not(); } catch (JediException err) { yoda(err); }
With regards to the [not] rebooting, there's a couple of things you can try. One: there are various "reboot=xxxx" settings you can pass to the kernel [via LILO]. I belive they are "soft" "hard" "bios" and something else.
If that doesn't work for you (it didn't for a machine I had to work on), search www.deja.com for articles - you'll find that you can replace some code in arch/i386/kernel/process.c to reboot machines with faulty BIOS's (that's what many posts on dejanews claimed the problem was).
If you need a specific diff/patch/more info, just mail me.
You might want to think twice about using 2.2.9. There are some known stability issues with 2.2.8 & 2.2.9; 2.2.7 is the latest stable `stable' kernel.
he probably used something like figlet, which is infact, a Linux program that has been ported to many other systems
Do you think the suits want to 'become part of the linux community'? Do you think the casual user actually wants to be involved in tracking down and reporting bugs? Most people want stable, usable software, without having to become part of the development process. No average user is interested in 'running a community'. They WANT to be able to sit back and say 'blah is fine for me'. They don't want to contribute to making an operating system, and that's why they continue to pay for software instead of going open-source.
-lx
-lx
Our version of Digital C (Digital Unix version 4.0D) for alpha barfs on this without a . This compiler is maybe a couple of years old.
I said no... but I missed and it came out yes.
And could you be more specific, exectly how NT is much more insecure than Linux ? If there is such a big difference then surely you should not have problems coming up with some examples ?
Yeah, no one ever said Linux was completely crash free; just that the events that cause crashes are fewer and farther between.
Shit, I get paid to write free software. I am lucky enough to have a boss that was able to open his eyes and see the potential of open source. He realized let the world debug our code rather than spend a million dollars doing it house in 10 times the amount of time.
I use the Vesa framebuffer, which allows my ATI Rage LT Pro graphics chip to work with X.
A reliable source[1] has informed me that Win95 crashes after about a month and a half of continous up-time.
It happened to a company he installed a dozen or so machines for; they all crashed about 49 days later, all within a couple of hours of each other...
Tim
[1] A friend whose job it is to build, configure and install PCs
It's official. Most of you are morons.
Try NetBSD they only care about security... :)
well... almost only
New things are always on the horizon
[snipped from bugtraq, dated jun 1]
From: Piotr Wilkin
Subject: Linux kernel 2.2.x vulnerability/exploit
I'm sorry if this has been noticed before, but since I did't find anything
in the archives, I post it here.
There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that
causes them to panic when they are sent a large number of specific ICMP
packages. I think the problem comes from the combination of the mangled
header length (shorter or longer ihl's don't cause hangup) and the random
ICMP packets (random type/subtype and source address) this program sends.
Windows 9x and FreeBSD 3.0 seem to be unaffected.
[exploit code snipped, check www.geek-girl.com for it in the archive if you really need to know]
Whereas with this kind of security bug, I would personally wait and only upgrade my own kernel when a new version is released (and I think any newbie should wait at least this long as well), the patch can be applied manually as explained in the original post, or applied using a traditional patch that can be found in Alan Cox's bugtraq post.
The double-slash was originally intended to work with C++ only, not C. People liked the idea so they started using it in C as well. Then it finally became a standard.
However, not all compilers have not caught up. I don't know of specific examples, but some Unix variants still do not understand it. Therefore you should not use it if you intend to make your source code widely available. And if you think your source code will never, ever be widely available or maintained by someone else, think again.
Incidentally, in C and C++ another way to comment out source code is like this:
main() {
char *s = "Hello world!";
#if 0
s = "World, hello!";
#endif
puts(s);
}
Since "0" is always false, s = "World, hello!" will not be compiled.
That way the commenting can be nested and you can be sure compilers will recognize it. A drawback is that colorized editors will not recognize it as a comment. Another drawback is that there is no equivalent in Java and you have to fall back to regular comments.
Sure the majority of slashdot users have probably patched their kernel already but there are thousands and thousands of users (mostly in the commercial area) who don't have the knowledge to edit source code and recompile kernels. This is precisely the reason why Linux is regarded as a hacker OS and not ready for prime time. /* and corresponding */ to comment out a line. Not trying to flame, just an observation on what I perceive as the Linux user base.
Well, I would tend to think, and yes, I could be wrong, but most, if not all Linux users out there probably have enough knowledge and/or wherewithal to be able to go into one C file and add in a
If this comes out with the tags, sorry, I musta forgot all my html, cause previewing isn't showing the html...
I've noticed some problems with the swapping code in the > 2.2.5 stable kernels. Sometimes, under a heavy CPU/memory load, the kernel locks into a loop in the virtual paging code. The system quits responding, and the HD's run steadily. The Andrea patches fix it (sorry, I don't remember his whole name). I think the 2.3 kernels have the bug, as well, but I don't know. I would submit a bug report, but I don't have enough info to do so. Oh well. =)
Just my $.02
This is a *provisional* fix. It seems to work, it seem to be the explanation Alan --- ../linux.vanilla/net/ipv4/ip_options.c Wed May 12 16:49:38 1999 +++ net/ipv4/ip_options.c Tue Jun 1 22:11:46 1999 @@ -452,7 +452,6 @@ error: if (skb) { icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)
Avi
Huh?
- A fix is available for users who know how to use it.
- Companies who don't know how to use the patch could have a consultant compile a kernel for them if they feel it is urgent.
- Linus will probably have an "officially fixed" kernel out by the end of the week, with RedHat likely close on the heels.
And you want to speak as though this is a slow response time? Even if it takes two weeks for "commercial" fixes to appear, that is much faster than you would expect from the average commercial OS company. The fact that the kernel patch is available now to those who know how to use it is icing on the cake, not a negative point.
is this important? can we have some details please? is my computer likely to crumple in a heap and surrender to any attack whatsoever?
. (You'll fairly often see people using // for comments in C code, but it's a bad idea, and you shouldn't do it. Don't Be That Guy (tm)!)
// commenting part of the lastest ANSI-C standard? If so, why not use it?
Isn't
DrLunch.com The site that tells you what's for lunch!
linux/ means the directory where the Linux kernel sources live. Typically, when one refers to linux/ one means /usr/src/linux/ although this isn't a given. net/ means the dibdirectory called net/ ; ipv4/ means the subdirectory of net/ called ipv4/ ; ip_options.c is the file you want to edit. You want to open this file with your favorite text editor, preferably one that displays line numbers somewhere. (You can toggle whether emacs displays your current line number with M-x line-number-mode.) To comment out C code, you can use /* ... */ . Comments like these can't be nested. It's pretty easy to comment out large sections of code like this. (You'll fairly often see people using // for comments in C code, but it's a bad idea, and you shouldn't do it. Don't Be That Guy (tm)!)
HTH
You're a suburbanite.
The instructions (as they appear on a previous reply to your post) are quite straightforward. Now, about recompiling - It shouldn't take that long. If you just compiled 2.2.9, then this patch will only take a few seconds to get compiled, make will automatically notice this is the only file with a modification time newer than the object (compiled) code.
My personal reason - better drivers for my 3c905b card.
Seriously, if you don't stumble into any need to upgrade your kernel, you probably don't need to.
Just compile and install the fix. If someone attacks your machine, your watchdog board will reboot into the new kernel. The uptime will take care of itself.
Chill out, you've got quite a bit of pent up hostility don't ya? The point behind my original post was to question the trivial nature attributed to the bug by Justin and the early commenters.
I don't think anyone here is arguing that Linux is less secure than NT. That doesn't mean that this isn't a big problem.
ok, i'm curious, you mention *BSD as a good secure OS, then you rip on free software, whats up with that? i'm just curious if a) i'm clueless b) your clueless or c) since your an AC that your just posting some nice flamebait
Okay, but why not just hack that section of code out completely? Also, is there a diff that patches just that file? Thanks for the explanation, and for all the comments everyone.
"I have no respect for a man who can only spell a word one way." - Mark Twain
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
How about in future articles, you post a link to the patch as well? This would be very helpful to newbies like myself who don't quite know where to find everything yet...
And I JUST compiled 2.2.9 today!!! Arrgh!
"I have no respect for a man who can only spell a word one way." - Mark Twain
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
College kids like Linus and his little project?
Many great achievments in mathematics, physics, and other disciplines were done by young (college aged) people. Often by people without preconceptions of what should or should not be possible. And without corporate support. Just passion for what they are interested in. Why should programming be any different?
yeah, it was written initially in UC Berkley (a college/university).
Tranlation= "I Am a asshole"
Quemadmodum gladius neminem occidit, occidentis telum est
Good gawd, no kidding! Let's see, how long did it take from detection to cure? hmm less than a day? Wow. Let's conjecture on how MS would have handled this:
Publicly deny that a problem exists for 3 months while we figure it out.
Wait 2 more months for more bugs err features to be found so we can justify releasing a "Service Pack" that will cause more problems than it cures.
I think I'll stick with the "unstable" OS that doesn't screw me backwards (not to mention cost a fortune for crappy code I can't even evaluate).
doc.
This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
Please don't bother trying to bash the stability of *nix as compared to Windows NT. I work at an NT shop with over 30 servers where every day at least three NT boxes go schizo (apparently randomly, it's pretty well spread out among them, i.e. no troublesome children in particular). This is not due to bad configuration or even cranky hardware (half of them are HP Netservers), but due to the operating systems' inherent instability. Granted, these servers are under moderate to heavy loading pretty much all day, but that is not (IMHO) an abnormal requirement for a server. In contrast, the only BSD box we use (firewall and netmonitoring among other things) handles an ENORMOUS amount of traffic on a constant basis and has crashed or freaked out exactly ZERO times in eight months. In addition, I administrate a few Linux webserv boxen on the side, and have had exactly ZERO problems with them that I didn't cause myself.
:)
So please don't bother claiming that NT is a superior product stability-wise, I think everyone reading these articles have enough sense to realize the ridiculousness of your statement. I for one cannot resist a troll though.
doc.
This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
Ummm... Mostly for the major NFS updates and the dcache/dentry code, myself... Of course, updated drivers, improved memory management and better /proc don't hurt, either.
Nato
Have fun,
Nathan 'Nato' Uno
http://web.unos.net/
When I had 2.0.36, I couldn't get my 3c905b working at all. When I upgraded to 2.2.x, it worked perfectly -- without a hitch.
I was under the impression that // was now the prefered commenting style (for C++ of course, // doesn't work in C!). I'm only a student, but that's what I've read and been taught. In huge comment blocks, // makes it more apparent that what you are looking at is a comment (which is why I think a lot of people use this style:
// is what Emacs uses when you do a "Comment out this section" -- it must be Right!
/* This is a comment
* blah blah blah
* blah.
*/).
'Sides,
Are you braindead? I cannot believe you believe that! Maybe you don't, maybe your just trolling you anonymous coward you.
Of course bugs will be found! They ARE found in Solaris... but they don't get fixed as quickly.
The oxen are slow, but the earth is patient... - High Road to China
OpenBSD is probably the least used BSD Unix.
...) calls are used does not make it the most secure.
See this page for an errata listing. Just because crypto and 'n' (strncpy, snprintf, vsnprintf
1) Most people get 20x as much stuff done when there is a reason behind it - i.e., need to put food on the table etc.
Open source programmers have a reason to do it: a real passion for it ( you can't understand that unless you are one of them)
2) College kids writing code in their free time will never be close to what software engineers getting paid to write stuff like Oracle, etc will.
Philosophicaly speaking you could debate on that, and forever. There are some people who thinks that the best work done is often when it's unnecessary or you are not pushed by time.
Think before shouting about something you don't understand.
A duck's quack does not echo and no one knows why
pretty good reference, actually - porn sites get TONS of hits. just having the word "porn" on your website will probably triple the amount of visitors you get. not saying that FreeBSD is bad - it's incredible...but so is Linux...
Did you ever stop to think that maybe security holes are found because the source is open? Ever notice how fixes are posted rather quickly and even if they aren't, you can fix it yourself instead of waiting 8 months for a 16 meg download that fixes the problem.
Linux is a fucking joke, face reality folks, free software will always be second rate
What operating system are you using? That awesome Windows95 that can't be running for more than a few weeks AT BEST without freezing or some integral part of the OS crashing? Oh no, you upgraded to Windows98, which "makes everything better"... yeah, Windows98 is better, but it still freezes every few days. By Microsoft's own admission (before the article was taken off their Knowledge Base), Windows NT and 9x can only be on for 49.7 days - max - before it will crash... of course, most people can't make NT or 9x run for more than a few days (I've maxed out at about 2 weeks - Windows98 - without crashing, and then it died a miserable death).
Did you ever stop to think that maybe security holes are found because the source is open? Ever notice how fixes are posted rather quickly and even if they aren't, you can fix it yourself instead of waiting 8 months for a 16 meg download that fixes the problem.
Linux is a fucking joke, face reality folks, free software will always be second rate
What operating system are you using? That awesome Windows95 that can't be running for more than a few weeks AT BEST without freezing or some integral part of the OS crashing? Oh no, you upgraded to Windows98, which "makes everything better"... yeah, Windows98 is better, but it still freezes every few days. By Microsoft's own admission (before the article was taken off their Knowledge Base), Windows NT and 9x can only be on for 49.7 days - max - before it will crash... of course, most people can't make NT or 9x run for more than a few days (I've maxed out at about 2 weeks - Windows98 - without crashing, and then it died a miserable death). Ah, yeah if you're not using them then maybe you've switched to BeOS. While a pretty good little operating system, it also is imperfect. It is not nearly as robust as Linux is, is underdeveloped, and is probably going to die out in a few years. If you're not using any of those, maybe you're running good old MacOS. Teriffic. Yeah, Macintosh is great, and Apple's processors are WAY fast... because they need that speed to make programs on the Macintosh seem comparable to those on other operating systems. The MacOS, while a nice thing to look at, isn't nearly as functional as it could be - it makes me reach for the mouse to complete the simplest of tasks, and operates so slowly it almost makes me want to cry. So what else are you running on your home machine? Maybe DOS. Okay, so it rarely crashes, has a good bit of programs for it, and is relatively easy to use. Does graphics great though. Really functional. True multitasking. GREAT network support. Yeah, I need to get back into DOS. Maybe you're using Solaris or one of the BSDs. That's all well and dandy. OpenBSD is incredibly secure and quite a good operating system. There are also tons of user programs out there for it. I could go on and on about operating systems, but I'm running out of time here...
Most people get 20x as much stuff done when there is a reason behind it - i.e., need to put food on the table etc.
Linux is developed by people that strive for excellence because they do what they love doing. They feel a passion for making Linux the best that it can be. Microsoft's operating systems, as well as MacOS, etc., are created by people who are striving to impress their managers, get raises, etc. Quality is not priority in environments such as these...
College kids writing code in their free time will never be close to what software engineers getting paid to write stuff like Oracle, etc will
How do you figure? Again, college kids writing the code in their free time are doing it out of a love for the operating system, not for money. I work better at home, where I am motivated solely by accomplishing excellence, than I do at school, where I am motived by earning good grades. At school, my goal is to impress teachers first and accomplish excellence second. I'm sure that's the way it is with most students.
The only problem I see with Linux now is that it's not as "user-friendly" as other operating systems. However, it is not meant to be. Linux was created for the true "hackers" (not the crackers that we're hearing about on the news lately) that are motivated by challenges. For me, learning Linux was fun because it was something new and because it was HARD. I wanted to be able to make it work, and so I myself worked harder to learn as much about it as possible so it would do whatever I wanted it to. So yes, it's not all that user friendly. However, this is being worked on as well . I recently upgraded to Red Hat Linux 6.0, and was definitely impressed with the progress that had been made. Users proficient in Windows would have no trouble installing it or using it. GNOME/Enlightenment make using and configuring Linux almost as easy as Windows. All accomplished by people who aren't being paid.
But yeah, you're right - Linux blows.
Godel's incompleteness theorem is one of the
most "philosophically abused" results, along with
the second law of thermodynamics (the one that
states that entropy can only go up in a closed
system).
A theorem, or a physics law, is only valid within
a precisely delimited domain.
Yeah, I can't get it to compile either. I get "
field icp has incomplete type" and a bunch of
errors about "request for member sin_family (etc)
in something not a structure or union". Somebody
help me here so I can crash my box before
booting up this new kernel.
oh, well lets just forget about it then.. duh like someone can't fix it or write another :>
-- four