1152835217 M * Bertl daniel_hozac: compiling test code for all # of arguments would be a good idea after that change 1152835237 M * Bertl I have a test code fragment for you if you need one :) 1152835248 M * doener Bertl: 183 and 184 1152835258 M * daniel_hozac i'm actually not able to reproduce this, or i missed an option. 1152835286 M * doener daniel_hozac: did you use -fomit-frame-pointer? 1152835334 M * doener that and -fpic are required to make it fail (and -D__PIC__ of course) 1152835339 M * daniel_hozac doener: probably not. 1152835342 M * Bertl doener: 183 is wrong 1152835366 M * Bertl that compiler is really messed up by now :) 1152835409 M * Bertl nah, this is not a proper solution, I have to figure something else 1152835542 M * doener what's wrong there? 1152835567 M * doener ah, the double movl to eax looks broken 1152835760 M * doener Bertl: well, there's no clobber for eax, so I guess gcc is right to do that 1152836169 M * Bertl doener: hmm, not a bad idea, let's try a different one, please undo the previous change and add "esp" to the clobber list 1152836185 M * Bertl #define __sysc_clobber __sysc_regs, "esp", "memory" 1152836198 Q * yarihm Quit: Leaving 1152836202 M * doener already tried that earlier doesn't help in the -fomit-frame-pointer case 1152836221 M * doener empty diff 1152836249 M * Bertl really? well, the gcc folks probably assume the same for esp as for ebx in that case 1152836491 M * Bertl well, I'll think about it, I doubt there will be a 'good' solution except for hard coding every stupid case, but maybe I get an idea, until then, "don't use -fomit-frame-pointer" :) 1152836529 M * Bertl btw, there is _absolutely_ no point in doing that (for the userspace tools) 1152836593 M * doener http://funroll-loops.org/ -- search for -fomit-frame-pointer (the rest is also fun ;) 1152836638 M * Bertl yeah, I know that page :) 1152836671 M * doener The last time I checked, -fomit-frame-pointer was still a suggested default argument for gentoo 1152836683 M * doener (it's been some time though) 1152837956 M * Bertl okay, I'm off for tonight ... good luck and have fun! 1152837969 N * Bertl Bertl_zZ 1152838613 J * shedi ~siggi@dsl-220-183.hive.is 1152839659 Q * Piet Quit: :tiuQ 1152839866 Q * FireEgl charon.oftc.net plasma.oftc.net 1152839917 J * FireEgl Atlantica@Atlantica.Tcldrop.Com 1152840263 M * doener daniel_hozac: paste 185 and 186, do these look good? 1152840359 M * doener nah, they don't... totally fscked up 1152840380 M * doener oh wait, no, it's ebp not ebx, should be good 1152841516 M * doener ok, patch is out to Bertl and I'm off to bed :) cya! 1152842024 Q * comfrey Ping timeout: 480 seconds 1152843991 J * Aiken_ ~james@tooax6-070.dialup.optusnet.com.au 1152844309 Q * Aiken Ping timeout: 480 seconds 1152847073 J * Term_ ~PhAnATiC@201.137.30.192 1152849697 P * Term_ 1152855682 J * coocoon ~coocoon@p54A07CFD.dip.t-dialin.net 1152855718 M * coocoon morning 1152856626 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1152856848 J * coocoon ~coocoon@p54A07CFD.dip.t-dialin.net 1152857635 Q * coocoon Read error: Connection reset by peer 1152857693 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1152859163 J * coocoon ~coocoon@p54A07CFD.dip.t-dialin.net 1152859680 J * dna ~naucki@dialer-177-169.kielnet.net 1152859835 Q * eyck Quit: leaving 1152859929 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at 1152859956 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1152860247 N * otaku42_away otaku42 1152860756 J * coocoon ~coocoon@p54A07CFD.dip.t-dialin.net 1152860786 J * [PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1152861159 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1152861334 Q * Aiken_ Ping timeout: 480 seconds 1152861444 J * Viper0482 ~Viper0482@p54976E39.dip.t-dialin.net 1152862213 Q * schimmi Ping timeout: 480 seconds 1152863037 Q * ||Cobra|| Remote host closed the connection 1152863059 J * Smutje_ ~Smutje@xdsl-87-78-59-108.netcologne.de 1152863164 Q * Smutje Ping timeout: 480 seconds 1152863569 Q * Smutje_ Ping timeout: 480 seconds 1152863600 J * schimmi ~sts@host82.natpool.mwn.de 1152863846 J * Smutje ~Smutje@xdsl-87-78-59-108.netcologne.de 1152864554 Q * juggo Ping timeout: 480 seconds 1152865504 Q * coocoon Ping timeout: 480 seconds 1152865646 J * cskarby ~cs@195.1.31.69 1152865989 M * cskarby Hi I am testing 2.6.7.4-vs2.1.1-rc25 and experiences some trouble with mysql, seems like mysql deadlocks or stop responding under heavy load, anyone else having similar troubles? http://linux-vserver.org/ChangeLogDevelExperimental says there was a delta-flock-fix01 added in rc24, but maybe there still are flock issues? 1152866028 M * cskarby err.. 2.6.17.4 with the patch-2.6.17.3-vs2.1.1-rc25.diff 1152866235 M * daniel_hozac you know -rc26 is the most recent release, right? :) 1152866269 M * cskarby yes, so I should probably test that one :) 1152866292 M * daniel_hozac shouldn't really change anything though. if you strace MySQL, where is it stuck? 1152866439 M * cskarby ah, well, I can start a strace now, but I am not sure if I can trigger the error quickly, it seems less frequent now than with rc23 1152866476 M * cskarby hmm .. guess I upgrade to -rc26 and see if I can reproduce it there 1152866618 M * daniel_hozac so it's not stuck right now? what unstucks it? 1152866651 M * cskarby hard kill, and restart 1152866652 J * coocoon ~coocoon@p54A05F73.dip.t-dialin.net 1152866705 M * daniel_hozac ok. 1152866858 J * bonsaikitten ~pal@dslb-084-063-019-215.pools.arcor-ip.net 1152866880 M * cskarby is there a way to attach strace to a running process? 1152866884 M * bonsaikitten Hello People! 1152866891 M * cskarby hello :) 1152866898 M * bonsaikitten chbind: kernel does not provide network virtualization <-- does anyone have an idea what I broke this time? 1152866981 M * cskarby chbind uses the legacy part of the vserver patch, if I have understood right, which vserver patch are you running? 1152867001 M * bonsaikitten "ancient" ;-) 1152867019 M * bonsaikitten I'm not 100% sure, but I've kept this system running for ~18 months now 1152867022 M * daniel_hozac cskarby: strace -p 1152867028 M * bonsaikitten and every time I upgrade stuff it breaks :-) 1152867035 M * cskarby daniel_hozac: thanks :) 1152867048 M * daniel_hozac bonsaikitten: looks like you misconfigured your kernel and/or utils. 1152867061 M * bonsaikitten utilities I guess 1152867067 M * bonsaikitten I had to patch them last time 1152867094 M * bonsaikitten 176 days uptime ... vserver is just too good 1152867233 J * pisc1 ~pampel@p508787C4.dip0.t-ipconnect.de 1152867525 Q * pisco Ping timeout: 480 seconds 1152867997 J * ||Cobra|| ~cob@146.50.22.204 1152868089 M * daniel_hozac bonsaikitten: either way, reconfiguring the utils with --enable-apis=NOLEGACY should get it working again. 1152868114 M * bonsaikitten daniel_hozac, yes, thanks - I found my repair instructions already :-) 1152868128 M * bonsaikitten I should migrate that box one of these days ... 1152868521 Q * zkbrsnie Quit: 1152869922 Q * schimmi Ping timeout: 480 seconds 1152870126 Q * shedi Quit: Leaving 1152871319 J * yarihm ~yarihm@whitehead2.nine.ch 1152871632 P * pisc1 1152872371 M * derjohn did anyone compile a kernel with StackGuard? how do i activavte it (with gcc4.1)? or isnt it suited for the kernel? 1152872888 M * daniel_hozac probably not. 1152872953 M * derjohn daniel_hozac, not means no one tried? Or wont it work? I remeber someone from hardened gentoo here, mentioning that they use(ed?) it .... 1152873018 M * derjohn it came to my mind after http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c und such ... 1152873142 M * daniel_hozac how would SSP protect against that? 1152873186 M * derjohn daniel_hozac, no. I just wanted to point out that there are out of the box running exploits out. 1152873213 M * derjohn I just grabed it to test, how it would perform _within_ a guest on a vulnerbale machine. 1152873229 M * daniel_hozac you'd get root on the guest. 1152873250 M * derjohn daniel_hozac, what do you think? will the attacker gain euid 0 with in guest? if so, is he euid 0 on the host then? 1152873337 M * daniel_hozac assuming your guest runs crond, of course :) 1152873369 M * derjohn daniel_hozac, would be a nice example for security on the talk on the linxutage in pforzheim i am just preparing 1152873422 M * daniel_hozac i'm curious though, does that exploit actually work? 1152873445 M * derjohn daniel_hozac, how? you compile it with gcc and run it ;) 1152873450 M * derjohn *lol* 1152873504 M * daniel_hozac ah, cp didn't behave as i expected it to. 1152873513 M * derjohn cp ? 1152873539 M * daniel_hozac /bin/sh is just a symlink here. i was expecting the cp to just copy the symlink. 1152874481 J * weeble ~weeble@81.52.144.1 1152874759 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1152875964 J * meandtheshell ~markus@85-124-232-80.work.xdsl-line.inode.at 1152877473 Q * pusling Ping timeout: 480 seconds 1152878360 J * schimmi ~sts@aquila.tcs.ifi.lmu.de 1152880069 M * Viper0482 hi 1152880089 M * Viper0482 is it possible to "map" an usb device inside a vserver? 1152880156 M * cskarby as long as it is okey for you that the root user inside the vserver have full control of the device; yes 1152880185 M * cskarby just cp the wanted device from /dev at the host 1152880278 M * meebey which vserver-utils I need at least for 2.6 kernel? 1152880301 M * meebey util-vserver even 1152880329 M * derjohn meebey, in Debian sid you get .210 which is cool. 1152880350 M * derjohn meebey, generally take newest Aplha Utils, Version ...210 ... 1152880352 M * meebey I want the lowest number 1152880357 M * derjohn 0 1152880361 M * derjohn why? 1152880371 M * meebey so I know if I need to backport packages 1152880380 M * derjohn which distro are you on? 1152880385 M * meebey I dont need the 2.6 features of vserver 1152880391 M * meebey just utils that play ok with it 1152880404 M * meebey ii util-vserver 0.30.204-6.gsd.2 1152880417 M * meebey should that version work with 2.6? 1152880433 M * derjohn hm, there are several flaws with old utils when it comes to startung the guests and building, not only the feature question arises. 1152880447 M * derjohn yes, i should work .. but may have flaws. 1152880477 M * derjohn I use Debian Sid as host but build guests as sarge/etch usually 1152880492 M * meebey I use sarge as host 1152880498 M * meebey and sage as guest 1152880521 M * derjohn you may remove the deb package and compile the utils youself (checkout my howto ...) 1152880532 M * Viper0482 ok thanks will try that 1152880536 M * derjohn or backport sid's package 1152880536 M * meebey too many boxes for that 1152880552 M * meebey and I dont want to install compilers and all that stuff, the root system is minimal 1152880576 M * meebey derjohn: I will do that when I need to, and thats what I am trying to figure out :) 1152880586 M * meebey vserver-stat doesnt show the vserver names for example 1152880597 M * derjohn but they are running? 1152880605 M * meebey yes 1152880621 M * derjohn whoooh .. may be realted to an old vserver patch .... 1152880626 M * derjohn are you on 2.4 ? 1152880631 M * meebey http://paste.debian.net/9021 1152880641 M * meebey I was on 2.4 and just switched to 2.6 1152880669 M * derjohn which VS version? 1152880675 M * derjohn the debian one? 1152880690 M * meebey yes 1152880692 M * derjohn ah, no, it's not in sarge ... 1152880702 M * meebey I used a backport 1152880709 M * derjohn besdies the vserver-patch which is incredibly outdated. 1152880722 M * meebey where can I see the vserver version? 1152880726 M * meebey /proc somewhere? 1152880728 M * derjohn uercks .... 1152880732 M * derjohn yes and no 1152880761 M * meebey I can check the changelog, it should mention it 1152880765 M * derjohn there is in /proc/virtual/? a VCI version .... the geeks here may know which vserver version that is 1152880782 M * derjohn I could provide you a deb of 2.6.17.4 with rc26 1152880795 M * derjohn (devel) 1152880836 M * meebey * Update vserver patch to 2.0.2-rc21. 1152880840 M * meebey thats the one 1152880861 M * meebey derjohn: that means I need to trust you ;) 1152880866 M * derjohn hm, this is s good one. 1152880887 M * derjohn meebey, you get the src package, too and you may apply the patches yourself 1152880924 M * derjohn besides that you can see me in gallery.linux-vserver.org together with Bertl_zZ . That One you must trust anyway ;) 1152880936 M * meebey I will wait for a newer backport, I know that <= 2.6.17.4 is unsecure 1152880948 M * meebey hehe 1152880949 M * derjohn 2.6.17.3 is really insecure 1152880955 M * derjohn all since 2.6.13 1152880960 M * meebey yeah 1152880966 M * derjohn http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c 1152880970 M * derjohn compile and be root 1152880991 M * ssm derjohn: thankfully not a remote exploit. :D 1152881002 M * meebey ssm: nah, this is not windows 1152881008 M * derjohn ssm, yup, but cgi-users could ...... 1152881033 M * derjohn i will upgrade to 2.6.17.4 all og my hosts now 1152881035 M * ssm yes 1152881214 M * meebey derjohn: why not include the patches as dpatch in the package? 1152881243 M * meebey derjohn: I am interesting in the source package, is that the official kernel packages but updated with more current vserver? 1152881250 M * meebey s/interesting/interested/ 1152881271 M * derjohn meebey, which patches? mine patchset? well, I have to rebuild so often I personally dont use dpatch yet. 1152881281 N * Bertl_zZ Bertl 1152881284 M * Bertl morning folks! 1152881287 M * derjohn meebey, debian only provides VS stable 1152881290 M * meebey hi Bertl 1152881290 M * derjohn Bertl, foo! 1152881306 M * derjohn meebey, i need devel to make bind9 run unmodified in a guest 1152881319 M * weeble 2.6.17.3 is really insecure? 1152881319 M * meebey derjohn: uh why? 1152881327 M * meebey weeble: yes 1152881340 M * Bertl do not be alarmed or annoyed when I suddenly stop answering, we have thunderstorms here and the connection already faded twice :) 1152881356 M * meebey weeble: http://lists.debian.org/debian-news/debian-news-2006/msg00030.html 1152881384 M * weeble meebey, is that the vuln that caught the Debian guys out? 1152881385 M * derjohn weeble, really. check UTL above and try out yourself. 1152881394 M * Bertl ssm: exploit? care to give me a short overview? 1152881405 M * meebey weeble: yes the 2. kernel exploit that debian had to find out :) 1152881431 M * weeble Wonder if it works inside a vserver to give root on the host? 1152881440 M * meebey if you modifiy it sure 1152881441 M * derjohn Bertl, http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c 1152881468 M * meebey kernel exploit allows you to change the vserver process info 1152881478 M * meebey but you need to hack that specially 1152881497 M * weeble Are there vserver and ipv6 patches that apply against not-vulnerable kenels? 1152881503 M * meebey else you are just root (uid 0) inside the vserver 1152881564 M * meebey bind 3873 0.0 0.9 29588 2536 ? Ss 13:15 0:00 /usr/sbin/named -u bind 1152881570 M * meebey derjohn: looks like bind is running for me 1152881571 M * Bertl I doubt that will work inside a guest at all 1152881582 M * meebey ii bind9 9.2.4-1 1152881588 M * weeble Bertl, I've added a new page on the Wiki (/Security) that people can check to make sure they're not using a vulnerable version of any part of the vserver setup 1152881605 M * derjohn meebey, bind9 inside a guest? only with patched bind or devel-rc18+ 1152881606 M * phreak`` meebey: is that from sladen's repo ? or something self-cooked up ? :) 1152881626 M * Bertl weeble: good idea! did you check that 'exploit' on a recent Linux-VServer guest? 1152881627 M * derjohn phreak``, hey ! 1152881634 M * meebey yeah if vserver denies the call before it does anything, vserver is not vulnerable 1152881637 M * phreak`` afair default debian is setting --with-caps like any other distro :) 1152881648 M * phreak`` derjohn: heya cutie :P 1152881687 M * derjohn phreak``, yes, I do have a preptached deb for bind9 too (called bind9-nocapa) 1152881689 M * weeble Bertl, No, haven't tried it yet. Hate compiling exploit code that I don't understand, and running it :) 1152881700 M * meebey derjohn: I allow the resource cap thing, thats the only problem right? 1152881711 M * derjohn weeble, it's rather short and easy to read. 1152881745 P * cskarby 1152881759 M * derjohn meebey, hm, not quite sure. bind9 'grabs' be default all caps to drop them again.... I dunno if there is a mode where a guest can do that with really all 1152881763 M * weeble Are there any workarounds? I see it uses corelimit.rlim_max = RLIM_INFINITY; - can ulimit prevent it from working? 1152881797 M * phreak`` meebey: yeah, exactly :) if you won't give that bind vps the CAP it will die (just as derjohn said). bind assumes by default it _has_ all caps and drops the unneeded 1152881825 M * Bertl phreak``, meebey: not relevant with recent Linux-VServer releases 1152881832 M * meebey I use for each daemon own vserver so I dont have a problem with giving some vservers a CAP :) 1152881835 M * phreak`` Bertl: oh ? 1152881837 M * Bertl i.e. bind runs unmodified with all the cap stuff :) 1152881847 M * weeble "It only exists in the Linux kernel 1152881847 M * weeble 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24." 1152881949 M * phreak`` Bertl: you mean by using the CAP_SYS_RESOURCE ? 1152881970 M * Bertl phreak``: thing is, we changed how the cap masking works 1152882004 M * Bertl the current (devel) code allows bind to set and remove the caps to its liking, but it does not allow to exercise those caps 1152882034 M * Bertl as bind is broken in regard to the cap design, that is sufficient, as it does not _need_ the caps it requests :) 1152882083 M * phreak`` Bertl: ah, I guess you told me that already (at least I'm starting to remember) maybe on the linux-tag about the faking caps .. maybe it was here earlier this year :) 1152882090 M * Bertl so bind thinks it has all the caps and happily drops them 1152882092 M * ssm weeble: you could try with ulimit -c 0 1152882119 M * ssm ...but this seems to have moved to sysctl.conf, if you want to set it globally 1152882125 M * Bertl weeble: make sure to use -HS -c inf on the host (before starting the guest) 1152882171 M * sladen phreak``: I think the copy in Debian now complains about the lack of capabilties, but doesn't actually bomb anymore 1152882218 M * Bertl sladen: should not detect a lack of capabilities actually :) 1152882259 M * Bertl sladen: btw, LTNS and NTSY :) 1152882288 M * phreak`` sladen: as Bertl said ;) 1152882290 A * phreak`` hides 1152882369 N * Ben_zZz Ben_ 1152882371 M * sladen groovy 1152882380 M * sladen Bertl: LTNS and NTSY? 1152882433 M * coocoon sladen: http://www.acronymfinder.com/ ;-) 1152882466 M * weeble Guys, this exploit isn't working on my Gentoo boxes 1152882501 M * ssm weeble: uname -r? 1152882509 M * weeble Some (because my user account isn't in the cron group), and some because GRsec traps it. grsec: From 81.xx.xx.xx: signal 11 sent to /home/paul/a.out[a.out:5371] 1152882519 M * ssm weeble: aha 1152882523 M * weeble 2.6.16.18 on one 1152882531 M * weeble 2.6.11-hardened-r15 1152882536 M * bonsaikitten weeble, GRSec, PaX etc. kill most "naive" exploits, lucky you :-) 1152882536 M * weeble Woah. That one's old 1152882537 M * Bertl sladen: Long Time No See and Nice To See You :) 1152882548 A * weeble wipes brow 1152882642 M * ssm grsecurity looks nice. I wonder how much extra work it creates for vserver hosts... 1152882646 M * daniel_hozac Bertl: is it intentional that the new switch returns EPERM instead of ENOSYS for non-existant commands? 1152882702 M * bonsaikitten ssm, on normal machines it has <1% overhead, vserver has <1% overhead ... I'd guess you won't notice 1152882736 M * ssm bonsaikitten: ...unless it creates more than 1% extra work for the admin. :D 1152882742 M * Bertl daniel_hozac: no, that is considered a bug, in which case does it do that? any? or just specific ones? 1152882759 M * daniel_hozac Bertl: all non-existant commands return EPERM. 1152882773 M * daniel_hozac kernel/vserver/switch.c:338 1152882781 M * bonsaikitten ssm, I had problems with X and very few other things, usually it's fire-and-forget 1152882825 M * ssm bonsaikitten: neat. I don't run X on my vserver hosts, so I'll take a peek. :D 1152882833 M * sladen Bertl: ahhh. yes, it's the reading-on-highlights thing 1152882886 M * phreak`` bonsaikitten: I wonder if you're using the gentoo-vps repo or doing it homegrown ? 1152882934 M * daniel_hozac weeble: i'm running 2.6.17.4-vs2.1.1-rc25.ipv6 on my test box ;) 1152882950 M * bonsaikitten phreak``, I'm running an ancient vserver with stock gentoo ebuilds 1152882973 M * bonsaikitten and I'll see if I can get a vserver setup at work to consolidate 5 machines 1152882987 M * phreak`` bonsaikitten: ah, yeah you told me that already .. *g* (boy I remember much today :P) 1152883047 M * Bertl daniel_hozac: ah, i.c. yes the default: perm = -1 is a bug 1152883116 M * Bertl daniel_hozac: will fix that up soon, I had something different in mind, but that was lost in the cleanup 1152883139 Q * slava Remote host closed the connection 1152883146 M * Bertl i.e. idea is to have two different return codes, when the lists are out of sync, for whatever reason 1152883148 J * slava ~slava@195.22.238.42 1152883152 M * Bertl wb sladen! 1152883157 M * Bertl *slava! 1152883262 M * Bertl okay, I'm off again, have to fix a few things here ... back later 1152883274 N * Bertl Bertl_oO 1152883278 M * sladen :) 1152883960 J * mkhl ~mkhl@200-148-41-236.dsl.telesp.net.br 1152884237 Q * michal` Ping timeout: 480 seconds 1152884372 J * duckx ~Duck@tox.dyndns.org 1152884668 M * weeble daniel_hozac, with ipv6f as well? 1152884698 M * daniel_hozac weeble: right. there is just one conflict. 1152884714 M * weeble Hmm 1152884725 M * daniel_hozac (i haven't verified the correctness of the resultant patch yet though) 1152884731 M * weeble I'm worried - I'm away from the PC for the weekend 1152884732 M * weeble :) 1152884736 M * weeble I want to sleep well 1152884755 M * daniel_hozac why don't you upgrade to 2.6.16.24 then? 1152884765 M * weeble Because I need the IPv6 goodness 1152884778 M * daniel_hozac it should apply cleanly. 1152884798 M * weeble OK. 2.6.17.4 + -vs2.1.1-rc25 + ipv6f is all good? 1152884815 M * daniel_hozac -rc26 1152884834 M * daniel_hozac but as i said, i haven't yet verified that the resulting patch really works. 1152884843 M * daniel_hozac i've just used chbind6 so far. 1152884846 M * weeble The "resulting patch"? 1152884856 M * daniel_hozac once you fix the conflict. 1152884863 M * weeble Aaah. I need to fix the conflict? 1152884899 M * weeble Can you whack the updated ipv6.patch on your site for me to snaffle? 1152884904 M * weeble And call it g? :) 1152884909 M * daniel_hozac http://daniel.hozac.com/vserver/delta-2.6.17.4-vs2.1.1-rc26-ipv6.patch 1152884921 M * weeble Hozac am the man. 1152884951 M * weeble You're a star. 1152884975 M * daniel_hozac hmm, a few unrelated hunks in there. 1152884976 M * weeble Does it #include daniels_backdoor.h like the others? 1152884992 M * daniel_hozac you'll want to exclude kernel/exit.c and kernel/ptrace.c 1152884992 M * phreak`` weeble: lol .... 1152885030 M * weeble daniel_hozac, Exclude? 1152885075 M * daniel_hozac like filterdiff -x '*/kernel/exit.c' -x '*/kernel/ptrace.c' ../delta-2.6.17.4-vs2.1.1-rc26-ipv6.patch | patch -p1 1152885105 M * weeble Hmm. Perhaps I'll just update the kernel + vserver stuff, and lose the ipv6 for now :( 1152885112 M * weeble Curse those haxors. 1152885139 M * daniel_hozac you don't have to lose the IPv6. 1152885159 M * daniel_hozac as i said, upgrading to 2.6.16.24 shouldn't be a problem at all. 1152885173 M * weeble Well, it all seems a bit dodgy on a Friday afternoon when I'm going to be in deepest, darkest Wales away from the Internet for the weekend. 1152885212 M * weeble 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24 1152885218 M * daniel_hozac certainly a few micro-upgrades is better than a complete rebase. 1152885252 J * michal` ~michal@www.rsbac.org 1152885658 M * weeble So daniel_hozac - what is the recommended get-out-of-trouble-without-breaking-anything path? 1152885671 M * weeble 2.6.16.24 1152885675 M * weeble vs2.1.1-rc?? 1152885677 M * weeble ipv6f? 1152885678 M * daniel_hozac i'd go for 2.6.16.24. 1152885701 M * weeble OK - and the other patch vers? 1152885742 M * daniel_hozac just stick with what you're already using. 1152885749 M * weeble So rc22 1152885751 M * weeble And ipv6f 1152885751 M * daniel_hozac just use the incrementals to go from .20 to .24. 1152885751 M * weeble ? 1152885762 M * daniel_hozac sure. 1152885764 M * weeble OK 1152885790 M * weeble If it was Monday night, and I wasn't going away, I'd probably be a bit more adventurous. 1152885807 A * weeble hates changing stuff on Friday pms. 1152885850 M * daniel_hozac if you're just paranoid about that particular problem, you could even just fix that. 1152885876 M * weeble .20 to .24 shouldn't break much (any?) stuff though really 1152885897 M * daniel_hozac as they're all bug fix releases, no. 1152886008 M * weeble patching file Makefile 1152886008 M * weeble Hunk #1 FAILED at 1. 1152886008 M * weeble 1 out of 1 hunk FAILED -- saving rejects to file Makefile.rej 1152886015 J * azazel webirc@h67069.serverkompetenz.net 1152886026 M * azazel hi all 1152886060 M * weeble Aah, that's OK. That's just the ver. 1152886393 M * azazel anyone has experience with qemu running inside guests? I configured a guest to run X, and it works, but when i try to run qemu, it suddenly stops with a "bus error" message 1152886551 Q * sladen Read error: Operation timed out 1152887093 J * sladen paul@starsky.19inch.net 1152887161 Q * Viper0482 Quit: one day, i'll find this peer guy and then i'll reset his connection!! 1152887262 M * daniel_hozac azazel: have you straced it? 1152887610 M * azazel not yet.. i was thinking that stracing a vm can be very difficoult to follow 1152887662 M * azazel it stops at the ver beginning, while is trying to boot guest os 1152887752 Q * mire Quit: Leaving 1152887984 M * cehteh mhm 1152888075 M * cehteh azazel: if you dont use the kqemu then qemu should be just a normal userland programm ... the only problem might be that it wants to access some hardware which isnt available in the vserver or has not enough privileges 1152888288 M * azazel by default the memory isn't constrained to a limit, am i right? 1152888300 M * daniel_hozac nope. 1152888322 M * daniel_hozac by default, there are no limits other than those you inherit from the host. 1152888570 N * otaku42 otaku42_away 1152888737 J * nicky ~nicky@81.52.144.1 1152888804 M * cehteh azazel: maybe qemu tries to mlock pages and a vserver has not enough privileges for that? 1152888827 A * cehteh thinks he once run qemu in a vserver 1152889119 M * derjohn Bertl_oO, -> pls check you email. thx 1152889263 M * daniel_hozac cehteh: that wouldn't make much sense. why would we have a MEMLOCK limit then? 1152889313 M * cehteh was only a guess ... 1152889480 M * daniel_hozac hmm, looks like you're right though. mlock requires CAP_IPC_LOCK, and that's not one of the default capabilities. 1152889511 M * daniel_hozac oh, no, that's just if you're over your limit. 1152890145 M * azazel mmm 1152890185 M * meebey how can I make /proc/kallsyms visble in a vserver? 1152890197 M * daniel_hozac setattr --~hide /proc/kallsyms 1152890212 M * meebey on the host? 1152890216 M * daniel_hozac yes. 1152890221 M * meebey will it remember that? 1152890225 M * daniel_hozac no. 1152890230 M * meebey hmpf 1152890239 M * meebey openswan wants it 1152890250 M * meebey seems like I need to update the openswan info on the wiki 1152890251 M * meebey for 2.6 1152890256 M * meebey once I get it running 1152890278 N * Ben_ Ben_zZz 1152890524 Q * schimmi Ping timeout: 480 seconds 1152890880 Q * azazel Remote host closed the connection 1152890904 Q * nicky Quit: Leaving 1152891087 M * doener daniel_hozac: http://www.13thfloor.at/~doener/vserver/patches/shiny.diff 1152891091 M * doener what do you think of that? 1152891199 M * doener the __Pasm/__pasm hack that switches between %5 and %4 isn't really correct, as the "m" constraint should allow gcc to make a copy of them, but that'd already be more than stupid... 1152891790 J * Term_ ~PhAnATiC@dsl-200-95-79-238.prod-infinitum.com.mx 1152892287 M * meebey vserver 2.6 is too secure! 1152892291 J * stefani ~stefani@tsipoor.banerian.org 1152892317 M * meebey I used 2.4 before and now it seems to hide many things from /proc 1152892326 M * meebey after I switched to 2.6 1152892384 M * doener did you run vprocunhide? 1152892406 M * meebey noope 1152892412 M * meebey whats that, a new tool? 1152892423 M * doener well, then everything is hidden... 1152892438 M * meebey my version doesnt know that tool :) 1152892443 M * doener hm, well depends on what you define as "new" ;) 1152892451 M * meebey sounds like I need to backport 1152892465 M * doener which util-vserver version do you use? 1152892471 M * meebey old :) 1152892479 M * meebey 0.30.soemthing 1152892492 M * doener should have vprocunhide 1152892515 M * meebey setattr --~hide works 1152892527 M * meebey but can I use that for special vservers only? 1152892535 M * doener no 1152892535 M * meebey I need some stuff for openswan 1152892538 M * meebey :( 1152892548 M * doener vprocunhide was added in 2004 1152892556 M * doener march 2004 1152892562 M * meebey ii util-vserver 0.30.204-6.gsd.2 1152892599 M * meebey galilei:/vservers# dpkg -L util-vserver | grep vproc 1152892599 M * meebey /etc/init.d/vprocunhide 1152892599 M * meebey /usr/lib/util-vserver/defaults/vprocunhide-files 1152892599 M * meebey /usr/lib/util-vserver/vprocunhide 1152892601 M * meebey its there 1152892608 M * meebey just some strange path 1152892629 M * doener /etc/init.d/ is strange for something to be run at boot time? 1152892667 M * meebey its just a init.d wrapper for it 1152892679 Q * yarihm Quit: Leaving 1152892680 M * meebey oh dear 1152892683 M * meebey /usr/lib/util-vserver/defaults/vprocunhide-files 1152892691 M * meebey thats a _bad_ place of a config file 1152892715 A * meebey throws FHS in the channel 1152892736 M * meebey but ok, it will work then 1152892753 M * doener that's just the defaults, local config goes into /etc/vservers/.defaults/something IIRC 1152892766 M * meebey that sounds better 1152892780 M * meebey the new layout is a bit confusing, difficult to find the right place 1152892789 M * doener you almost never need to change that though 1152892790 M * meebey thats because there is not template 1152892796 M * meebey true 1152892807 M * doener well, you know the flower page, right? 1152892821 M * meebey yes I know it, I have already eye cancer from it 1152892837 M * meebey :-P 1152892838 M * doener choose an other style, gras1 is neat 1152892856 M * meebey hehe 1152892909 M * meebey seems like openswan 2.4.5 with 2.6.16 inside vserver runs 1152892911 M * meebey niiiice 1152893453 M * daniel_hozac doener: is it really correct to remove %1, %2 and %3? 1152893508 M * doener we might need __volatile__ there in addition, to declare that it has side-effects. But here it works as it is. The input operands are already forced into the correct registers 1152893516 M * daniel_hozac does __sysc_rcon fix that? 1152893562 M * doener that has the nice effect that gcc generates better code, with the old version it has already copied some operands into registers for better performance and the inline asm then just shuffled them around 1152893586 M * daniel_hozac cool.. 1152893592 M * doener http://paste.linux-vserver.org/180 1152893611 M * doener see here, gcc thought "hey, let's use esi and eax, it's faster!" 1152893625 M * daniel_hozac yeah. 1152893626 M * doener and we then copied their values to ecx and edx 1152893682 M * doener and in the 6 argument syscall case, it even generated broken code, as seen here: http://paste.linux-vserver.org/183 1152893695 Q * ||Cobra|| Remote host closed the connection 1152893713 M * doener but gcc was right to do that, we didn't tell that we clobber eax 1152893739 M * daniel_hozac right. 1152893745 M * daniel_hozac hmm, your patch gives me rejects. 1152893764 M * doener damn, I didn't remove the new line that Bertl wanted in there 1152893785 M * daniel_hozac hehe. 1152893788 M * doener the __sysc_rcon line with "a","g","g"... is not in the original shiny 1152893863 M * doener ok, uploaded the fixed patch 1152893867 M * doener (same file) 1152893920 M * daniel_hozac thanks. 1152893963 M * doener http://www.13thfloor.at/~doener/vserver/ 1152893972 M * doener results for _syscall6 1152894000 M * doener for all pic/omit-frame-pointer on/off combinations 1152894296 M * doener daniel_hozac: I'm (almost) sure now, that it is fine to let gcc handle to copying, arch/i386/kernel/irq.c also does it ;) 1152894318 M * daniel_hozac hehe, ok, sounds fine then. 1152894393 M * doener then it's just the %4, %5 hack using "m", maybe Bertl can tell sth. about that. I don't think gcc would ever do sth. stupid there, but it might be allowed to... 1152894654 M * doener daniel_hozac: but it really pays off to read lkml... I actually learned the whole inline assembly syntax stuff only a few days ago, in the huge thread on volatile usage in the kernel 1152894837 M * daniel_hozac i'll have to start doing that then. 1152894884 M * doener just make sure that your mua supports "mark thread read"... without that I'd not have any time left :) 1152895240 M * doener daniel_hozac: dammit, the pic-frame version is broken 1152895312 M * daniel_hozac is it? 1152895322 M * doener http://www.13thfloor.at/~doener/vserver/pic-frame.s 1152895351 M * doener that uses ebp and thus the last offset needs to be 28 1152895359 M * daniel_hozac ah, yes. 1152895546 M * daniel_hozac doener: shouldn't the __pasm(n, 6, 1, "movl %4... be %5 instead? 1152895566 M * doener no, that's the "hack" for pic-no-frame 1152895593 M * doener it assumes that addressing is done via esp and compensates for the pushl 1152895603 M * daniel_hozac ah. 1152895946 M * doener daniel_hozac: btw, do you see any reason for saving ebx anyway? 1152895974 M * doener ah, errno might need it... 1152895976 M * derjohn if i move something from "/local/foo to /bla/bar" and /bla/xy is a bindmount to /local/foo2 (same partition) ... is then the _content_ really moved isted of the metadata only? 1152895985 M * doener missed the ja .L6 1152896033 M * doener derjohn: hm, how are /bla/bar and /bla/xy related? 1152896058 M * derjohn oh typo, my typo! 1152896098 M * derjohn i mean i have two dirs: /local/x and /local/y on the same partition. if i move /local/x/* to /local/y/ is goes faaaaaaast, no content is moved 1152896129 M * daniel_hozac indeed. 1152896136 M * derjohn if i move /local/x/* to /bla/blubb/ and /bla/blubb is a bindmount to /local/y the content is moved 1152896141 M * doener well, try to create a hardlink instead of moving, if that works, the move should also be fast 1152896180 M * derjohn iostat tells me 20 Meg read and 20 meg write on the disk since minutes ... 1152896191 M * derjohn (moving 200 GB webhost data .....) 1152896194 M * doener otherwise you should try to do the same with a vanilla kernel. if it works with vanilla complain to bertl, otherwise complain to lkml ;) 1152896238 M * derjohn doener, oh, i simply complain to Bertl :) usually he knows here the fiend is ! 1152896364 M * doener fails on vanilla as well... I'll try to find out why 1152896411 M * derjohn doener, reproducable? fine ... 1152896430 M * derjohn I'll fetch a pizza while the content copies :) 1152896440 M * doener hm, pizza... 1152896572 M * daniel_hozac looks like it's intentional. 1152896582 M * daniel_hozac if (old_nd.mnt != nd.mnt) 1152896605 M * daniel_hozac (sys_linkat) 1152896937 M * derjohn bummer 1152897239 M * doener same check in do_rename 1152898035 J * s0undt3c1 ~s0undt3ch@bl7-243-44.dsl.telepac.pt 1152898488 Q * s0undt3ch Ping timeout: 480 seconds 1152898492 N * s0undt3c1 s0undt3ch 1152898648 J * buna ~buna@rgb.gw.hoster03.de 1152898664 P * buna 1152899070 Q * gerrit Ping timeout: 480 seconds 1152900136 J * zob000 ~zob000@wsp05974758wss.cr.net.cable.rogers.com 1152900139 M * zob000 howdy 1152900254 M * zob000 i have the 2.6.14-vs2.0.1/0.30.209 kernel/utils combination. however vsserver-copy is trying to find a /etc/vserver/vsname.conf file. 1152900351 M * zob000 is there a way i can manually copy the guest ... which folders do i need to copy ? i am thinking /etc/vserver/ and /etc/vservers/.defaults/vdirbase. is that all ? 1152900410 M * doener what makes you think that you need to copy vdirbase? 1152900422 M * doener vdirbase is a symlink to (usually) /vservers 1152900442 M * doener and in /etc/vservers// there's a symlink "into" vdirbase 1152900458 M * doener so you'd rather need to adjust that latter symlink 1152900476 M * doener but creating a new config using vserver build -m skeleton is easiert 1152900481 M * doener s/easiert/easier/ 1152900532 M * zob000 ok ... googling it now 1152900560 M * doener linux-vserver.org/alpha+util-vserver 1152900579 M * doener and "vserver - build --help" also works :) 1152900637 M * zob000 thanks 1152900643 M * doener you're welcome 1152900948 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1152901050 M * zob000 doener, litle prob ... 1152901056 M * zob000 i did : vserver test31 build -m skeleton --hostname test31 --interface eth0:192.168.33.31/24 1152901071 M * zob000 i get :chattr: Inappropriate ioctl for device while reading flags on /etc/vservers/.defaults/vdirbase/test31 1152901071 M * zob000 s 1152901093 M * doener hm, xfs or reiserfs? i remember having seen that before.. 1152901146 M * doener daniel_hozac: do you remember what caused that? 1152901155 M * derjohn doener, 0.30.209 <-- ? 1152901158 M * zob000 reiserfs 1152901182 M * zob000 i have that same version 1152901183 M * doener derjohn: shouldn't matter... zob000: could you update to 0.30.210 anyway? 1152901200 M * zob000 do i need to upgrade kernel ? 1152901208 M * derjohn zob000, you write about "copy folders" (Mac user?) .... 1152901227 M * derjohn zob000, did oyu copy them? those maybe symlinks incorrectly "copied" 1152901233 M * zob000 i am using a debian host .. and creating little debian guests 1152901243 M * derjohn etch or sid ? 1152901246 M * doener zob000: no, you can use 0.30.210 with about any vserver kernel AFAIK 1152901248 M * zob000 sarge 1152901258 M * derjohn zob000, backports.org ? 1152901267 M * derjohn there should be everything you need. 1152901279 M * zob000 ooh .. i compiled the kernel and utils by hand ! 1152901291 M * derjohn zob000, build a deb ? 1152901294 M * zob000 yes 1152901321 M * derjohn hmm ... did you 1st try to make a local install from tarball? 1152901323 M * zob000 ummm ... not for the utils just for the kernel. 1152901348 M * derjohn zob000, IMVHO the symlinks in /etc/vservers/.default/... are wrong now. 1152901350 M * zob000 i only created the debs for the kernel. for the utils i used make install :-( 1152901354 Q * coocoon Ping timeout: 480 seconds 1152901367 M * derjohn zob000, bad luck: make install-distribution ! 1152901374 M * zob000 did that too 1152901382 M * derjohn you didnt remove the util-vserver deb 1152901387 M * derjohn ? 1152901391 M * doener make uninstall! and then get the deb ;) 1152901401 M * doener derjohn: hu? he has no .deb for the tools... 1152901401 M * derjohn or that way, yes. 1152901415 M * zob000 i dodnt have a utils deb. i just istalled from source via make install && make install-distribution 1152901429 M * derjohn doener, i assueme he installes sarger bamfartold 204 on overwrote stuff ? 1152901435 Q * mkhl Quit: 1152901449 M * derjohn hm.... I still think symlinks are incorrect ... 1152901468 M * doener derjohn: which symlinks? 1152901482 M * derjohn in vdirbase ? 1152901489 M * zob000 derjohn, how can i verify ? 1152901513 M * doener derjohn: there are no symlinks in vdirbase usually 1152901532 M * derjohn # ls -l /etc/vservers/.defaults/ |grep "\->" 1152901532 M * derjohn lrwxrwxrwx 1 root root 19 2006-05-12 14:27 cachebase -> /var/cache/vservers 1152901532 M * derjohn lrwxrwxrwx 1 root root 21 2006-05-07 11:29 run.rev -> /var/run/vservers.rev 1152901532 M * derjohn lrwxrwxrwx 1 root root 17 2006-05-07 11:29 vdirbase -> /var/lib/vservers 1152901570 M * doener that's not _in_ vdirbase ;) 1152901591 M * zob000 lrwxrwxrwx 1 root root 21 2006-03-11 03:12 run.rev -> /var/run/vservers.rev 1152901591 M * zob000 lrwxrwxrwx 1 root root 19 2006-03-11 03:12 vdirbase -> /home/vserver/hosts 1152901592 M * derjohn doener, slap me, I am 10 years older than you and my brain gets sieve-y :) 1152901598 M * zob000 i dont have cachebase 1152901619 M * derjohn usually this is created automagically 1152901632 M * derjohn with the tools install 1152901636 M * derjohn (or deb) 1152901657 M * zob000 for the version i have ? 1152901660 M * derjohn zob000, so you chaged the vdirbase ? 1152901666 M * derjohn yes, for that version, too. 1152901687 J * coocoon ~coocoon@p54A05F73.dip.t-dialin.net 1152901706 M * zob000 yes .. i passed an option to configure .. wait 1152901724 M * zob000 ./configure --prefix=${VSERVER_INSTALL} --with-vrootdir=${VSERVER_HOSTS} 1152901762 M * zob000 vserver_INSTALL i s empty for now. 1152901765 M * derjohn http://linux-vserver.org/some_hints_from_john -> checkout "On Debian Sarge (stable) only util-vserver is 0.30-204 available" 1152901905 M * derjohn doener, as Bertl_oO is still noch at service ... would you minf to crosscheck my slides for tomorrow (still not 100$ finished but) ? 1152901956 M * zob000 derjohn, there is nothing different than what i did there ! 1152901970 M * zob000 i should add significantly ! 1152901980 Q * ebiederm Quit: Leaving 1152901984 M * derjohn zob000, at least --prefix is not empty 1152901995 M * zob000 ooh .. --enable-release not sure about this one 1152902004 M * derjohn but I would say: get a 210 from the tarball ... 1152902019 M * zob000 same options ? 1152902020 M * derjohn should work with you kernel patch , too 1152902039 M * zob000 is there an uninstall from the make ? 1152902054 M * derjohn zob000, check Makefile. I dont know. 1152902090 Q * lilalinux Quit: Leaving 1152902151 J * lilalinux ~plasma@80.69.35.186 1152902682 M * zob000 derjohn, too hard to get a hold of t0.30.210 at http://www.13thfloor.at/vserver/s_rel26/ does it exist ? 1152902714 M * derjohn zob000, apt-get src util-vserver on a sid host 1152902746 M * derjohn or even make /etc/apt/sources.list -> change the deb-src line to sid (only src !) 1152902768 M * derjohn doener, still there ? 1152902781 Q * Term_ Quit: (-(PS)-) [v5.0.r02] http://www.kalendas.net 1152902890 M * doener on the phone 1152902899 M * derjohn stoehner ;) 1152903138 M * derjohn daniel_hozac, is vserver util and kernel provided with fedora? 1152903151 M * derjohn or still "external" 1152903155 M * daniel_hozac with Fedora? no. 1152903166 M * derjohn it not in their repo 1152903166 M * daniel_hozac Enrico has util-vserver packages in Extras though. 1152903181 M * derjohn which extras? on savannah? 1152903192 M * daniel_hozac no, Fedora Extras. 1152903207 M * derjohn and a patched kernel? 1152903208 M * daniel_hozac replacement kernels are disallowed. 1152903223 M * derjohn modporbe vserver *lol* 1152903226 M * daniel_hozac so it's just my repo for now. 1152903239 M * doener zob000: http://www.13thfloor.at/~encs/files/ and then some more paths down 1152903249 M * derjohn ok - i just ask if anyone ask me tomorrow on the presentation 1152903255 M * doener there are all util-vserver releases 1152903276 M * doener derjohn: where are your slides? 1152903286 M * daniel_hozac 0.30.210 still has chattr. 1152903296 M * daniel_hozac i've got a patch replacing it. 1152903298 M * derjohn doener, well pretty soon on your mailbox :) 1152903303 M * daniel_hozac but it's not an important error. 1152903313 M * derjohn doener, OOo ok ? 1152903331 M * doener pdf please 1152903425 M * derjohn ok. but i think i didnt write too much rubbish, just a second pair or eyes for the technical termini ... ;) 1152903443 J * shedi ~siggi@dsl-220-183.hive.is 1152904098 M * zob000 doener, tow ... moving to 0.30.210 is proving to be a headache. do you have any idea why i am getting this stupid error ? 1152904176 M * doener zob000: is /vservers on a separate partition? 1152904234 M * derjohn zob000, headache? i can build you a .deb on sarge if you like ... doesnt backports habe one? 1152904245 M * zob000 they are all on the same partition 1152904285 M * zob000 derjohn, its not released right ? 1152904320 M * derjohn zob000, i dont use backports but people here reported that they have freshest "stuff" 1152904368 M * doener you need the "attrs" mount option for reiserfs to make that work... mount -o remount,attrs might work, adding attrs to /etc/fstab should work (after a reboot) 1152904374 M * derjohn ah, and it's not quite easy do do a i-drop-newest-src in the ded-dec and type dpkg-buildpackge thing AFAIR. 1152904386 M * doener http://irc.13thfloor.at/LOG/2006-06/LOG_2006-06-18.txt -- search for "inappropriate" there 1152904387 M * derjohn omg what typo 1152904389 M * derjohn I mean: 1152904441 M * derjohn the util-vserver deb is quite "fragile". you cannot simply drop in a .210 src in the .209 src dir. 1152904522 M * zob000 i usually build then on separate places. btw is 0.30.210 a bug fix or what ? from glance at the diffs it looks involved 1152904573 M * derjohn zob000, it even worse, there are several patches e.g. daniel_hozac created which are (maybe?) in Debian, but on on ensc's savannah site ... 1152904607 M * derjohn (Did I mention I use simply sid's package? Since micah maintains them they are 100% in shape) 1152904718 M * micah zob000: why dont you use the backport from backports.org? 1152904728 M * derjohn zob000, my deb for the kernel (for sid) are here: http://linux-vserver.derjohn.de/ you can still grab the src from there and rebuild on sarge. 1152904748 M * derjohn micah, do you maintain the backport, too ? 1152904749 M * zob000 ok ... lemme try to get this going again. 1152904785 M * zob000 althos after reinstallin 209 i get this error ... 1152904794 M * zob000 + shift 2 1152904794 M * zob000 + exec /lib/util-vserver/vserver-build -n test31 -m skeleton --hostname test31 --interface eth0:192.168.33.31/24 1152904794 M * zob000 /etc/vservers/.defaults/vdirbase/test31/dev 1152904794 M * zob000 /lib/util-vserver/vserver-build: line 206: -n: command not found 1152904824 M * micah derjohn: yes 1152904852 M * derjohn hmm --hostname=test31 and --interface=eth0:192.168.33.31/24 ? or doenst that make a differnece? 1152905266 M * derjohn zob000, tried it? 1152905479 N * Bertl_oO Bertl 1152905482 M * Bertl evening folks! 1152905490 M * Bertl derjohn: I'm on it ... 1152905600 M * daniel_hozac zob000: that's fixed in 0.30.210. 1152905625 M * derjohn Bertl, sry: doner, too 1152905638 M * derjohn so wait some minutes and you get an rc2 :) 1152905785 M * Bertl derjohn: btw, what is .sxi? 1152905805 M * derjohn OOo 1152905810 M * derjohn Openoffice.org ;) 1152905813 M * Bertl I mean mutt identifies it as application/vnd.sun.xml.impress 1152905831 M * derjohn cool mud ;() *lol* 1152905875 M * daniel_hozac .sxi is the staroffice extension, so mutt's correct. 1152905889 M * Bertl derjohn: well, I hate to tell you *G* but, that's how _your_ mailer tagged it: Content-Type: application/vnd.sun.xml.impress; 1152905925 M * derjohn ah, yes, OOo's "powerpoint" is called "impress". 1152905947 M * Bertl derjohn: now my real question, why not LaTeX? :) 1152905947 M * derjohn It's made to impress people, cool, heh ? 1152905986 M * derjohn Bertl, simple answer: never learnrd it. Ah, and yes: Sometimes I use animations 1152905987 M * Bertl anyway, the pdf version is fine for me, I guess 1152906017 M * daniel_hozac ooo, animations are fun. 1152906099 M * derjohn Bertl, it ot right that XID tagging is not an security aspect? It's _only_ for the quota/limit support? 1152906115 M * daniel_hozac it has security benefits as well. 1152906127 M * daniel_hozac guests only see files belonging to themselves or the host. 1152906142 M * doener daniel_hozac: really? when was that added? 1152906174 M * daniel_hozac i guess "see" is incorrect, but all attempts to access them fail. 1152906194 M * derjohn doener, i should have bet with you :) 1152906207 M * daniel_hozac has been that way forever, AFAIK. 1152906243 M * doener hm, interesting... 1152906259 M * doener oh well, the access limitation, yeah, of that I'm aware 1152906348 P * stefani I'm Parting (the water) 1152906364 M * Bertl the problem with 'hiding' is that it causes all kind of issues (like for example the link count being wrong) 1152906365 M * daniel_hozac doener: so what part were you unaware of? :) 1152906379 M * doener daniel_hozac: the "hiding" (which doesn't exist) 1152906413 M * Bertl derjohn: okay, till when do you need feedback? 1152906451 M * doener but if you break out of the chroot, the host's file are probably more interesting anyway ;) 1152906500 M * derjohn well, i will leave for soem hours now and will return somewhen l8ter (maybe drunk). So tomorrow morning is sufficient. 1152906525 M * daniel_hozac doener: can you break out of the chroot? :) 1152906548 M * doener daniel_hozac: no, but will I have foreign files in my chroot? 1152906550 M * Bertl okay, good, will try to provide something, no guarantees though, not sure I will be able to reach the internet tonight ... 1152906550 M * daniel_hozac doener: btw, did you see the exploit for the prctl thing? 1152906556 M * derjohn daniel_hozac, you should bet with Bertl , he won the security hacking contests ;) 1152906572 M * doener daniel_hozac: no, but it's effects on debian ;) 1152906574 M * derjohn daniel_hozac, did you apply it in a guestm, too ? 1152906577 M * doener s/it's/its/ 1152906602 M * daniel_hozac doener: http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c 1152906621 M * Bertl k, back later ... hopefully, cya! 1152906626 N * Bertl Bertl_oO 1152906636 M * daniel_hozac derjohn: no, i don't have any non-production host with a sufficiently old kernel. i understand how it works though. 1152906723 M * derjohn sufficiently old kernel ? 2.6.17.3 is vulnerable ;) 1152906729 M * daniel_hozac derjohn: right :) 1152906733 M * derjohn *lol* 1152906801 M * doener daniel_hozac: hm, does the payload end up at the top of the coredump? 1152906808 A * doener has no idea about coredumps 1152906810 M * daniel_hozac derjohn: so what happened? you got root on the guest? 1152906838 M * daniel_hozac doener: i have no idea. i guess cron isn't very picky about garbage in the configuration files. 1152906846 M * derjohn i didnt try yet ;) only on a host . i did get euid "0" but my username was still derjohn 1152906908 M * daniel_hozac yes, making a binary setuid only gets you half way there. 1152907075 J * mire ~mire@156-166-222-85.COOL.ADSL.VLine.Verat.NET 1152907119 M * derjohn daniel_hozac, with euid 0 I can do everything, nor? 1152907126 M * derjohn doener, thx! 1152907132 M * derjohn Bertl_oO, mail out. 1152907134 M * daniel_hozac pretty much. 1152907141 A * derjohn out now, too :) 1152907639 Q * gerrit Ping timeout: 480 seconds 1152907815 Q * lilalinux Remote host closed the connection 1152907933 J * _are_ ~are@62.112.159.81 1152907939 M * _are_ Hi 1152908065 Q * meandtheshell Quit: bye bye ... 1152908366 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1152908729 J * DreamerC_ ~dreamerc@59-112-0-189.dynamic.hinet.net 1152908849 Q * DreamerC Read error: Connection reset by peer 1152909121 J * Smutje_ ~Smutje@xdsl-87-78-3-125.netcologne.de 1152909229 Q * Smutje Ping timeout: 480 seconds 1152909229 N * Smutje_ Smutje 1152910365 Q * _are_ Read error: No route to host 1152911157 Q * dna Quit: Verlassend 1152911254 Q * gerrit Ping timeout: 480 seconds 1152911949 M * waldi yeah, next root exploit ... 1152912005 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1152912295 Q * mire Quit: Leaving 1152912300 J * matti_ matti@linux.gentoo.pl 1152912375 Q * Nam Ping timeout: 480 seconds 1152912479 Q * matti Ping timeout: 480 seconds 1152912604 Q * zob000 Ping timeout: 480 seconds 1152912636 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1152912904 Q * shedi Ping timeout: 480 seconds 1152912915 J * shedi ~siggi@inferno.lhi.is 1152913383 Q * duckx Quit: Client exiting 1152913426 J * bonbons ~bonbons@83.222.39.166 1152913537 J * duckx ~Duck@tox.dyndns.org 1152914171 M * doener waldi: hm? you mean the pctrl one, or yet another one? 1152914240 M * waldi another one 1152914252 M * waldi it is not yet clear when and why it happens 1152914271 M * waldi http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html 1152914309 Q * gerrit Ping timeout: 480 seconds 1152915240 Q * bonbons Quit: Leaving 1152915778 M * waldi and I think at least the race condition is real 1152915824 M * waldi and the problem that linux don't assums a missing setattr handler as error but handles the change without further checks 1152916570 J * matti matti@linux.gentoo.pl 1152916733 Q * matti_ Ping timeout: 480 seconds 1152916808 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1152916820 J * bonsaikitten_ ~pal@dslb-084-063-021-063.pools.arcor-ip.net 1152917254 Q * bonsaikitten Ping timeout: 480 seconds 1152917616 J * Nam ~nam@70.71.224.66 1152917710 Q * lilo2 Server closed connection