Re: [SSI-users] trying to build OpenSSI [with 2.6.14 kernel] from source

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

W00t!

There are a heck of a lot of local privilege escalation exploits for
Linux.  Maybe hundreds.  Most of them were introduced in later kernels
or require obscure devices to be loaded.  So far, I've only bitten on
the highest profile ones.

I couldn't find any neatly organized list of Linux exploits anywhere.
redhat.com directs every attempt to find exploits to whitepapers about
how great security in RedHat is.  Debian was the best, but it still
took going through their list, then on to CVEs, to Linux changelongs,
to github linux-mirror blame logs, to the actual commit behind that
codechange, then sticking '.diff' on the end of that URL and feeding
it to wget in order to get the patches to fix these things.  At least
in most cases.  Newer exploits reference the git commit hash as part
of the kernel.org's gitweb.

A surprising number of patches applied cleanly.

Vulnerability scanners for Linux look like a project.  I couldn't
actually get Nessus to go and it looks like it mostly or entirely is
interested in scanning the network, not the local machine.  This makes
sense.  Any tips about a repository for exploits would be appreciated
but I'm really not expecting anything I need to ever be in one neat
little pile.

I took the low road for now of building from the source package as
delivered by apt rather than checking out from CVS.  Perhaps I'll try
to get that running later.

I hate grub with a profound, eternal hatred.  I've yet to actually
successfully use it.  Despite finding dozens of problems (problems
that exist for no other bootloader), it plunges on forth and ruins
everything, aborting half way through.  It can't read the second stage
bootblock... but hexdump can.  The parens aren't balanced in the
config file... yes they are.  This is not specific to grub under
OpenSSI.  Thank bloody $diety that extlinux/syslinux actually does
seem to work with OpenSSI.

It took me a little bit to find ssi-ksync-network and regenerate
/tfpboot.  The new kernel booted without problems... but so did the
old one.  Heh.

I need to wade through these CVEs some more.  I think I still have
work to do in that department.

Alright, pardon my verb(i?)age.  I just had to share.

Thanks,
-scott

On 7/5/10, John Hughes <jo...@ca...> wrote:
> Scott Walters wrote:
>> Hi all,
>>
>> I spent some time tracking down security fixes to the Linux kernel and
>> patching 2.6.14-ssi.
>>
>> Trying to build the linux-source-2.6.14-ssi.tar.bz2 kernel from
>> `apt-get install linux-source-2.6.14-ssi`, I get:
>>
>>   CC      init/main.o
>> In file included from include/asm/mpspec.h:5,
>>                  from include/asm/smp.h:18,
>>                  from include/linux/smp.h:19,
>>                  from include/linux/sched.h:26,
>>                  from include/linux/module.h:10,
>>                  from init/main.c:16:
>> include/asm/mpspec_def.h:78: warning: 'packed' attribute ignored for
>> field of type 'unsigned char[6]'
>> In file included from include/linux/blkdev.h:10,
>>                  from include/linux/ide.h:14,
>>                  from include/cluster/synch.h:35,
>>                  from include/linux/vproc.h:16,
>>                  from init/main.c:76:
>> include/linux/pagemap.h: In function 'fault_in_pages_readable':
>> include/linux/pagemap.h:236: warning: passing argument 1 of
>> 'ssi_rcopy_from_user' discards qualifiers from pointer target type
>> include/linux/pagemap.h:236: error: assignment of read-only variable
>> '__gux_val'
>> include/linux/pagemap.h:242: warning: passing argument 1 of
>> 'ssi_rcopy_from_user' discards qualifiers from pointer target type
>> include/linux/pagemap.h:242: error: assignment of read-only variable
>> '__gux_val'
>> make[1]: *** [init/main.o] Error 1
>> make: *** [init] Error 2
>>
>> I get this same fatal in the patched and unpatched source trees.
>>
>> Is this a toolchain problem?  Are there known-good versions of things
>> I should be using to build this?  Is building from source particularly
>> tricky?
>>
>>
> Yes, yes and yes.
>
> You need gcc-3.3 or gcc-3.4
>
>> Also:
>>
>> Trying to check out CI from `cvs
>> -d:pserver:ano...@cv...:/cvsroot/ci-linux login`, the
>> (empty) password is rejected:
>>
>> scott@debian:~/ssi$ cvs
>> -d:pserver:ano...@cv...:/cvsroot/ci-linux login
>> Logging in to :pserver:ano...@cv...:2401/cvsroot/ci-linux
>> CVS password:
>> cvs login: authorization failed: server cvs.openssi.org rejected
>> access to /cvsroot/ci-linux for user anonymous
>> scott@debian:~/ssi$
>>
> Using the command shown on the http://ci-linux.sourceforge.net/ page
> works for me:
>
> cvs -d:pserver:ano...@ci...:/cvsroot/ci-linux
> login
>
> (Sourceforge's CVS configuration is a never ending mystery.  There are
> innumerable commands that look like they might work, but you have to
> give exactly the right one).
>
>