About Archive Tags RSS Feed


Entries posted in April 2005


2 April 2005 21:50


It is now 01:38AM and in 100minutes or so I'll be getting into a taxi to take me on the start of a three-plane, two connection, all day journey to America.

I wish i were more awake .. still no work, little email, and nothing to do but enjoy myself. It's gotta be good, right?

| No comments


Clarkston, WA

7 April 2005 21:50

Spokane / Clarkston / Lewiston

I flew to Spokane (GEG) on Saturday, via London and Chicago.

The flights were fun, nice people helped my simple self get to the right terminals on time, and I only had to remove my boots once. (Of course all my body piercings managed to set of the alarms at each of the three airports).

I'm enjoying America far more than I did previously, although that is mostly due to nicer weather and friendlier company.

Internet access is limited to 28kbps dialup so whilst I've been mostly able to read all my incoming mail, I've ignored 95% of it.

| No comments



10 April 2005 21:50

Ubuntu Assimilation

I've been assimiliated into the Ubuntu distribution with three pieces of my software being added to the distribution:

  • camgrab
    • A console tool which will output a single frame to a jpg from a webcam.
  • xreverse
    • Another "Othello" game clone. Has strong AI player.
  • update-apt

| No comments


Customized feed aggregators

10 April 2005 21:50


Joey Hess wrote that he'd installed a feed aggregator earlier today, and I've seen a bunch of people running their own planet installations hitting some of my sites.

I wonder if there's any point in creating a customizable feed site?

It seems to me that you could easily create a login-based system where people could add and remove feeds to their own pages, kinda like livejournal but with feeds instead of friends.

There are things like bloglines which show you headlines, but I think they don't show the entries - maybe that's not true and dependent on the feeds which people are using?

Interestingly livefeeds.org is free, and leads to my.livefeeds.org nicely.

A few months back I even setup a simple prototype, but I didn't get much past the login + feed subscription pages, guess it was a case of enthusiasm outweighing need. Somebody else is welcome to the idea though :)

| No comments


Edinburgh + Dead Laptop

21 April 2005 21:50


I'm back in Sunny Edinburgh now, and almost ready to start real Debian work - probably during/after the weekend.

Except …

Dead Laptop

I managed to render my laptop unbootable.

I was running the kernel 2.6.10, and upgraded to 2.6.11. Once that was done I couldn't get the Nvidia drivers working properly so I had no working X11 setup.

After trying to fix different things, and surfing the web with lynx I found a few tips but nothing that seemed to apply. No relevent looking bugs in the Debian bug tracker, so I tried to revert back to the previous kernel.

Grub screwed up, somehow, and the machine wouldn't boot.

I fixed that, kinda, and then tried to revert back to the older kernel I had lying around 2.4.27. At this point the machine wouldn't boot at all.

The machine is a basic setup, three partitions "/", "/home", and swap. So I'm going to reinstall and get it working just now. All being well I'll not lose anything but time, and the feeling of competence!

I think I'll stick to 2.6.10 for the moment though!

| No comments


Game auditing

23 April 2005 21:50


I spent a long time yesterday downloading source code and running quick audits of them between trying to do other things.

Lots of fun, still, but nothing found.

It's frustrating sometimes seeing code which is bad but not used, because there's the knowlege that it might become live at a later date.

Here's two examples of code which isn't used:


When saving the highscore file for gtali the scorefile is saved to a temporary file, then renamed to be the real file.

The code that does this, in the setgid(games) binary looks like this:

        if (rename(tmpfile, scorefile))
                say("rename failed!");
                char scall[300];
                sprintf(scall, "mv %s %s", tmpfile, scorefile);

As no privileges are dropped the unqualified "mv" command will run with privileges setgid(games) (Indeed it must to work with /var/games, which is not writable by a typical user).

So, a trojan "mv" command will easily gain gid(games).

On none of the platforms I tested this code is used, because they all have HAVE_RENAME defined.


The following code comes from the "save game" section of the code again! It firstly makes sure that the state is saved properly.

If the magic symbol "COMPRESS_SAVE_FILES" is defined it will invoke a compression program upon the saved file, and delete the uncompressed file.

In Debian packages the compression code is disabled.

The program is setgid(games), and doesn't drop its privileges. However COMPRESSOR is defined as just "gzip", not "/bin/gzip". So gaining gid(games) is trivially possible, via a fake "gzip" binary early on your PATH.

    if (writeok &;&; compress) {
      print2("Compressing Save File....");

      strcat(temp," ");
      sprintf(temp, "%s.%s", savestr, COMPRESS_EXT);
      link(temp, savestr);
      unlink(temp);    /* renames, but sys-V doesn't have rename()... */

Pro's : The code is disabled.

Con's : Possibly upstream wasn't meant to be setgid anyway?

So, two games, two potential vulnerabilities.

| No comments


Buying Sarge Snapshots? (UK)

24 April 2005 21:50

Sarge Snapshot

Where's the best place to get a snapshot of the Sarge source, on CD-ROM or DVD?

Lots of companies are offering binary snapshots ..

(For the record I'm in the UK, and would pay :))

Downloading the whole thing isn't an option as my bandwith isn't too great, I'm interested in the source so I can do some audits.

| No comments



27 April 2005 21:50

Debian Writings

Debianplanet has now started syndicating my site, and has given it a plug on their front page.

I guess I should write something new now ;)

| No comments


crashing firefox with bugs

28 April 2005 21:50

Fuzz Testing

I wrote a simple tool to generate "random" webpages the other day, and then subjected Mozilla Firefox to a couple of stress tests.

Thirty minutes later I made it crash, and after trimming it down to a simple test case and getting a few friend to test it on other platforms I reported it to [email protected].

Sadly it turned out to be a duplicate of a previously reported bug, but it was a fun experience.

Tonight I reported another one. This time it appears to be reproducable (causes instant crash) and previously unreported. (Fixed on the trunk, but current versions of Mozilla, Thunderbird, and Firefox crash instantly :) )

I'll keep it going till I get bored ..

| No comments