[12:14] <jbailey> Ahahah.  Someone went through the effort of registering ubuntu.suxx? =)
[12:15] <bluefoxicy> suxx.pl with a subdomain ubuntu
[12:16] <jbailey> I just think it's funny. =)
[12:16] <jbailey> Some people like us, some people hate us. =)
[12:16] <bluefoxicy> watch this.
[12:16] <bluefoxicy> gimme 2 minutes.
[12:19] <bluefoxicy> jbailey: ubuntu-dapper.kicks-ass.net
[12:19] <bluefoxicy> :>
[12:19] <jbailey> =)
[12:24] <zyga> bluefoxicy: suxx.pl is my domain
[12:24] <zyga> ubuntu is just a topic subdomain
[12:24] <zyga> I had a bad day when I registered suxx.pl but now it's just history :)
[12:25] <zyga> I like ubuntu alot :D
[12:25] <zyga> jbailey: do you happen to use itanium?
[12:31] <jbailey> zyga: FSVO 'use'
[12:32] <zyga> great, do you happen to need a dual CPU daughterboard for free?
[12:32] <zyga> for itanium 1 :/
[12:32] <jbailey> Nope.  Mine's a dual 900mhz itanium 2.
[12:32] <zyga> I've got two itanium 2 cpus as well but I plan to use them as soon as I find a mobo :)
[12:32] <zyga> eh :)
[12:32] <zyga> those things are pricey :)
[12:33] <jbailey> I got a bit lucky with that particular hardware acquisition.
[12:33] <zyga> well so did I, I guess
[12:34] <zyga> both cpu's cost about 20$
[12:34] <zyga> 10$ / cpu
[12:34] <zyga> even less than that useless daugtherboard :)
[12:35] <infinity> zyga: You could mail me the daughterboard and I could use it to decorate my house.
[12:35] <infinity> zyga: I suspect you'll have a hard time finding someone who will actually USE it, though.
[12:36] <zyga> if you cover the shipping I might ;]  I also posted it on to the debian-hw-donations project
[12:36] <zyga> I might end up buys the remaining bits to assemble an itanium 1 box
[12:36] <zyga> it's brand new you know :)
[12:37] <zyga> I kind of like the connector :)
[12:37] <zyga> looks like some ancient computer card :D
[01:14] <bluefoxicy> oh holy shit it works!
[01:18] <jbailey> bluefoxicy: it?
[01:23] <bluefoxicy> jbailey:  http://rafb.net/paste/results/VkXzkF11.html paxtest on ubuntu
[01:24] <bluefoxicy> I wrote a small kernel patch, and then booted the new kernel with stack_random_bits=22 mmap_random_bits=16
[01:24] <bluefoxicy> http://rafb.net/paste/results/gI4UFC11.html
[01:25] <jbailey> bluefoxicy: I was reading drepper's blog on the lock downs that they did.  Neat stuff.
[01:25] <jbailey> I hope we can do that for edgy.
[01:25] <bluefoxicy> on what?
[01:25] <jbailey> Lemme find the posting for you
[01:25] <bluefoxicy> jbailey:  yeah.  I want to try to get this patch into mainline, but I'm hoping maybe I can get ubuntu behind me?
[01:26] <bluefoxicy> It lets you adjust mmap() and stack randomization at boot time
[01:26] <bluefoxicy> the stack by default shifts around in 8 megs, mmap() base in 1 meg
[01:27] <jbailey> http://udrepper.livejournal.com/9666.html
[01:27] <jbailey> bluefoxicy: Dunno.  I'm not involved in the kernel at all.
[01:27] <bluefoxicy> this gives (to granularity of 16 bytes) 524288 positions in 128 pages for stack; and (to granularity of 4096 bytes) 256 positions for the mmap() base (libraries etc)
[01:27] <jbailey> I just show up here to  harass Ben. =)
[01:28] <bluefoxicy> Of course the stack you might throw 4096 bytes of stuffing into and make that 128 ranges your attack works in...
[01:29] <bluefoxicy> in such a case, imagine we have say 1000 users who get attacked on a vulnerability protected by this.  That's 1/128 success, maybe 10 fall to it? (gaim has an executable stack, x86 tends to have an executable stack...)
[01:29] <bluefoxicy> worst case scenario.
[01:31] <bluefoxicy> ah
[01:31] <bluefoxicy> that's nice, yes
[01:31] <jbailey> Right.  I'd like us to follow this if we could for edgy.
[01:31] <jbailey> I think it would be very hard.
[01:31] <jbailey> Third party programs are likely to also cause troubles.
[01:31] <bluefoxicy> I know nvidia glx breaks due to that stuff (because PAX BROKE NVIDIA GLX AND WE BITCHED AT THEM FOR 3 YEARS BEFORE GIVING UP)
[01:31] <bluefoxicy> nVIdia will never care.
[01:31] <bluefoxicy> they'll just say, "Well turn the security off."
[01:32] <bluefoxicy> Really, it's not a matter of negotiating, 3 years of negotiation did nothing.  Go kick them in the balls if you want it to get done
[01:32] <bluefoxicy> What we need is an open source nvidia glx driver
[01:33] <jbailey> True.
[01:33] <jbailey> Anyone working on one? =)
[01:33] <bluefoxicy> nope :)
[01:34] <infinity> The proprietary one needs to start sucking more so people are more motivated to replace it.
[01:34] <infinity> I can only assume that fglrx being COMPLETE CRAP has been a large motivation for radeon hacking.
[01:35] <bluefoxicy> also that radeon mainly worked before the fglrx was out
[01:35] <jbailey> Oh well, one more thing in the list of things I'll never have the skill to hack on. =)
[01:35] <bluefoxicy> we actually had 3D on lower radeon
[01:35] <jbailey> And probably wouldn't chip in more than $20 towards getting fixed.
[01:35] <bluefoxicy> jbailey:  go offer to suck ajax's thing for it or something, maybe he'll finally get around to writing it.
[01:35] <infinity> jbailey: Get a brain transfusion from airlied.
[01:36] <lifeless> jbailey: thats what things like daniels are for
[01:36] <bluefoxicy> i knew an excellent graphics card hacker
[01:36] <jbailey> infinity: I could all the drm knowledge.  And he could then go write scary makefiles instead?
[01:36] <jbailey> Joy.
[01:36] <bluefoxicy> but he hates open source stuff.
[01:36] <bluefoxicy> it's an egoism thing
[01:36] <jbailey> lifeless: Eh, didn't know you trakced this channel. =)
[01:36] <bluefoxicy> but the guy picked up a game cube and started writing stuff to control its hardware
[01:37] <bluefoxicy> could reverse engineer shit
[01:37] <infinity> jbailey: Well, he's an X hacker, so probably already know scary Imake. :)
[01:37] <bluefoxicy> it didn't seem like a big deal to him, he was just really smart
[02:03] <mjg59> There are people working on an open nvidia driver
[02:09] <bluefoxicy> hey mj
[02:10] <bluefoxicy> http://rafb.net/paste/results/1GRXs654.html about to send this to lkml to see what I get.
[02:47] <zul> hey
[02:58] <zul> how was you guys day off?
[03:02] <bluefoxicy> WTF?
[03:02] <bluefoxicy> Thunderbird suggests "testatrix" in place of "paxtest"
[03:02] <bluefoxicy> ubotu... dammit wrong channel
[04:02] <bluefoxicy> http://lkml.org/lkml/2006/5/19/219  And there it goes.
[05:12] <dilinger> mm.  people aren't going to like that hardcoded page size
[05:12] <bluefoxicy> mm.
[05:12] <bluefoxicy> I did note as a FIXME to replace 4096 with PAGE_SIZE
[05:12] <dilinger> yep
[05:13] <bluefoxicy> I will have to rewrite some of the logic for that of course.
[05:13] <bluefoxicy> the semantics of stack_random_bits for example means the stack can take on 2^stack_random_bits different values.
[05:14] <bluefoxicy> if you lose the ability to shift by 16 bytes at a time then 16 bits of stack randomization is 256M; otherwise 24 bits is 256M
[05:15] <bluefoxicy> similarly, if your pages are 8KiB instead of 4KiB you have to use the first 9 bits for intra-page randomization and the rest for page randomization.
[05:15] <bluefoxicy> and of course mmap() randomization is straight randomization * PAGE_SIZE, which is easy
[05:15] <bluefoxicy> the stack stuff however requires log base 2 calculations.
[05:18] <bluefoxicy> dilinger:  to be fair, the original shifted around by 8192 (2 pages) for sub-page stack randomization.
[05:32] <bluefoxicy> Anyone know how to log(2,n) something?
[07:12] <bluefoxicy> dilinger:  fixed.
[10:05] <kimo> why does the topic still say -22 ! duh, I'm on -23 now
[02:01] <BenC> dpkg-deb: building package `linux-image-2.6.17-1-powerpc' in `../linux-image-2.6.17-1-powerpc_2.6.17-1.1_powerpc.deb'.
[02:01] <BenC> yummy
[02:41] <BenC> sweet, full build of 2.6.17-git for edgy on powerpc
[02:52] <BenC> Linux colorless 2.6.17-1-powerpc #1 Sat May 20 01:39:11 EDT 2006 ppc GNU/Linux
[02:58] <bluefoxicy> aye ben.
[03:02] <bluefoxicy> http://rafb.net/paste/results/b1eCH937.html  Think I got a shot at getting this one into Edgy as per https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap ?
[03:02] <bluefoxicy> I'm still working on it, gotta handle some logic for x86-64 with IA-32 emulation specifically.
[03:03] <bluefoxicy> (wouldn't want randomization over 1TiB of VA space and suddenly an IA-32 process tries to put stuff at 0x001C000000000000 and finds VMA isn't that long)
[03:06] <BenC> cool
[03:29] <bluefoxicy> aha, got it
[03:29] <bluefoxicy> I used TASK_SIZE / 6 as my random interval
[03:30] <bluefoxicy> so IA-32 code should let you tell it to randomize mmap() by 512M and stack by 512M; x86-64 assuming VMA space is 192TiB (of the 48 bit 256TiB space the CPU gives us) would give 32TiB max
[03:30] <bluefoxicy> but if you don't specify on the kernel command line, it'll just do 1MiB mmap() and 8MiB stack, as it does now :)
[03:30] <bluefoxicy> I should probably cut that back to TASK_SIZE/12
[03:31] <bluefoxicy> since I know /6 will have issues on IA-32
[03:33] <bluefoxicy> anyway gotta go for about an hour, be back in a bit.
[03:35] <bluefoxicy> (what I really need is a guaranteed TASK_STACK_ALIGN, which should always be 16, to determine how much alignment the stack needs for randomization)
[06:33] <bluefoxicy> yay
[06:33] <zul> heylo
[06:33] <bluefoxicy> my patch looks nice now, and it still patches to the dapper one ;)
[06:33] <bluefoxicy> hey zul
[06:33] <zul> hey bluefoxicy 
[06:34] <bluefoxicy> http://rafb.net/paste/results/VblFVp66.html  :>
[06:35] <bluefoxicy> hmm.  Build fails.
[06:36] <bluefoxicy> didn't define a long I used in one function.
[06:41] <bluefoxicy> now it works.
[06:42] <bluefoxicy> http://rafb.net/paste/results/pOP53u33.html  :)
[06:44] <bluefoxicy> shit.
[08:33] <holden> hi. does anyone know what /lib/modules/2.6.15-23-amd64-k8/volatile is for?
[08:34] <mjg59> For linking non-free modules
[08:35] <holden> mount reports:  lrm on /lib/modules/2.6.15-23-amd64-k8/volatile type tmpfs (rw)
[08:35] <holden> do I need it? how can i disable it?