From: peter g. <plu...@p1...> - 2004-02-19 11:46:26
|
colinux:~/colinux-20040214/linux# make vmlinux gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o scripts/split-include scripts/split-include.c scripts/split-include include/linux/autoconf.h include/config gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - c -o init/main.o init/main.c In file included from /root/colinux-20040214/linux/include/asm/io.h:5, from /root/colinux-20040214/linux/include/linux/blkdev.h:11, from /root/colinux-20040214/linux/include/linux/blk.h:4, from init/main.c:25: /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly punctuated parameter list in `#define' make: *** [init/main.o] Error 1 colinux:~/colinux-20040214/linux# any ideas what causes this? -----Original Message----- From: col...@li... [mailto:col...@li...]On Behalf Of Richard Goodwin Sent: 19 February 2004 01:13 To: peter green; col...@li... Subject: Re: [coLinux-devel] my comments on colinux It's pretty easy to recompile a kernel with smbfs from inside coLinux :-) ----- Original Message ----- From: "peter green" <plu...@p1...> To: <col...@li...> Sent: Wednesday, February 18, 2004 6:51 PM Subject: [coLinux-devel] my comments on colinux > ok i tired out colinux and was pretty impressed with it > > i do think you should include smbfs in the standard build though as it is > the easiest way to get at files on the host box > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > coLinux-devel mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-devel > > ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ coLinux-devel mailing list coL...@li... https://lists.sourceforge.net/lists/listinfo/colinux-devel --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 |
From: peter g. <plu...@p1...> - 2004-02-19 14:08:05
|
RE: [coLinux-devel] my comments on colinuxwhen i used 2.4.24 it built fine what are the security implications of colinux? can it be trusted to jail users within a colinux system from each other or are there ways for an app inside to make direct windows system calls and break out i know that 2.4.24 has a known local root hole and would like to know if is worth trying to find a backport of the security fix or if colinux has no security in the first place --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 |
From: Nir P. <ni...@em...> - 2004-02-19 14:21:04
|
Hi, Not sure about the security - colinux uses the daemon to access windows indirectly... You should be aware that in general projects under development lack the security "stable" projects have. I wouldn't recommend you to use colinux if you require HIGH level of security. Note - the host windows OS isn't that secure anyone. Btw, if you want that security fix on 2.4.24 kernel, you can get kernel sources from slackware - they've patched the 2.4.24 with it. I think other distros did that too. Nir -----Original Message----- From: peter green [mailto:plu...@p1...] Sent: Thursday, February 19, 2004 16:02 To: col...@li... Subject: RE: [coLinux-devel] my comments on colinux when i used 2.4.24 it built fine what are the security implications of colinux? can it be trusted to jail users within a colinux system from each other or are there ways for an app inside to make direct windows system calls and break out i know that 2.4.24 has a known local root hole and would like to know if is worth trying to find a backport of the security fix or if colinux has no security in the first place |
From: Robert S. <rj...@ze...> - 2004-02-19 15:03:32
|
I asked about security before and got no response (other than a suggestion to use bochs) As far as I have been able to work out the arhictecture of colinux is like this (please someone correct me if this is wrong):- The colinux kernel runs in ring 0 (highest permission) on the CPU with full control over the virtual memory system To load the kernel colinux-daemon.exe (which is a user process) loads a windows kernel driver (linux.sys). This driver runs in ring0 (as it is part of the windows kernel) and reserves physical memory for the colinux kernel to use. The linux kernel has been patched so that it only maps its virtual memory onto the physical memory that has been reserved from windows. The linux and windows kernels cooperatively multitask. Messages are passed between the linux kernel and linux.sys to implement the console, cobd and conet For the colinux block device, linux.sys reads the file from kernel space For conet, IPC is used to communicate with a user-space thread that makes calls to the TAP driver. (This is one reason why networking will be slow) Security implications ===================== Any exploits that can be used in linux to gain root will still work Root from linux does not have access to the physical RAM that windows is using unless * extra code is loaded into the kernel (e.g. kernel recompile or module loaded) which manipulates the page tables and maps the rest of the physical memory * requests are made to linux.sys which causes it to access memory Root in linux cannot make system calls to windows unless it can get linux.sys to make them. The file that backs the block device is read by the windows kernel (probably as the SYSTEM user). This should not be a risk as you need to be an Administrator to run colinux anyway. In summary I agree that colinux is potentially dangerous. A priviledged user on either OS, could insert code into the kernel, which allowed the page tables to be manipulated, which futher allowed the other OS to be compromised by reading and/or writing its kernel memory. I don't think this situation will ever change ... --- Rob Stonehouse On Thu, 19 Feb 2004, Nir Perry wrote: > Hi, > > Not sure about the security - colinux uses the daemon to access windows > indirectly... > You should be aware that in general projects under development lack the > security "stable" projects have. > > I wouldn't recommend you to use colinux if you require HIGH level of > security. Note - the host windows OS isn't that secure anyone. > > Btw, if you want that security fix on 2.4.24 kernel, you can get kernel > sources from slackware - they've patched the 2.4.24 with it. I think other > distros did that too. > > Nir > > -----Original Message----- > From: peter green [mailto:plu...@p1...] > Sent: Thursday, February 19, 2004 16:02 > To: col...@li... > Subject: RE: [coLinux-devel] my comments on colinux > > > when i used 2.4.24 it built fine > > what are the security implications of colinux? > can it be trusted to jail users within a colinux system from each other or > are there ways for an app inside to make direct windows system calls and > break out > > i know that 2.4.24 has a known local root hole and would like to know if is > worth trying to find a backport of the security fix or if colinux has no > security in the first place |
From: peter g. <plu...@p1...> - 2004-02-19 18:57:07
|
i have not been useing distro sources it's been vanilla all the way :) is there any easy way to rind all .rej files in a current dir and it's subdirs on linux ls -r *.rej seems not to work -----Original Message----- From: col...@li... [mailto:col...@li...]On Behalf Of Robert Stonehouse Sent: 19 February 2004 18:42 To: Alejandro R. Sedeno Cc: peter green; col...@li... Subject: RE: [coLinux-devel] my comments on colinux Why not use the cobuild.sh script from the colinux source package? This will download a clean source of all the required components including a clean 2.4.24 source. Remember that other distributions often have custom patched kernels and this may be why you are having problems On Thu, 19 Feb 2004, Alejandro R. Sedeno wrote: > I saw this error when I was using Debian's 2.4.24 kernel source package. > The patch fails to add a line to linux/arch/i386/config.in, if I > remember correctly. It should have left you a config.in.rej. Check it > out, finish applying the patch by hand, and see if it works then. --- Rob Stonehouse ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ coLinux-devel mailing list coL...@li... https://lists.sourceforge.net/lists/listinfo/colinux-devel --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004 |
From: Tim L. <ti...@ke...> - 2004-02-19 19:03:55
|
On Thu, Feb 19, 2004 at 06:50:59PM -0000, peter green wrote: > i have not been useing distro sources it's been vanilla all the way :) > is there any easy way to rind all .rej files in a current dir and it's > subdirs on linux ls -r *.rej seems not to work Try: find ./ -name "*.rej" You can substitute a directory other than the current "./" if you wish. --Tim Larson |
From: Pat E. <pat...@ma...> - 2004-02-19 11:54:01
|
On Thu, 19 Feb 2004 11:40:41 -0000 "peter green" <plu...@p1...> wrote: > colinux:~/colinux-20040214/linux# make vmlinux > gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o > scripts/split-include scripts/split-include.c > scripts/split-include include/linux/autoconf.h include/config > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > c -o init/main.o init/main.c > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > from > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > from /root/colinux-20040214/linux/include/linux/blk.h:4, > from init/main.c:25: > /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly > punctuated parameter list in `#define' > make: *** [init/main.o] Error 1 > colinux:~/colinux-20040214/linux# > > any ideas what causes this? > looks like stale kernel objects. try: cd /path/to/linux-2.4.24 cp .config .. make mrproper cp ../.config . make dep make clean make vmlinux Pat |
From: peter g. <plu...@p1...> - 2004-02-19 12:14:04
|
trying this i got errors about nothing to do for dep so i wen't back into make menuconfig after comeing out of that i did make clean make dep make vmlinux do you think useing kernel 2.4.25 is a likely source of theese problems? -----Original Message----- From: col...@li... [mailto:col...@li...]On Behalf Of Pat Erley Sent: 19 February 2004 11:49 To: col...@li... Subject: Re: [coLinux-devel] my comments on colinux On Thu, 19 Feb 2004 11:40:41 -0000 "peter green" <plu...@p1...> wrote: > colinux:~/colinux-20040214/linux# make vmlinux > gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o > scripts/split-include scripts/split-include.c > scripts/split-include include/linux/autoconf.h include/config > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > c -o init/main.o init/main.c > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > from > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > from /root/colinux-20040214/linux/include/linux/blk.h:4, > from init/main.c:25: > /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly > punctuated parameter list in `#define' > make: *** [init/main.o] Error 1 > colinux:~/colinux-20040214/linux# > > any ideas what causes this? > looks like stale kernel objects. try: cd /path/to/linux-2.4.24 cp .config .. make mrproper cp ../.config . make dep make clean make vmlinux Pat ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ coLinux-devel mailing list coL...@li... https://lists.sourceforge.net/lists/listinfo/colinux-devel --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 |
From: s0be <s0...@ma...> - 2004-02-19 12:37:45
|
On Thu, 19 Feb 2004 12:08:13 -0000 "peter green" <plu...@p1...> wrote: > trying this i got errors about nothing to do for dep > > so i wen't back into make menuconfig > after comeing out of that i did make clean make dep make vmlinux > > do you think useing kernel 2.4.25 is a likely source of theese problems? well, depends. since the patch for 2.4.24 won't apply cleanly to 2.4.25, quite possibly. OTOH, you could have fixed that on your own. I dunno. Pat Erley |
From: Robert S. <rj...@ze...> - 2004-02-19 12:15:42
|
On Thu, 19 Feb 2004, peter green wrote: > colinux:~/colinux-20040214/linux# make vmlinux > gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o > scripts/split-include scripts/split-include.c > scripts/split-include include/linux/autoconf.h include/config > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > c -o init/main.o init/main.c > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > from > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > from /root/colinux-20040214/linux/include/linux/blk.h:4, > from init/main.c:25: > /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly > punctuated parameter list in `#define' > make: *** [init/main.o] Error 1 > colinux:~/colinux-20040214/linux# > > any ideas what causes this? Try using GCC version 3.x rather than 2.x You can override the default compiler from your path with something like make vmlinux CC=/some/path/bin/gcc_3_3_2 -- Rob Stonehouse |
From: peter g. <plu...@p1...> - 2004-02-19 13:03:09
|
well i did a dist-upgrade to sarge to get gcc 3.x i now get a different error in the same line colinux:~/colinux-20040214/linux# make vmlinux gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - c -o init/main.o init/main.c In file included from /root/colinux-20040214/linux/include/asm/io.h:5, from /root/colinux-20040214/linux/include/linux/blkdev.h:11, from /root/colinux-20040214/linux/include/linux/blk.h:4, from init/main.c:25: /root/colinux-20040214/linux/include/linux/cooperative.h:233:21: missing ')' in macro parameter list make: *** [init/main.o] Error 1 colinux:~/colinux-20040214/linux# here is the line in question #define co_debug(...args) do {} while(0) -----Original Message----- From: Robert Stonehouse [mailto:rj...@ze...] Sent: 19 February 2004 12:10 To: peter green Cc: col...@li... Subject: RE: [coLinux-devel] my comments on colinux On Thu, 19 Feb 2004, peter green wrote: > colinux:~/colinux-20040214/linux# make vmlinux > gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o > scripts/split-include scripts/split-include.c > scripts/split-include include/linux/autoconf.h include/config > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > c -o init/main.o init/main.c > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > from > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > from /root/colinux-20040214/linux/include/linux/blk.h:4, > from init/main.c:25: > /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly > punctuated parameter list in `#define' > make: *** [init/main.o] Error 1 > colinux:~/colinux-20040214/linux# > > any ideas what causes this? Try using GCC version 3.x rather than 2.x You can override the default compiler from your path with something like make vmlinux CC=/some/path/bin/gcc_3_3_2 -- Rob Stonehouse --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 |
From: Alejandro R. S. <asedeno@MIT.EDU> - 2004-02-19 18:26:57
|
I saw this error when I was using Debian's 2.4.24 kernel source package. The patch fails to add a line to linux/arch/i386/config.in, if I remember correctly. It should have left you a config.in.rej. Check it out, finish applying the patch by hand, and see if it works then. -Alejandro On Thu, 2004-02-19 at 07:57, peter green wrote: > well i did a dist-upgrade to sarge to get gcc 3.x > > i now get a different error in the same line > > colinux:~/colinux-20040214/linux# make vmlinux > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > c -o init/main.o init/main.c > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > from > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > from /root/colinux-20040214/linux/include/linux/blk.h:4, > from init/main.c:25: > /root/colinux-20040214/linux/include/linux/cooperative.h:233:21: missing ')' > in macro parameter list > make: *** [init/main.o] Error 1 > colinux:~/colinux-20040214/linux# > > here is the line in question > #define co_debug(...args) do {} while(0) > > > -----Original Message----- > From: Robert Stonehouse [mailto:rj...@ze...] > Sent: 19 February 2004 12:10 > To: peter green > Cc: col...@li... > Subject: RE: [coLinux-devel] my comments on colinux > > > On Thu, 19 Feb 2004, peter green wrote: > > > colinux:~/colinux-20040214/linux# make vmlinux > > gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o > > scripts/split-include scripts/split-include.c > > scripts/split-include include/linux/autoconf.h include/config > > > gcc -D__KERNEL__ -I/root/colinux-20040214/linux/include -Wall -Wstrict-proto > > > types -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-point > > > er -pipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=main - > > c -o init/main.o init/main.c > > In file included from /root/colinux-20040214/linux/include/asm/io.h:5, > > from > > /root/colinux-20040214/linux/include/linux/blkdev.h:11, > > from /root/colinux-20040214/linux/include/linux/blk.h:4, > > from init/main.c:25: > > /root/colinux-20040214/linux/include/linux/cooperative.h:233: badly > > punctuated parameter list in `#define' > > make: *** [init/main.o] Error 1 > > colinux:~/colinux-20040214/linux# > > > > any ideas what causes this? > > Try using GCC version 3.x rather than 2.x > You can override the default compiler from your path with something like > make vmlinux CC=/some/path/bin/gcc_3_3_2 > > -- > Rob Stonehouse > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.560 / Virus Database: 352 - Release Date: 08/01/2004 > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > coLinux-devel mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-devel > |
From: Robert S. <rj...@ze...> - 2004-02-19 18:48:13
|
Why not use the cobuild.sh script from the colinux source package? This will download a clean source of all the required components including a clean 2.4.24 source. Remember that other distributions often have custom patched kernels and this may be why you are having problems On Thu, 19 Feb 2004, Alejandro R. Sedeno wrote: > I saw this error when I was using Debian's 2.4.24 kernel source package. > The patch fails to add a line to linux/arch/i386/config.in, if I > remember correctly. It should have left you a config.in.rej. Check it > out, finish applying the patch by hand, and see if it works then. --- Rob Stonehouse |