[12:39] <aquarius> Not sure if this is the right place, and you possibly already know, but https://www.ubuntu.com/download/releasenotes/606 pops up an error about the SSL certificate having expired on 06/01/06.
[12:43] <mdke> aquarius: the website uses http:// I think
[12:44] <aquarius> mdke: I followed the "Release Notes" link from http://www.ubuntu.com/download.
[12:45] <mdke> aquarius: I think that is an erroneous link.
[12:45] <Burgundavia> aquarius: I will fix it
[12:45] <aquarius> It also pops up another two errors; one because the CA isn't recognised for the certificate, and one because the certificate has the wrong name ("Canonical Ltd" rather than "www.ubuntu.com").
[12:45] <mdke> Burgundavia: aww
[12:46] <Burgundavia> aquarius: fixed, should replicate to the server in about 10m inutes
[12:46] <aquarius> cool. The latter two errors have been around for a while on https URLs at ubuntu.com, but I figured someone already knew about it. 
[12:46] <alchemist> fark. any of the ndiswrapper maintainers online?
[12:46] <aquarius> Burgundavia: cool; I just thought it needed mentioning because /download is pretty high visibility.
[12:46] <Burgundavia> alchemist: what is your issues
[12:46] <Burgundavia> aquarius: thanks for pointed it out
[12:47] <alchemist> Burgundavia: I'm hacking at the wpa-supplicant/networkmanager issue
[12:47] <Burgundavia> aquarius: you can pm me (this nick or burgwork) if you seen any other issues
[12:47] <alchemist> Burgundavia: I think one fo the issues is the 1.8 build of ndiswrapper
[12:47] <aquarius> Burgundavia: will do; I didn't realise you were maintainer
[12:47] <mdke> aquarius: you can also file bugs on the website in launchpad, in case you can't find Burgundavia 
[12:47] <Burgundavia> aquarius: I can do minor edits
[12:47] <alchemist> Burgundavia: so I'm hoping to find someone who could compile 1.10 for me on dapper so I cna try that
[12:47] <aquarius> mdke: I was going to do that if no-one here could help :)
[12:48] <mdke> aquarius: good plan
[12:48] <alchemist> if that works, then I can start looking at backport fixes
[12:48] <crimsun_> alchemist: ndiswrapper is in our kernel. Do you need a straight import, or ...?
[12:49] <alchemist> crimsun_: 1.8 is in the kernel. I need to test 1.10 - there are some fixed pertaining to wpa-supplicant 
[12:49] <alchemist> so prolly a straight import
[12:49] <alchemist> s/fixed/fixes
[12:50] <crimsun_> alchemist: do you have a dapper pbuilder? If not, I'll walk you through getting 1.17-1 in #trilug.
[12:50] <alchemist> crimsun_: no pbuilder. a chroot anda xen session
[12:50] <alchemist> crimsun_: we can hop to #trilug
[12:50] <crimsun_> right.
[01:22] <gentoo_helper> Sorry to bother you all, but I have an issue that I think might actually be a bug. I would like to verify this with you guys before I file. It is a problem concerning Xorg and my S3 Inc ProSavage graphics chip.
[01:23] <Burgundavia> gentoo_helper: what is the issue?
[01:23] <gentoo_helper> Burgundavia, Basically after an unspecified amount of time...
[01:23] <gentoo_helper> Burgundavia, My screen locks up and I am unable to recover without a hard reboot.
[01:24] <gentoo_helper> Burgundavia, The thing is, this issuse appears to be related to apt-get
[01:24] <Burgundavia> gentoo_helper: that sounds more like a hardware issue to me. Have you tested with memtest86?
[01:25] <gentoo_helper> Burgundavia, It is reproducible on my system: if you open an exterm and start apt-get (such as apt-get install ethereal) and then attempt to open any program that requires you to clock on a button (for instance open xchat and clock "connect") the machine will either lock up completely, or in rare instaces, do a soft reboot
[01:25] <Burgundavia> gentoo_helper: lets move to #ubuntu-bugs
[01:25] <gentoo_helper> Burgundavia, I have not tested with memtest86, but I can tell you that I do not have this issue in Windows. I assume that if it were a hardware issue I would have something similar happening there.
[01:26] <gentoo_helper> Burgundavia, Ok.
[01:36] <Burgundavia> mako: I am now permanently scarred by that picture :)
[01:37] <mako> what can i say.. i'm sick
[01:37] <mako> oh, you mean the second one :)
[01:37] <Burgundavia> mako: yes the 2nd one. Get better soon
[01:38] <mako> i'm not really sick :)
[01:38] <mako> at least not physiologically ill
[01:38] <Burgundavia> only in your head?
[01:39] <Burgundavia> that is also quite a startling colour of blue in your eyes
[01:39] <ajmitch> heh
[01:39] <Burgundavia> ajmitch: how goes SoC?
[01:40] <ajmitch> it goes well enough
[01:51] <mako> Burgundavia: my eyes are very blue :)
[02:01] <flyman_ubuntu> hola
[02:02] <flyman_ubuntu> quick question ...yes/no...works/does not work
[02:03] <flyman_ubuntu> ...i was getting an xorg.log error that /usr/lib/xserver/securitypolicy  could not be found.  has anyone here created the folder 'xserver' in /usr/lib/and placeed the file "/usr/share/doc/examples/SecurityPolicy" in the new folder?  it uses XC-QUERY-SECURITY-1 which is greek to me...
[02:16] <flyman_ubuntu> quick question ...yes/no works/does not work
[05:57] <Vaske_Car> How to check folder size from command line?
[05:57] <_ion> See topic. (du(1))
[06:08] <dieman> mako: your new record cover is awesome.
[06:34] <mako> dieman: heh, glad you like it
[06:45] <dieman> mako: you going to be in france too?
[07:01] <bluefoxicy> Wh..
[07:01] <bluefoxicy> I just tried to apt-get build-dep gnupg and it told me no I have to be more specific
[07:02] <bluefoxicy> Evidently I have 50 MTAs to pick from, now do I want to install postfix or exim... wait, hold on
[07:02] <bluefoxicy> why the heck do I need a mail server to compile gnupg?
[08:01] <Burgundavia> jdub: you seen this http://computerdropoff.org/
[08:01] <jdub> cool
[08:03] <Burgundavia> going to be in New Orleans at the end of the month, should be interesting
[08:05] <fabbione> PANTS OFF
[08:08] <jsgotangco> well interestingly, some of north america's electronic junk also end up here sometimes sold in 2nd hand shops along with japanese and korean television sets
[08:10] <Burgundavia> s/north america/united states
[08:10] <Burgundavia> Canadian stuff almost never finds it away overseas
[08:11] <Burgundavia> too bad we are 1/10 the pop...
[08:12] <jsgotangco> that's how i got some cheap sun terminals
[08:12] <Burgundavia> cool
[08:13] <Burgundavia> I got a promising lead on some space, so it looks like my recycling project might become more than just a backburnered project
[11:25] <mdke> hunger: you can change it!
[11:42] <sivang> hunger: right, by uploading stuff yourself and joining the MOTUs ;-)
[11:53] <hunger> mdke: Only in theory:-)
[11:53] <hunger> mdke: With the little time I have I can not change anything significantly.
[11:56] <giftnudel> hunger: you can always break stuff, nobody will notice the difference
[11:57] <sivang> hehe, depends where :p
[11:57] <msikma> Ohh, pastebin is down.
[11:57] <mdke> hunger: well, that's the same reason that you're not seeing any downloading during the weekend. No point finding it depressing
[11:58] <mdke> uploading*
[12:22] <hunger> giftnudel: Yeah, breaking stuff is easy:-) I do that a lot on my system.
[02:24] <\sh> hmmm...is gcc4.1 not in essentials for egdy? ;)
[02:27] <\sh> Kamion: could it be that you forgot the changes in debootstrap for edgy, but you mentioned it in the changelog?
[02:31] <infinity> \sh: Could it be that deboostrap for edgy hasn't built yet?
[02:31] <infinity> \sh: And neither has gcc-defaults (where the "gcc" metapackage comes from).
[02:31] <infinity> \sh: Patience.
[02:33] <\sh> infinity: oh yes, ubuntu3 and I have ubuntu2 .. need new glasses...sorry
[02:33] <\sh> Kamion: my blindness :( forget about what I said
[05:21] <\sh> any fridge admins online? ;)
[05:40] <shaya> are there any instructions anywhere for redoing the dapper live cd?
[05:45] <phanatic> shaya: https://wiki.ubuntu.com/LiveCDCustomization/Dapper
[05:45] <jdub> jpatrick: ping
[05:46] <\sh> jdub: if you are not too busy, would you add my blog back to p.u.c.?
[05:46] <jdub> uh, ok
[05:47] <jpatrick> jdub: yes?
[05:47] <jdub> \sh: #[http://linux.blogweb.de/feeds/index.rss2] 
[05:47] <jdub> ?
[05:47] <\sh> jdub: http://linux.blogweb.de/feeds/index.rss2 yes
[05:47] <\sh> jdub: thx :=
[05:47] <jdub> jpatrick: the description on the package you just uploaded is *awesome*
[05:48] <_ion> URL?
[05:48] <_ion> *wanna see*
[05:48] <jpatrick> I didn't touch it
[05:48] <jpatrick> jdub: debian maintainer's choice: http://packages.debian.org/unstable/x11/kxdocker
[05:49] <\sh> jdub: forget about kxdocker, most likley it will break with gcc-4.1 ;)
[05:49] <jdub> jpatrick: i know - that makes you double the culprit ;)
[05:49] <jpatrick> jdub: and upstreams
[05:50] <jdub> well, that's just sad
[05:50] <jdub> but still funny :)
[05:50] <jpatrick> I'll say it again: "not my fault"
[05:50] <jdub> you let it through (and brought this humour to my attention)! ;)
[05:50] <\sh> jpatrick: now you see the liability of a package maintainer, or uploader ;)
[05:51] <\sh> jpatrick: but it's just kxdocker
[05:51] <jdub> and the exposure of the -changes lists... brown paper bags are always amusing
[05:51] <\sh> jpatrick: but if it's "break my ipod, dude"...I'll tell you, you will get be blamed and bashed ;)
[05:53] <jdub> there are some really amusing descriptions around
[05:53] <\sh> jpatrick: but if you are drunk during the last 2 days of release time, it's fun .. try me :)
[05:53] <jdub> i like all the packages that claim they are "powerful"
[05:53] <jpatrick> \sh: Nop, can't drink
[05:54] <jdub> or "featureful"
[05:54] <\sh> jpatrick: right, you shouldn't :)
[05:54] <jdub> $ apt-cache search powerful | wc -l
[05:54] <jdub> 502
[05:54] <jdub> RAW POWER.
[05:54] <\sh> JDUB FOR PRESIDENT !
[05:55] <jpatrick> 506 here
[05:55] <jdub> ysm - A powerful ICQ console client
[05:56] <\sh> ugh
[06:17] <mako> dieman: yes, i'm going to be in france
[06:17] <dieman> mako: rock
[06:17] <dieman> mako: see you then
[06:18] <mako> absolutely, i'm looking forward to ti
[06:18] <dieman> i'll be there a day early in the morning
[06:18] <dieman> may run out to sightsee a little
[06:18] <\sh> hmm...I can't attend UDS Paris and now mako is just coming to europe..what a pity
[06:18] <dieman> depends on how much i sleep on the plane
[06:18] <mako> i can't remember my schedule
[06:19] <mako> but i am still trying to go to brazil from paris for the creative commons conf right after
[06:19] <mako> but it looks like i might not get the visa in time
[06:19] <mako> which means i'll probably hang around for 5 days or so afterwards
[06:19] <mako> probably not in paris.. but i'm not sure where
[06:19] <mako> i'd like to go to germany but with the world cup i think that might be both crazy and expensive
[06:20] <\sh> mako: go to karlsruhe, I have a sleeping place for you..for cheap
[06:20] <mako> \sh: i'll let you know :)
[06:21] <\sh> mako: a hotel room with a bed, for 40 euros..which is cheap nowadays :)
[06:21] <\sh> mako: and a clean shower :)
[06:21] <\sh> mako: and congratulations to your marriage :) 
[06:22] <mako> thanks! on all counts
[06:24] <\sh> mako: really, to you and mika all my love
[06:25] <sivang> anybody knows what differnet in a dapper chroot? I'm following https://wiki.ubuntu.com/DebootstrapChroot ,
[06:25] <sivang> everything went fine during the bootstraping process
[06:26] <sivang> but I can't install any other packages after chrooting into the chroot
[06:26] <sivang> I get E: Package gnupg has no installation candidate
[06:26] <sivang> for evry package I try to install
[06:26] <\sh> sivang: just normal?
[06:27] <sivang> \sh: yes, I haven't done anyhting wierd other then ln -s /home/sivan/chroot /var/chroot so I could use my home for storage
[06:28] <sivang> when I try and udate, I get:
[06:28] <sivang> Err http://security.ubuntu.com dapper-security Release
[06:28] <sivang> Ign http://archive.ubuntu.com dapper Release
[06:28] <sivang> Ign http://security.ubuntu.com dapper-security Release
[06:28] <\sh> sivang: you can just use /home/sivang/chroot just adjust the paths in the howto..after that, gnupg is still complaining :)
[06:28] <sivang> Ign http://archive.ubuntu.com dapper-updates Release
[06:28] <sivang> \sh: I did this before, the symlink doesn't make any differnce
[06:29] <sivang> \sh: gpg complains, but when I try to install it form the net it says "no installation candidiate"
[06:31] <\sh> sivang: shermann@amd64-home:~/pbuilder/etc/dapper$ less apt.conf.d/allow-unauthenticated      
[06:32] <sivang> hmm, is "not existant" a good answer? :)
[06:33] <sivang> I don't have this file at all
[06:33] <\sh> sivang: strange
[06:34] <sivang> root@swirl:/# apt-get update --allow-unauthenticated
[06:34] <sivang> still gives error in apt-get update
[06:34] <sivang> *odd*
[06:38] <\sh> sivang: but is it installing the package?
[06:38] <sivang> \sh: no, dammit, I think I accidently wiped out the binary source line :-/
[06:41] <sivang> yep
[06:41] <sivang> DOh, that was it.
[06:41] <sivang> \sh: thanks :)
[06:43] <\sh> sivang: no ways..come on. this must be an action fixable bug;)
[06:43] <\sh> with some action ahead of us ;)
[06:59] <sivang> \sh: heh
[07:00] <\sh> sivang: no laugh ;)
[07:57] <kagou> hi
[08:07] <jdub> Keybuk: thanks for the kickseed fix
[08:09] <HiddenWolf> edgy is open?
[08:11] <sladen> HiddenWolf: esr kills a kitten everytime that somebody asks that
[08:12] <HiddenWolf> sladen: I'll take a kitten from you, thanks. :)
[08:31] <Keybuk> jdub: ah, it was you who found it?
[08:31] <jdub> Keybuk: yeah; did Kamion's fix not fully fix it?
[08:32] <Keybuk> there was another instance of the same bug a few lines above
[08:32] <jdub> i promised to be his kickstart bitch after i found that
[08:32] <Keybuk> he found it on Friday, and text me this morning asking me to fix it
[09:09] <zyga> hello
[09:10] <Amaranth> hey
[09:14] <zyga> I'll see sabdfl tomorrow :)
[09:15] <Keybuk> oh aye?
[09:17] <phanatic> zyga: he's going to .pl right?
[09:18] <Seveas> yeah
[09:19] <bluefoxicy> ugh
[09:19] <Seveas> HAHAHA
[09:19] <bluefoxicy> screw this.  *steals the xvid no-exec-stack patch and textrel fix from Gentoo*
[09:19] <Seveas> highvoltage, pyland 
[09:20] <bluefoxicy> does anyone know who upstream xvid is so I can try to get libxvidcore4 patched upstream?
[09:25] <zyga> phanatic: yes!
[09:25] <zyga> :)
[09:25] <zyga> I hope to get a signed disk tomorrow :)
[09:40] <bluefoxicy> Patches submitted upstream.  I think.
[09:48] <desrt> BenC; ping
[09:51] <bluefoxicy> holy crap, gcj7 is STILL building
[09:57] <highvoltage> for how long?
[09:58] <Keybuk> bluefoxicy: it is?
[09:59] <Keybuk> showing up as built to me
[09:59] <bluefoxicy> Keybuk:  no, I mean I'm building it over here to try and track why it has a +X stack
[09:59] <bluefoxicy> and correct it
[09:59] <Keybuk> Date built:  	2006-06-11 15:04:03 BST
[09:59] <Keybuk> Build duration: 	2 hours 20 minutes
[09:59] <Keybuk> ahh
[09:59] <bluefoxicy> oshit 2 hours?!
[09:59] <Keybuk> that's on our buildd
[10:00] <Keybuk> always wondered, how does all this stack protection stuff play with gdb?
[10:00] <bluefoxicy> Xvid I referenced the gentoo patches and also threw them at upstream, qthreads... well, time to hit gentoo cvs huh.
[10:00] <bluefoxicy> GDB doesn't care
[10:01] <Keybuk> doesn't it affect gdb's ability to make the process execute arbitrary code?
[10:01] <bluefoxicy> no
[10:01] <Keybuk> how comes?  that just sticks stuff on the stack, iirc
[10:01] <bluefoxicy> gdb uses ptrace() IIRC, so it attaches to a running process-- or, loads a process stopped and executes it
[10:01] <bluefoxicy> hmm
[10:02] <bluefoxicy> sticks stuff on the stack?  How does it know what parts of the stack aren't in use
[10:02] <Keybuk> right, but while under gdb you can run functions and change data
[10:02] <Keybuk> it's one of gdb's more useful abilities
[10:02] <Keybuk> "see what would happen if I run the function with different arguments, ah *that's* better"
[10:02] <bluefoxicy> like write code, compile, and inject; or "call this function"
[10:02] <Keybuk> both
[10:02] <bluefoxicy> if you're just calling different code with different arguments there's no problem
[10:03] <bluefoxicy> injecting new code sounds tricky.
[10:03] <Keybuk> syndicate scott% echo "main() { }" > test.c
[10:03] <Keybuk> syndicate scott% gcc -g test.c
[10:03] <bluefoxicy> sounds like elfsh too
[10:03] <Keybuk> syndicate scott% gdb a.out
[10:04] <Keybuk> (gdb) break main
[10:04] <Keybuk> Breakpoint 1 at 0x8048360: file test.c, line 1.
[10:04] <Keybuk> (gdb) run
[10:04] <Keybuk> Starting program: /home/scott/a.out
[10:04] <Keybuk> Breakpoint 1, main () at test.c:1
[10:04] <Keybuk> 1       main() { }
[10:04] <Keybuk> (gdb) p printf ("hello world\n")
[10:04] <Keybuk> hello world
[10:04] <Keybuk> $1 = 12
[10:04] <Keybuk> etc.
[10:04] <bluefoxicy> I don't think that injects code
[10:04] <Keybuk> has to, otherwise how else does is call the function? :p
[10:04] <bluefoxicy> printf is a built-in gdb function that formats the given text
[10:04] <Keybuk> no, that's "p printf"
[10:05] <bluefoxicy> well, calling printf is easy enough.
[10:05] <Keybuk> syndicate scott% echo 'test(int a) { printf("called with %d\n", a); }' >> a.c
[10:05] <Keybuk> then
[10:05] <Keybuk> uh, s/a.c/test.c/
[10:06] <bluefoxicy> open up a stack frame (i.e. move %esp, doable when you're controlling a task's execution and registers), write a stack frame for printf in (i.e. write current %eip as retp, write in the data you want to send to printf()), move %eip to the prologue of printf()
[10:06] <Keybuk> (gdb) p test(47)
[10:06] <Keybuk> called with 47
[10:06] <Keybuk> $1 = 15
[10:06] <Keybuk> (gdb) p test(12)
[10:06] <Keybuk> called with 12
[10:06] <Keybuk> $2 = 15
[10:06] <bluefoxicy> calling functions can be done without injecting code
[10:06] <Keybuk> ah, so you can still do that
[10:06] <Keybuk> that's what I was asking
[10:06] <bluefoxicy> try writing a new function
[10:07] <Keybuk> can't an exploiting process just do the same thing then?
[10:09] <Keybuk> it does seem to me that either it breaks gdb, or leaves a back door open
[10:10] <bluefoxicy> If you're interested, go pick up a No Starch Press printed book, Jon Erickson's "Hacking:  The Art of Exploitation"
[10:10] <bluefoxicy> it's not bad, it goes through the full exploit development process and shows how to inject code into the stack, and then shows how to evade non-executable stacks using ret2libc attacks
[10:10] <Keybuk> I'm only interested from a "don't break existing stuff" pov.
[10:10] <Keybuk> I know how to inject stuff into processes
[10:10] <bluefoxicy> http://pax.grsecurity.net/docs/aslr.txt is how you break ret2libc attacks btw ;)
[10:11] <bluefoxicy> well
[10:11] <bluefoxicy> I highly doubt gdb executes code in the target process
[10:11] <Keybuk> it does
[10:11] <bluefoxicy> it'd be hard to figure out reliably what it can and can't do
[10:11] <Keybuk> why?
[10:12] <bluefoxicy> executing a function doesn't have to involve injecting new code anyway
[10:12] <Keybuk> it can do a lot more than just executing functions, that's just the easiest example to demonstrate
[10:12] <bluefoxicy> well, gdb has to debug the program, it can't interfere with it THAT much
[10:12] <Keybuk> sure it can
[10:12] <sladen> D'uh.
[10:12] <bluefoxicy> the program has a non-executable stack, if you try to execute on the stack it dies.
[10:12] <bluefoxicy> If you have a NX stack and try to execute a nested function, it crashes.
[10:13] <bluefoxicy> Now what happens when you open your debugger and try to debug it if the debugger makes the stack executable?  :P
[10:13] <bluefoxicy> "I dunno why, it works in the debugger..."
[10:13] <zul> hey keybuk
[10:13] <Keybuk> if it works in the debugger, then any exploiting process can do it
[10:13] <bluefoxicy> i386 is the only architecture where the stack isn't typically non-executable.
[10:13] <Keybuk> the debugger isn't a magic binary
[10:13] <bluefoxicy> nope
[10:13] <Keybuk> it's not even setuid root
[10:13] <bluefoxicy> read what I said?
 Now what happens when you open your debugger and try to debug it if the debugger makes the stack executable?  :P
[10:14] <bluefoxicy> injecting code onto the stack when it's non-executable is fine; jumping to it will not work
[10:14] <Keybuk> if a debugger makes the stack executable, then so can an exploit
[10:14] <bluefoxicy> no, it can't.
[10:15] <Keybuk> what's magic about a debugger?
[10:15] <Keybuk> it's just a program that knows a little bit about how compilers make executables
[10:15] <bluefoxicy> An exploit can't halt a process, skip over an instruction, randomly alter data, and produce a full back trace at will.
[10:15] <Keybuk> sure it can
[10:15] <Keybuk> the explot can ptrace the executable :p
[10:15] <bluefoxicy> on Linux the debugger attaches to a process using ptrace()
[10:15] <sladen> bluefoxicy: man ptrace
[10:15] <bluefoxicy> which you need privileges to do to a higher privileged process.
[10:16] <bluefoxicy> so if user Jackass tries to ptrace() firefox-bin run by user David, it says "no, fuck off"
[10:16] <Keybuk> indeed
[10:16] <Keybuk> but you can ptrace your own executables
[10:16] <bluefoxicy> If you're already David, there's no need to hack your own executables.
[10:16] <bluefoxicy> you already have the privileges you need.
[10:16] <Keybuk> you can't write to the stack of higher privileged processes either
[10:16] <Keybuk> so I'm not sure I'm following your point
[10:16] <bluefoxicy> uh, yeah, right.
[10:17] <sladen> good-oh.
[10:18] <Keybuk> yes ... congrats, your on my machine as "scott" ?
[10:18] <Keybuk> how is that going to help you do anything
[10:18] <bluefoxicy> who says you even need to be on the same machine to pull out an exploit?  You can fire them straight through firewalls in some cases.
[10:18] <bluefoxicy> heh
[10:19] <Keybuk> you could just buy me a very large drink, and I'd lend you my laptop for half an hour :)
[10:19] <bluefoxicy> Well if I can get on your machine as scott, I can pull attacks like (for example) hitting postfix (if you have it installed, bound to 127.0.0.1 to mail root errors) or mysql (typically bound to localhost), or just yank down a new local root exploit (back in the day there was one that fucked up VMA and let you write to root process memory, by screwing with use_lib()...)
[10:19] <bluefoxicy> or prod around on http://www.milw0rm.com/
[10:20] <Keybuk> and then what would you do? :p
[10:20] <bluefoxicy> of course if the stack's not executable it's kind of hard to execute code you just injected on it :)
[10:20] <bluefoxicy> I dunno
[10:20] <Keybuk> I'm always curious about the script kiddie mentality
[10:20] <Keybuk> they're all "I'll h4x0r j00"
[10:20] <bluefoxicy> format your hard drive?  use root access to ptrace() firefox and suck up your passwords?  Pick up your gpg key password and totally fuck up Ubuntu's repos with it?
[10:21] <Keybuk> every password in firefox is usually "applejack"
[10:21] <bluefoxicy> lol
[10:21] <Keybuk> it's sufficiently public because I keep putting it in CVS code by accident
[10:21] <bluefoxicy> ouch
[10:21] <Keybuk> it's famously in the example dircproxy config file
[10:21] <hunger> Keybuk: I had one guy ask for my IP so he could hack me... I gave him 127.0.0.1. The next day he told me I was lucky that whenever he tried to attack me his machine crashed:-)
[10:21] <Keybuk> you couldn't get my GPG key from my laptop, it's on a separate device
[10:22] <bluefoxicy> I've done the lmsg nickserv identify <my root password is the same as my nickserv password> thing :)
[10:22] <Keybuk> there are far more interesting social engineering attacks to get that though
[10:22] <hunger> Keybuk: I laughed my head of... and so did everybody else in that IRC chanel... he never dared come back.
[10:22] <Keybuk> hacking people is MUCH more fun :p
[10:22] <sladen> bluefoxicy: what you do, is you overflow the stack with the return address to another function, that takes parameters left on the stack, then you buffer-overflow that function, in the case of an executable stack
[10:22] <_ion> Please hack infrared vision to my eyes.
[10:22] <bluefoxicy> sladen:  Yep.  That works, that's how you evade the NX stack.
[10:22] <bluefoxicy> sladen:  of course, if the mmap() base and stack base constantly move around, you have yet another task
[10:23] <Keybuk> ya know
[10:23] <bluefoxicy> sladen:  Locate the base of the stack (take a guess, that's about as good as it gets...) and of loaded libraries (yeah, good luck guessing that too...)
[10:23] <Keybuk> a thought occurs
[10:23] <Keybuk> prelink defeats randomised maps
[10:23] <Keybuk> yet ANOTHER reason to dislike prelink
[10:24] <sladen> bluefoxicy: yes, you already have to guess your way past 8-bit of mmap() base randomness and 19-bits of stack randomness
[10:24] <bluefoxicy> sladen:  So what next?  ... okay, write your stack frames into the heap, that doesn't move.  Bounce to a call in the main executable with %esp pointed in the right place in the heap, it'll finish off the stack frame, call the function.  Congratulations, you defeated address space randomization.
[10:25] <tseng> sigh
[10:25] <sladen> bluefoxicy: what next?  Next you go to the pub and look for cute people to try and take home.
[10:26] <Keybuk> heh, now there's how to hack the Ubuntu archive.
[10:26] <bluefoxicy> sladen:  So this one's easy... build the main executable PIE, it moves with mmap(). Randomize the heap base too.  Bading.  :)
[10:26] <Keybuk> hire really gorgeous people to seduce Ubuntu developers and get them to upload back doors to things like the kernel or sysvinit
[10:26] <bluefoxicy> sladen:  Next order of business... give it time, someone will find something.  You probably left some daemon configured with a default root user and password or something.  ;)
[10:27] <Keybuk> roofies may be involved
[10:27] <bluefoxicy> tseng:  hi :)
[10:27] <tseng> hi
[10:27] <sladen> "hey there sexy, I'd like to exploit your backdoor"
[10:27] <bluefoxicy> at any rate
[10:27] <bluefoxicy> sladen:  ok that sounds really gay
[10:27] <Keybuk> bluefoxicy: there is a really simple way to completely guarantee your computer will never be hacked
[10:27] <zul> mmm...baddoors
[10:27] <Keybuk> bluefoxicy: and what's wrong with being gay?
[10:27] <Keybuk> uh, heh
[10:28] <hunger> kkeybuk: scissors?
[10:28] <bluefoxicy> Keybuk:  Dip it in molten iron and drop it down into that trench in the ocean.
[10:28] <Keybuk> hunger: exactly!
[10:28] <sladen> bluefoxicy: and what exactly would be wrong about that?
[10:28] <bluefoxicy> sladen:  *shrug* Nothing, just pointing out
[10:28] <Keybuk> there are several gay and bisexual Ubuntu developers on both Canonical pay roll and in the community
[10:29] <Keybuk> not to mention *gasp* women
[10:29] <bluefoxicy> sladen:  besides, I don't normally hear anyone talk about picking up guys at bars... usually they go to the GLBT center.
[10:29] <sladen> Keybuk: women?  *gasp*.  Youcannotbeserious?!(!)(!)(!)(!)
[10:29] <bluefoxicy> Keybuk:  There are females on the intarweb?
[10:30] <bluefoxicy> sladen: There's also furries in #ubuntu *gasp* :O
[10:30] <Keybuk> bluefoxicy: so I suggest at this point you read the "Be respectful to others" section of the Ubuntu Code of Conduct
[10:31] <bluefoxicy> Keybuk:  First off, my user page still says I haven't signed any code of conduct; second, I was never disrespectful to anyone.
[10:31] <Keybuk> bluefoxicy: by participating here you are agreeing to abide by the code of conduct
[10:31] <bluefoxicy> Keybuk:  ad-hominem but okay
[10:32] <tseng> this is highly entertaining
[10:32] <bluefoxicy> tseng:  I'd imagine from your stance it would be :p
[10:32] <Keybuk> bluefoxicy: if you do not feel you can participate without making insult to people different to yourself, I would ask that you leave
[10:33] <bluefoxicy> Keybuk:  I never insulted anyone, unless (inadvertantly) pointing out someone's gay somehow became an insult.
 sladen:  ok that sounds really gay
 sladen: There's also furries in #ubuntu *gasp* :O
[10:34] <Keybuk> etc.
[10:34] <Keybuk> these things could be insulting to others
[10:34] <Keybuk> both imply that you believe these kinds of people are not welcome here
[10:34] <Keybuk> that is not true
[10:34] <bluefoxicy> no, your brain implies that
[10:34] <bluefoxicy> I never said any such thing.
[10:35] <Keybuk> please be more aware of how things you say could be interpreted
[10:35] <bluefoxicy> anyway how did we get here from discussing gcj and xvid executable stacks
[10:35] <ChipX86> to be fair, the first was in response to "hey there sexy, I'd like to exploit your backdoor," and the second was a play on "there are *gasp* women"
[10:35] <bluefoxicy> yes chip
[10:36] <Keybuk> ChipX86: it was not a welcome response
[10:36] <ChipX86> I think this was just blown out of proportion
[10:36] <lifeless> iwj: heh, squid just picked up your patched version of Colin Pplumbs md5
[10:36] <ChipX86> Keybuk: no, perhaps not, but in the context it didn't appear to be anything but playing along
[10:37] <ChipX86> I think the best thing to do would be for everyone to move along
[10:37] <Keybuk> I agree
[10:37] <bluefoxicy> in context I figured a straight guy would go "uh" and try to recover face, and a gay guy would just shrug and not care
[10:37] <bluefoxicy> neither of which is particularly damaging to person
[10:38] <bluefoxicy> anyway what do I have to fix next
[10:38] <bluefoxicy> qthreads... where is that
[10:39] <lifeless> Keybuk: We're using the Claverly again for overflow :)
[10:39] <Keybuk> lifeless: I liked the Claverly -- who's ended up there? :)
[10:39] <lifeless> Keybuk: I *am* looking forward to breakfast next week :)
[10:39] <Keybuk> heh
[10:39] <Keybuk> the breakfast made up for the air-conditioning units
[10:39] <lifeless> and possibly breaking in some Mao players ;)
[10:40] <bluefoxicy> Running /tmp/x/gcj-4.1-4.1.0/src/gcc/testsuite/gcc.c-torture/compile/compile.exp  <-- awesome
[10:40] <lifeless> indeed, I'm not looking forward to hat
[10:41] <Keybuk> how did we end up overflowing a hotel?
[10:41] <Keybuk> I didn't think anyone else was in London this week?
[10:41] <lifeless> I think the hotel underflowed its spaces
[10:42] <lifeless> the K&K is just booked out
[10:42] <bluefoxicy> crap.
[10:43] <Keybuk> weren't you booked in already ages ago?
[10:43] <lifeless> yes
[10:43] <lifeless> currently at the K*K.
[10:44] <bluefoxicy> guile has no execstack patch on gentoo and fixing it is inordinately complex (fix some assembly files, rename some assembly files to .S instead of .s, fix the build system to recognize .s instead of .S, patch files calling the .s to use .S...)
[10:44] <bluefoxicy> I'll do that one later.
[10:58] <bluefoxicy> ok... liblzo1 is also complex but gentoo has a patch.
[11:48] <bluefoxicy> Running /tmp/x/gcj-4.1-4.1.0/src/gcc/testsuite/gcc.dg/dg.exp ...
[11:48] <bluefoxicy> FAIL: gcc.dg/20020122-2.c (test for excess errors)
[11:49] <bluefoxicy> just flat apt-get source'd and dpkg-buildpackage -uc -us -rfakeroot'd it.