| jbailey | Ahahah. Someone went through the effort of registering ubuntu.suxx? =) | 12:14 |
|---|---|---|
| bluefoxicy | suxx.pl with a subdomain ubuntu | 12:15 |
| jbailey | I just think it's funny. =) | 12:16 |
| jbailey | Some people like us, some people hate us. =) | 12:16 |
| bluefoxicy | watch this. | 12:16 |
| bluefoxicy | gimme 2 minutes. | 12:16 |
| bluefoxicy | jbailey: ubuntu-dapper.kicks-ass.net | 12:19 |
| bluefoxicy | :> | 12:19 |
| === bluefoxicy removes that now. | ||
| jbailey | =) | 12:19 |
| zyga | bluefoxicy: suxx.pl is my domain | 12:24 |
| zyga | ubuntu is just a topic subdomain | 12:24 |
| zyga | I had a bad day when I registered suxx.pl but now it's just history :) | 12:24 |
| zyga | I like ubuntu alot :D | 12:25 |
| zyga | jbailey: do you happen to use itanium? | 12:25 |
| jbailey | zyga: FSVO 'use' | 12:31 |
| zyga | great, do you happen to need a dual CPU daughterboard for free? | 12:32 |
| zyga | for itanium 1 :/ | 12:32 |
| jbailey | Nope. Mine's a dual 900mhz itanium 2. | 12:32 |
| zyga | I've got two itanium 2 cpus as well but I plan to use them as soon as I find a mobo :) | 12:32 |
| zyga | eh :) | 12:32 |
| zyga | those things are pricey :) | 12:32 |
| jbailey | I got a bit lucky with that particular hardware acquisition. | 12:33 |
| zyga | well so did I, I guess | 12:33 |
| zyga | both cpu's cost about 20$ | 12:34 |
| zyga | 10$ / cpu | 12:34 |
| zyga | even less than that useless daugtherboard :) | 12:34 |
| infinity | zyga: You could mail me the daughterboard and I could use it to decorate my house. | 12:35 |
| infinity | zyga: I suspect you'll have a hard time finding someone who will actually USE it, though. | 12:35 |
| zyga | if you cover the shipping I might ;] I also posted it on to the debian-hw-donations project | 12:36 |
| zyga | I might end up buys the remaining bits to assemble an itanium 1 box | 12:36 |
| zyga | it's brand new you know :) | 12:36 |
| zyga | I kind of like the connector :) | 12:37 |
| zyga | looks like some ancient computer card :D | 12:37 |
| bluefoxicy | oh holy shit it works! | 01:14 |
| jbailey | bluefoxicy: it? | 01:18 |
| bluefoxicy | jbailey: http://rafb.net/paste/results/VkXzkF11.html paxtest on ubuntu | 01:23 |
| bluefoxicy | I wrote a small kernel patch, and then booted the new kernel with stack_random_bits=22 mmap_random_bits=16 | 01:24 |
| bluefoxicy | http://rafb.net/paste/results/gI4UFC11.html | 01:24 |
| jbailey | bluefoxicy: I was reading drepper's blog on the lock downs that they did. Neat stuff. | 01:25 |
| jbailey | I hope we can do that for edgy. | 01:25 |
| bluefoxicy | on what? | 01:25 |
| jbailey | Lemme find the posting for you | 01:25 |
| bluefoxicy | jbailey: yeah. I want to try to get this patch into mainline, but I'm hoping maybe I can get ubuntu behind me? | 01:25 |
| bluefoxicy | It lets you adjust mmap() and stack randomization at boot time | 01:26 |
| bluefoxicy | the stack by default shifts around in 8 megs, mmap() base in 1 meg | 01:26 |
| jbailey | http://udrepper.livejournal.com/9666.html | 01:27 |
| jbailey | bluefoxicy: Dunno. I'm not involved in the kernel at all. | 01:27 |
| bluefoxicy | this gives (to granularity of 16 bytes) 524288 positions in 128 pages for stack; and (to granularity of 4096 bytes) 256 positions for the mmap() base (libraries etc) | 01:27 |
| jbailey | I just show up here to harass Ben. =) | 01:27 |
| bluefoxicy | Of course the stack you might throw 4096 bytes of stuffing into and make that 128 ranges your attack works in... | 01:28 |
| bluefoxicy | in such a case, imagine we have say 1000 users who get attacked on a vulnerability protected by this. That's 1/128 success, maybe 10 fall to it? (gaim has an executable stack, x86 tends to have an executable stack...) | 01:29 |
| bluefoxicy | worst case scenario. | 01:29 |
| === bluefoxicy wants to be able to hit a button and get high-order entropy :) Also heap randomization which fedora seems to have... | ||
| bluefoxicy | ah | 01:31 |
| bluefoxicy | that's nice, yes | 01:31 |
| jbailey | Right. I'd like us to follow this if we could for edgy. | 01:31 |
| jbailey | I think it would be very hard. | 01:31 |
| jbailey | Third party programs are likely to also cause troubles. | 01:31 |
| bluefoxicy | I know nvidia glx breaks due to that stuff (because PAX BROKE NVIDIA GLX AND WE BITCHED AT THEM FOR 3 YEARS BEFORE GIVING UP) | 01:31 |
| bluefoxicy | nVIdia will never care. | 01:31 |
| bluefoxicy | they'll just say, "Well turn the security off." | 01:31 |
| bluefoxicy | Really, it's not a matter of negotiating, 3 years of negotiation did nothing. Go kick them in the balls if you want it to get done | 01:32 |
| bluefoxicy | What we need is an open source nvidia glx driver | 01:32 |
| jbailey | True. | 01:33 |
| jbailey | Anyone working on one? =) | 01:33 |
| bluefoxicy | nope :) | 01:33 |
| infinity | The proprietary one needs to start sucking more so people are more motivated to replace it. | 01:34 |
| infinity | I can only assume that fglrx being COMPLETE CRAP has been a large motivation for radeon hacking. | 01:34 |
| bluefoxicy | also that radeon mainly worked before the fglrx was out | 01:35 |
| jbailey | Oh well, one more thing in the list of things I'll never have the skill to hack on. =) | 01:35 |
| bluefoxicy | we actually had 3D on lower radeon | 01:35 |
| jbailey | And probably wouldn't chip in more than $20 towards getting fixed. | 01:35 |
| bluefoxicy | jbailey: go offer to suck ajax's thing for it or something, maybe he'll finally get around to writing it. | 01:35 |
| infinity | jbailey: Get a brain transfusion from airlied. | 01:35 |
| lifeless | jbailey: thats what things like daniels are for | 01:36 |
| bluefoxicy | i knew an excellent graphics card hacker | 01:36 |
| jbailey | infinity: I could all the drm knowledge. And he could then go write scary makefiles instead? | 01:36 |
| jbailey | Joy. | 01:36 |
| bluefoxicy | but he hates open source stuff. | 01:36 |
| bluefoxicy | it's an egoism thing | 01:36 |
| jbailey | lifeless: Eh, didn't know you trakced this channel. =) | 01:36 |
| bluefoxicy | but the guy picked up a game cube and started writing stuff to control its hardware | 01:36 |
| bluefoxicy | could reverse engineer shit | 01:37 |
| infinity | jbailey: Well, he's an X hacker, so probably already know scary Imake. :) | 01:37 |
| bluefoxicy | it didn't seem like a big deal to him, he was just really smart | 01:37 |
| mjg59 | There are people working on an open nvidia driver | 02:03 |
| bluefoxicy | hey mj | 02:09 |
| bluefoxicy | http://rafb.net/paste/results/1GRXs654.html about to send this to lkml to see what I get. | 02:10 |
| === doko [n=doko@201.160.19.41.cableonline.com.mx] has joined #ubuntu-kernel | ||
| === zul [n=chuck@ubuntu/member/zul] has joined #ubuntu-kernel | ||
| zul | hey | 02:47 |
| === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-kernel | ||
| zul | how was you guys day off? | 02:58 |
| bluefoxicy | WTF? | 03:02 |
| bluefoxicy | Thunderbird suggests "testatrix" in place of "paxtest" | 03:02 |
| bluefoxicy | ubotu... dammit wrong channel | 03:02 |
| bluefoxicy | http://lkml.org/lkml/2006/5/19/219 And there it goes. | 04:02 |
| dilinger | mm. people aren't going to like that hardcoded page size | 05:12 |
| bluefoxicy | mm. | 05:12 |
| bluefoxicy | I did note as a FIXME to replace 4096 with PAGE_SIZE | 05:12 |
| dilinger | yep | 05:12 |
| bluefoxicy | I will have to rewrite some of the logic for that of course. | 05:13 |
| bluefoxicy | the semantics of stack_random_bits for example means the stack can take on 2^stack_random_bits different values. | 05:13 |
| bluefoxicy | if you lose the ability to shift by 16 bytes at a time then 16 bits of stack randomization is 256M; otherwise 24 bits is 256M | 05:14 |
| bluefoxicy | similarly, if your pages are 8KiB instead of 4KiB you have to use the first 9 bits for intra-page randomization and the rest for page randomization. | 05:15 |
| bluefoxicy | and of course mmap() randomization is straight randomization * PAGE_SIZE, which is easy | 05:15 |
| bluefoxicy | the stack stuff however requires log base 2 calculations. | 05:15 |
| bluefoxicy | dilinger: to be fair, the original shifted around by 8192 (2 pages) for sub-page stack randomization. | 05:18 |
| bluefoxicy | Anyone know how to log(2,n) something? | 05:32 |
| bluefoxicy | dilinger: fixed. | 07:12 |
| === tuxmaniac [n=aanjhan@60.254.67.17] has joined #ubuntu-kernel | ||
| === __keybuk [n=scott@syndicate.netsplit.com] has joined #ubuntu-kernel | ||
| === kimo [n=ahmed@196.202.31.155] has joined #ubuntu-kernel | ||
| kimo | why does the topic still say -22 ! duh, I'm on -23 now | 10:05 |
| === ivoks [n=ivoks@lns02-1582.dsl.iskon.hr] has joined #ubuntu-kernel | ||
| === _human_blip_ [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === _mike_ [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === tuxmaniac [n=aanjhan@60.254.67.17] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@mike.nelsonbay.com] has joined #ubuntu-kernel | ||
| === tuxmaniac [n=aanjhan@60.254.67.17] has joined #ubuntu-kernel | ||
| === BenC [n=bcollins@debian/developer/bcollins] has joined #ubuntu-kernel | ||
| === human_blip [n=mike@220.157.65.127] has joined #ubuntu-kernel | ||
| BenC | dpkg-deb: building package `linux-image-2.6.17-1-powerpc' in `../linux-image-2.6.17-1-powerpc_2.6.17-1.1_powerpc.deb'. | 02:01 |
| BenC | yummy | 02:01 |
| === _human_blip_ [n=mike@220.157.65.127] has joined #ubuntu-kernel | ||
| === BenC_ [n=bcollins@72.169.114.90] has joined #ubuntu-kernel | ||
| BenC | sweet, full build of 2.6.17-git for edgy on powerpc | 02:41 |
| BenC | Linux colorless 2.6.17-1-powerpc #1 Sat May 20 01:39:11 EDT 2006 ppc GNU/Linux | 02:52 |
| bluefoxicy | aye ben. | 02:58 |
| bluefoxicy | http://rafb.net/paste/results/b1eCH937.html Think I got a shot at getting this one into Edgy as per https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap ? | 03:02 |
| bluefoxicy | I'm still working on it, gotta handle some logic for x86-64 with IA-32 emulation specifically. | 03:02 |
| bluefoxicy | (wouldn't want randomization over 1TiB of VA space and suddenly an IA-32 process tries to put stuff at 0x001C000000000000 and finds VMA isn't that long) | 03:03 |
| BenC | cool | 03:06 |
| bluefoxicy | aha, got it | 03:29 |
| bluefoxicy | I used TASK_SIZE / 6 as my random interval | 03:29 |
| bluefoxicy | so IA-32 code should let you tell it to randomize mmap() by 512M and stack by 512M; x86-64 assuming VMA space is 192TiB (of the 48 bit 256TiB space the CPU gives us) would give 32TiB max | 03:30 |
| bluefoxicy | but if you don't specify on the kernel command line, it'll just do 1MiB mmap() and 8MiB stack, as it does now :) | 03:30 |
| bluefoxicy | I should probably cut that back to TASK_SIZE/12 | 03:30 |
| bluefoxicy | since I know /6 will have issues on IA-32 | 03:31 |
| bluefoxicy | anyway gotta go for about an hour, be back in a bit. | 03:33 |
| bluefoxicy | (what I really need is a guaranteed TASK_STACK_ALIGN, which should always be 16, to determine how much alignment the stack needs for randomization) | 03:35 |
| === doko [n=doko@201.139.156.169.cableonline.com.mx] has joined #ubuntu-kernel | ||
| === kimo [n=ahmed@196.202.31.155] has joined #ubuntu-kernel | ||
| === zul [n=chuck@ubuntu/member/zul] has joined #ubuntu-kernel | ||
| bluefoxicy | yay | 06:33 |
| zul | heylo | 06:33 |
| bluefoxicy | my patch looks nice now, and it still patches to the dapper one ;) | 06:33 |
| bluefoxicy | hey zul | 06:33 |
| zul | hey bluefoxicy | 06:33 |
| bluefoxicy | http://rafb.net/paste/results/VblFVp66.html :> | 06:34 |
| bluefoxicy | hmm. Build fails. | 06:35 |
| === bluefoxicy forgot something. *fixes* | ||
| bluefoxicy | didn't define a long I used in one function. | 06:36 |
| bluefoxicy | now it works. | 06:41 |
| bluefoxicy | http://rafb.net/paste/results/pOP53u33.html :) | 06:42 |
| bluefoxicy | shit. | 06:44 |
| === bluefoxicy copied a chunk of code around without actually re-declaring the variable it uses, so he keeps finding spots where max_random_bits isn't defined >:| | ||
| === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-kernel | ||
| === jane_ [n=JaneW@dsl-146-177-94.telkomadsl.co.za] has joined #ubuntu-kernel | ||
| === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-kernel | ||
| === doko [n=doko@201.139.156.169.cableonline.com.mx] has joined #ubuntu-kernel | ||
| === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-kernel | ||
| === holden [n=holden@d83-184-201-205.cust.tele2.it] has joined #ubuntu-kernel | ||
| holden | hi. does anyone know what /lib/modules/2.6.15-23-amd64-k8/volatile is for? | 08:33 |
| mjg59 | For linking non-free modules | 08:34 |
| holden | mount reports: lrm on /lib/modules/2.6.15-23-amd64-k8/volatile type tmpfs (rw) | 08:35 |
| holden | do I need it? how can i disable it? | 08:35 |
| === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-kernel | ||
| === doko [n=doko@201.160.19.41.cableonline.com.mx] has joined #ubuntu-kernel | ||
| === tuxmaniac [n=aanjhan@60.254.67.17] has joined #ubuntu-kernel | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!