capability as a module on fc8

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

capability as a module on fc8

jim burns
It appears that fc8's new 2.6.24 kernel update no longer allows compiling
capability as a module. (I thought we weren't going to have problems until
2.6.25.) What are the recommended configure options now? I've has problems
with syscall in the past. Thanx.


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: capability as a module on fc8

John Ogness-5
On 2008-03-08, jim burns <[hidden email]> wrote:
> It appears that fc8's new 2.6.24 kernel update no longer allows
> compiling capability as a module. (I thought we weren't going to
> have problems until 2.6.25.) What are the recommended configure
> options now?

For 2.6.24 there is no way to use the current release version of
Dazuko. I am working on basic kernel patch that will allow Dazuko to
also be built statically in the kernel.

I thought it would be pretty easy, but some parts of the code will
require large changes. For example, when the kernel is booted, there
is no file system available. This means that Dazuko needs to delay
creating /dev/dazuko. Technically this probably isn't a problem, but I
need to look at other modules to see how to do this correctly.

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

RE: capability as a module on fc8

Tikka, Sami
In reply to this post by jim burns
Dazuko syscall hooking does not currently work on FC7 and 8. We will attempt
to fix it in the near future.

What kind of problems have you had with syscalls in the past?

The only problems we are aware of are:

- synchronization/locking problems (fixed by
http://savannah.nongnu.org/patch/?6165)

- it is unsafe to rmmod dazuko when syscalls are hooked. Yes, it usually
works, but it can ooops under heavy load.

--
Sami Tikka
F-Secure Corporation
BE SURE.


> -----Original Message-----
> From: dazuko-devel-bounces+sami.tikka=[hidden email]
> [mailto:dazuko-devel-bounces+sami.tikka=[hidden email]] On
> Behalf Of jim burns
> Sent: 08 March, 2008 16:46
> To: [hidden email]
> Subject: [Dazuko-devel] capability as a module on fc8
>
> It appears that fc8's new 2.6.24 kernel update no longer allows
> compiling
> capability as a module. (I thought we weren't going to have problems
> until
> 2.6.25.) What are the recommended configure options now? I've has
> problems
> with syscall in the past. Thanx.
>
>
> _______________________________________________
> Dazuko-devel mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/dazuko-devel


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: UNS: RE: capability as a module on fc8

jim burns
On Sunday 09 March 2008 06:21:39 pm you wrote:
> What kind of problems have you had with syscalls in the past?

Kernel oops. It doesn't matter whether i pass --sct-readonly or --sct-nocheck.
A sample syslog output:


Mar  8 23:56:36 Insp6400 kernel: BUG: unable to handle kernel paging request
at virtual address c063f754
Mar  8 23:56:36 Insp6400 kernel: printing eip: f8c0bfae *pdpt =
0000000000004001 *pde = 0000000037964163 *pte = 800000000063f161
Mar  8 23:56:36 Insp6400 kernel: Oops: 0003 [#1] SMP
Mar  8 23:56:36 Insp6400 kernel: Modules linked in: dazuko(U) sunrpc
nf_conntrack_netbios_ns xt_comment nf_conntrack_ipv4 xt_state nf_conntrack
xt_tcpudp ipt_LOG iptable_filter ip_tables x_tables cpufreq_ondemand
acpi_cpufreq loop ipv6 snd_usb_audio snd_usb_lib snd_rawmidi snd_hwdep
hsfhda(U) hsfserial(U) hsfengine(P)(U) hsfosspec(U) snd_hda_intel(U)
snd_hda_codec(U) snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq b44(U)
snd_seq_device arc4 snd_pcm_oss snd_mixer_oss ecb firewire_ohci(U) snd_pcm
blkcipher ssb(U) sdhci(U) firewire_core(U) mmc_core(U) iwl3945(U) video(U)
mii(U) snd_timer ac(U) snd crc_itu_t battery(U) dcdbas(U) output(U) button(U)
iTCO_wdt(U) i2c_i801(U) soundcore i2c_core(U) iTCO_vendor_support(U)
pcspkr(U) mac80211 snd_page_alloc cfg80211 joydev(U) sr_mod sg cdrom(U)
dm_snapshot(U) dm_zero(U) dm_mirror(U) dm_mod(U) pata_acpi ata_generic
ata_piix libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd(U) ohci_hcd(U)
ehci_hcd(U)
Mar  8 23:56:36 Insp6400 kernel:
Mar  8 23:56:36 Insp6400 kernel: Pid: 2275, comm: modprobe Tainted: P        
(2.6.24.3-12.fc8PAE #4)
Mar  8 23:56:36 Insp6400 kernel: EIP: 0060:[<f8c0bfae>] EFLAGS: 00210282 CPU:
0
Mar  8 23:56:36 Insp6400 kernel: EIP is at xp_sys_hook+0x18a/0x210 [dazuko]
Mar  8 23:56:36 Insp6400 kernel: EAX: c048db60 EBX: f5040500 ECX: f5193eac
EDX:c063f754
Mar  8 23:56:36 Insp6400 kernel: ESI: f5040540 EDI: f8c0f87c EBP: f8c0e680
ESP:f5193e98
Mar  8 23:56:36 Insp6400 kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Mar  8 23:56:36 Insp6400 kernel: Process modprobe (pid: 2275, ti=f5192000
task=f
1c14000 task.ti=f5192000)
Mar  8 23:56:36 Insp6400 kernel: Stack: f5195800 00000000 0f800000 00000000
f8c0cbfd f5040568 f8c090a4 c0446a9c
Mar  8 23:56:36 Insp6400 kernel:        ffffffff 00000001 c0451157 00000000
00000000 00000000 c048ef49 00008238
Mar  8 23:56:36 Insp6400 kernel:        00000000 00000000 000003e8 00000000
00000000 00000000 00000000 00000000
Mar  8 23:56:36 Insp6400 kernel: Call Trace:
Mar  8 23:56:36 Insp6400 kernel:  [<f8c090a4>] dazuko_init+0x6d/0x8e [dazuko]
Mar  8 23:56:36 Insp6400 kernel:  [<c0446a9c>]
blocking_notifier_call_chain+0x17/0x1a
Mar  8 23:56:36 Insp6400 kernel:  [<c0451157>] sys_init_module+0x14fa/0x161b
Mar  8 23:56:36 Insp6400 kernel:  [<c048ef49>] do_sync_read+0xc7/0x10a
Mar  8 23:56:36 Insp6400 kernel:  [<c0408116>] sysenter_past_esp+0x6b/0xa1
Mar  8 23:56:36 Insp6400 kernel:  =======================
Mar  8 23:56:36 Insp6400 kernel: Code: f8 c0 f8 8b 82 50 05 00 00 83 c0 04 f0
ff
 00 64 a1 00 40 7a c0 86 98 bc 05 00 00 8b 15 d8 f8 c0 f8 83 c2 14 8b 02 a3 e8
f
8 c0 f8 <c7> 02 78 ad c0 f8 8b 15 d8 f8 c0 f8 81 c2 a4 00 00 00 8b 02 a3
Mar  8 23:56:36 Insp6400 kernel: EIP: [<f8c0bfae>] xp_sys_hook+0x18a/0x210
[dazuko] SS:ESP 0068:f5193e98
Mar  8 23:56:36 Insp6400 kernel: ---[ end trace 9717c3868b47d771 ]---


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

RE: UNS: RE: capability as a module on fc8

Tikka, Sami
I'll have to check if we have already fixed that. The version of dazuko we
ship in our Linux Security product (currently in beta) is able to figure out
the syscall table readonly issues without the user needing to configure
dazuko differently.

If you want to try it yourself, you can download Linux Security
(http://www.f-secure.com/linux-weblog/2008/01/08/linux-security-700-beta-3/)
and install it. Please tell me if it works for you.

What was the Linux distro and version where you tried it?

-- Sami

P.S. Yes, I know it is a bad thing F-Secure uses its own version of dazuko.
We will try to contribute our fixes back to John Ogness.

P.P.S. The installation package contains the official dazuko 2.3.4 and a
patch with all F-Secure's changes.

> -----Original Message-----
> From: jim burns [mailto:[hidden email]]
> Sent: 10 March, 2008 04:50
> To: Tikka, Sami; [hidden email]
> Subject: Re: UNS: RE: [Dazuko-devel] capability as a module on fc8
>
> On Sunday 09 March 2008 06:21:39 pm you wrote:
> > What kind of problems have you had with syscalls in the past?
>
> Kernel oops. It doesn't matter whether i pass --sct-readonly or --sct-
> nocheck.
> A sample syslog output:
>
>
> Mar  8 23:56:36 Insp6400 kernel: BUG: unable to handle kernel paging
> request
> at virtual address c063f754
> Mar  8 23:56:36 Insp6400 kernel: printing eip: f8c0bfae *pdpt =
> 0000000000004001 *pde = 0000000037964163 *pte = 800000000063f161
> Mar  8 23:56:36 Insp6400 kernel: Oops: 0003 [#1] SMP
> Mar  8 23:56:36 Insp6400 kernel: Modules linked in: dazuko(U) sunrpc
> nf_conntrack_netbios_ns xt_comment nf_conntrack_ipv4 xt_state
> nf_conntrack
> xt_tcpudp ipt_LOG iptable_filter ip_tables x_tables cpufreq_ondemand
> acpi_cpufreq loop ipv6 snd_usb_audio snd_usb_lib snd_rawmidi snd_hwdep
> hsfhda(U) hsfserial(U) hsfengine(P)(U) hsfosspec(U) snd_hda_intel(U)
> snd_hda_codec(U) snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
> b44(U)
> snd_seq_device arc4 snd_pcm_oss snd_mixer_oss ecb firewire_ohci(U)
> snd_pcm
> blkcipher ssb(U) sdhci(U) firewire_core(U) mmc_core(U) iwl3945(U)
> video(U)
> mii(U) snd_timer ac(U) snd crc_itu_t battery(U) dcdbas(U) output(U)
> button(U)
> iTCO_wdt(U) i2c_i801(U) soundcore i2c_core(U) iTCO_vendor_support(U)
> pcspkr(U) mac80211 snd_page_alloc cfg80211 joydev(U) sr_mod sg cdrom(U)
> dm_snapshot(U) dm_zero(U) dm_mirror(U) dm_mod(U) pata_acpi ata_generic
> ata_piix libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd(U)
> ohci_hcd(U)
> ehci_hcd(U)
> Mar  8 23:56:36 Insp6400 kernel:
> Mar  8 23:56:36 Insp6400 kernel: Pid: 2275, comm: modprobe Tainted: P
> (2.6.24.3-12.fc8PAE #4)
> Mar  8 23:56:36 Insp6400 kernel: EIP: 0060:[<f8c0bfae>] EFLAGS:
> 00210282 CPU:
> 0
> Mar  8 23:56:36 Insp6400 kernel: EIP is at xp_sys_hook+0x18a/0x210
> [dazuko]
> Mar  8 23:56:36 Insp6400 kernel: EAX: c048db60 EBX: f5040500 ECX:
> f5193eac
> EDX:c063f754
> Mar  8 23:56:36 Insp6400 kernel: ESI: f5040540 EDI: f8c0f87c EBP:
> f8c0e680
> ESP:f5193e98
> Mar  8 23:56:36 Insp6400 kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033
> SS: 0068
> Mar  8 23:56:36 Insp6400 kernel: Process modprobe (pid: 2275,
> ti=f5192000
> task=f
> 1c14000 task.ti=f5192000)
> Mar  8 23:56:36 Insp6400 kernel: Stack: f5195800 00000000 0f800000
> 00000000
> f8c0cbfd f5040568 f8c090a4 c0446a9c
> Mar  8 23:56:36 Insp6400 kernel:        ffffffff 00000001 c0451157
> 00000000
> 00000000 00000000 c048ef49 00008238
> Mar  8 23:56:36 Insp6400 kernel:        00000000 00000000 000003e8
> 00000000
> 00000000 00000000 00000000 00000000
> Mar  8 23:56:36 Insp6400 kernel: Call Trace:
> Mar  8 23:56:36 Insp6400 kernel:  [<f8c090a4>] dazuko_init+0x6d/0x8e
> [dazuko]
> Mar  8 23:56:36 Insp6400 kernel:  [<c0446a9c>]
> blocking_notifier_call_chain+0x17/0x1a
> Mar  8 23:56:36 Insp6400 kernel:  [<c0451157>]
> sys_init_module+0x14fa/0x161b
> Mar  8 23:56:36 Insp6400 kernel:  [<c048ef49>] do_sync_read+0xc7/0x10a
> Mar  8 23:56:36 Insp6400 kernel:  [<c0408116>]
> sysenter_past_esp+0x6b/0xa1
> Mar  8 23:56:36 Insp6400 kernel:  =======================
> Mar  8 23:56:36 Insp6400 kernel: Code: f8 c0 f8 8b 82 50 05 00 00 83 c0
> 04 f0
> ff
>  00 64 a1 00 40 7a c0 86 98 bc 05 00 00 8b 15 d8 f8 c0 f8 83 c2 14 8b
> 02 a3 e8
> f
> 8 c0 f8 <c7> 02 78 ad c0 f8 8b 15 d8 f8 c0 f8 81 c2 a4 00 00 00 8b 02
> a3
> Mar  8 23:56:36 Insp6400 kernel: EIP: [<f8c0bfae>]
> xp_sys_hook+0x18a/0x210
> [dazuko] SS:ESP 0068:f5193e98
> Mar  8 23:56:36 Insp6400 kernel: ---[ end trace 9717c3868b47d771 ]---


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: capability as a module on fc8

John Ogness-5
On 2008-03-10, Tikka, Sami <[hidden email]> wrote:
> We will try to contribute our fixes back to John Ogness.

Dazuko ships with a patch for F-Secure. It would be nice if you could
at least keep the patch up-to-date.

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel