1413849601 Q * fisted_ Remote host closed the connection 1413849653 J * fisted_ ~fisted@xdsl-87-78-232-195.netcologne.de 1413849960 Q * fisted Ping timeout: 480 seconds 1413849960 N * fisted_ fisted 1413850561 Q * zerick Ping timeout: 480 seconds 1413851263 M * gnarface hey Bertl, i'm getting a lot of these messages in my dmesg output lately, though I so far haven't noticed anything crashing or breaking because of it, the machine also isn't really under load: http://paste.debian.net/127841/ 1413851299 M * gnarface Bertl: any ideas what might be causing that and whether its fixable by just omitting some module or another that i don't need? 1413851577 M * undefined gnarface: are you seeing these same slowpath traces on 3.14.17 (without vserver patch)? 1413851806 M * undefined nothing in that trace looks vserver-related (but instead hardware, like interrrupts and power management units) 1413852313 M * gnarface undefined: havn't tried that kernel version without the patch, sorry 1413852366 M * gnarface undefined: does it look fatal? 1413852393 M * gnarface undefined: the system seems fine, i can't see if anything has actually failed due to this complaint 1413852964 M * undefined it's non-fatal 1413852971 M * gnarface i wonder if it could have anything to do with the k10temp module which i had to force load now? 1413853126 M * gnarface i was getting "unreliable CPU thermal sensor; monitoring disabled" but discovered that if i add the module option force=1 then it appeared to load and work correctly (gives a temperature reading to the sensors binary at least) 1413853299 M * undefined have you tried running the kernel without forcing the k10temp module and seeing if you still get the slowpath trace? 1413853355 M * gnarface nope, but if you think its a plausible candidate i will 1413853369 M * gnarface er, plausible culprit i mean 1413853621 M * Bertl off to bed now ... have a good one everyone! 1413853629 N * Bertl Bertl_zZ 1413860985 J * fisted_ ~fisted@xdsl-87-78-232-195.netcologne.de 1413861436 Q * fisted Ping timeout: 480 seconds 1413861437 N * fisted_ fisted 1413867212 Q * derjohn_mob Ping timeout: 480 seconds 1413870024 J * derjohn_mob ~aj@88.128.80.8 1413870024 J * Ghislain ~aqueos@adsl1.aqueos.com 1413872439 J * vasko ~vasko@unreal.rainside.sk 1413873496 Q * derjohn_mob Ping timeout: 480 seconds 1413875574 N * Bertl_zZ Bertl 1413875576 M * Bertl morning folks! 1413876038 J * derjohn_mob ~aj@firewall01.talentformation.kunden.net-lab.net 1413878379 J * jrayhawk_ ~jrayhawk@nursie.omgwallhack.org 1413878398 J * ensc_ ~irc-ensc@p54ADF269.dip0.t-ipconnect.de 1413878408 J * l0kit_ ~1oxT@ARennes-653-1-166-175.w92-135.abo.wanadoo.fr 1413878411 Q * ensc graviton.oftc.net oxygen.oftc.net 1413878411 Q * jrayhawk graviton.oftc.net oxygen.oftc.net 1413878411 Q * AbyssOne_ graviton.oftc.net oxygen.oftc.net 1413878411 Q * l0kit graviton.oftc.net oxygen.oftc.net 1413878753 J * AbyssOne_ ~jelle3@62.27.85.48 1413880021 J * fleischergesell ~fleischer@p4FDEFE8B.dip0.t-ipconnect.de 1413880101 M * fleischergesell How unsafe is it to "vserver name enter" a guest from the host and then "su -s /bin/bash unpriviliged-user" in the guest? 1413880253 M * fleischergesell Is TtyPushbackPrivilegeEscalation still a major issue for current vserver patches? 1413880492 M * Bertl vserver enter is always a security risk, simply do not do it in a potentially hostile environment 1413880565 M * fleischergesell I think this should be mentioned under http://linux-vserver.org/util-vserver:Useful_commands then 1413880592 M * fleischergesell Isnt there a sane way to enter a guest without ssh? 1413880871 M * Bertl telnet? 1413880922 M * fleischergesell Well, that also required me to run a daemon inside the guest 1413881017 M * fleischergesell I'd like to have some command that I can issue as root on the host that allows me to securely enter a guest that has the most minimal installation (e.g., no ssh, telnet or the likes running) 1413881097 M * Bertl that is not known to me, but you might start working on that 1413881122 M * fleischergesell Well, I certainly dont have the skills, unfortunately :( 1413881152 M * fleischergesell Is it even possible? 1413881171 M * Bertl as it works with ssh, yes, I think so 1413881193 M * Bertl it would require starting a guest process, which communicates with a similar host process in a secure way 1413881242 M * fleischergesell Can u give an estimate on how long this would take a skilled hacker to implement? 1413881679 M * fleischergesell Given only I have control over the root user in the guesst - is the security risk of doing "vserver name enter" still relevant? 1413881751 J * BenG ~BenG@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net 1413883099 M * Ghislain well why not use what exist and just use an sshd on a local internal ip like 10.x.x.x that is common to the servers ? 1413883143 M * Ghislain you add a 10.x.x.x address to the guest and one to the host then use sshd to enter the guest 1413883182 M * Ghislain with a ssh key on the host you can automate this so you have no password to enter like for the vserver xxx enter command 1413884125 M * Bertl fleischergesell: if you are in control over the guest, the only security risk is the one you create yourself 1413884161 M * fleischergesell I'm not in full control over the guest, just over all root processes inside that guest - there might be other unpriviliged users in that guest that I have no (direct) control over 1413884163 M * Bertl regarding estimate, depends on the specification I guess 1413884204 M * Bertl so as long as you do not allow those processes to affect the root processes, you should be fine 1413884233 M * fleischergesell ok 1413884279 M * fleischergesell Thank you 1413884319 M * fleischergesell Ghislain: Well, that would've been the last resort, although I dont really want to run sshd inside any guest I need to enter for maintenance tasks 1413885455 M * Ghislain i can understand that ^^ 1413885766 Q * derjohn_mob Ping timeout: 480 seconds 1413886597 J * ensc ~irc-ensc@p54ADD778.dip0.t-ipconnect.de 1413887002 Q * ensc_ Ping timeout: 480 seconds 1413887177 J * derjohn_mob ~aj@tmo-108-227.customers.d1-online.com 1413889756 Q * derjohn_mob Read error: No route to host 1413891313 J * derjohn_mob ~aj@firewall01.talentformation.kunden.net-lab.net 1413891905 Q * Aiken Remote host closed the connection 1413892056 M * BenG hi all 1413892071 M * BenG I'm getting this as the first output after starting a guest: 1413892074 M * BenG cat: write error: Invalid argument 1413892081 M * BenG any idea what that's about? 1413892090 M * BenG guests start fine 1413892095 M * BenG or appear to 1413892216 M * Bertl probably something is trying to write somewhere where it is not allowed 1413892232 M * Bertl check with --debug if it happens outside or inside the guest 1413892321 M * Bertl off for now ... bbl 1413892340 N * Bertl Bertl_oO 1413892801 Q * fisted Remote host closed the connection 1413892818 J * fisted ~fisted@xdsl-81-173-191-87.netcologne.de 1413901571 Q * fleischergesell Ping timeout: 480 seconds 1413905146 Q * mcp Remote host closed the connection 1413905399 J * fleischergesell ~fleischer@p4FDEFE8B.dip0.t-ipconnect.de 1413906570 J * mcp ~mcp@wolk-project.de 1413907333 J * bonbons ~bonbons@2001:a18:200:1901:8552:16f6:dc90:50f8 1413908571 Q * derjohn_mob Ping timeout: 480 seconds 1413910894 J * derjohn_mob ~aj@88.128.80.35 1413911708 Q * BenG Quit: I Leave 1413912306 J * zerick ~eocrospom@190.187.21.53 1413912346 J * BenG ~BenG@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net 1413912908 Q * zerick Ping timeout: 480 seconds 1413914029 Q * BenG Quit: I Leave 1413914402 Q * derjohn_mob Ping timeout: 480 seconds 1413917297 Q * redhat Read error: Connection reset by peer 1413917307 Q * BWare Read error: Connection reset by peer 1413917320 J * redhat ~quassel@31.25.99.5 1413917570 Q * redhat Read error: Connection reset by peer 1413917588 J * BWare ~itsme@31.25.99.5 1413917831 Q * BWare Read error: Connection reset by peer 1413917847 J * BWare ~itsme@31.25.99.5 1413917917 J * redhat ~quassel@31.25.99.5 1413918438 Q * BWare Read error: Connection reset by peer 1413918441 J * BWare ~itsme@31.25.99.5 1413918488 J * webhat ~quassel@31.25.99.5 1413918552 Q * redhat Ping timeout: 480 seconds 1413919645 J * Aiken ~Aiken@d63f.h.jbmb.net 1413922950 Q * Wermwud Quit: Leaving (Please imagine me slamming the door on my way out) 1413924545 Q * Ghislain Quit: Leaving. 1413924595 Q * bonbons Quit: Leaving 1413925016 P * fleischergesell 1413926558 J * derjohn_mob ~aj@tmo-111-111.customers.d1-online.com 1413929184 J * zerick ~eocrospom@190.187.21.53 1413931134 Q * fisted Read error: Connection reset by peer 1413931885 J * fisted ~fisted@xdsl-81-173-191-87.netcologne.de