|
Entries posted in April 2005
2 April 2005 21:50
Holiday
It is now 01:38AM and in 100minutes or so I'll be getting into a taxi to take me on the start of a three-plane, two connection, all day journey to America.
I wish i were more awake .. still no work, little email, and nothing to do but enjoy myself. It's gotta be good, right?
No tags
|
7 April 2005 21:50
Spokane / Clarkston / Lewiston
I flew to Spokane (GEG) on Saturday, via London and Chicago.
The flights were fun, nice people helped my simple self get to the right terminals on time, and I only had to remove my boots once. (Of course all my body piercings managed to set of the alarms at each of the three airports).
I'm enjoying America far more than I did previously, although that is mostly due to nicer weather and friendlier company.
Internet access is limited to 28kbps dialup so whilst I've been mostly able to read all my incoming mail, I've ignored 95% of it.
No tags
|
10 April 2005 21:50
Ubuntu Assimilation
I've been assimiliated into the Ubuntu distribution with three pieces of my software being added to the distribution:
- camgrab
- A console tool which will output a single frame to a jpg from a webcam.
- xreverse
- Another "Othello" game clone. Has strong AI player.
- update-apt
No tags
|
10 April 2005 21:50
Planets
Joey Hess wrote that he'd installed a feed aggregator earlier today, and I've seen a bunch of people running their own planet installations hitting some of my sites.
I wonder if there's any point in creating a customizable feed site?
It seems to me that you could easily create a login-based system where people could add and remove feeds to their own pages, kinda like livejournal but with feeds instead of friends.
There are things like bloglines which show you headlines, but I think they don't show the entries - maybe that's not true and dependent on the feeds which people are using?
Interestingly livefeeds.org is free, and leads to my.livefeeds.org nicely.
A few months back I even setup a simple prototype, but I didn't get much past the login + feed subscription pages, guess it was a case of enthusiasm outweighing need. Somebody else is welcome to the idea though :)
No tags
|
21 April 2005 21:50
Back!
I'm back in Sunny Edinburgh now, and almost ready to start real Debian work - probably during/after the weekend.
Except …
Dead Laptop
I managed to render my laptop unbootable.
I was running the kernel 2.6.10, and upgraded to 2.6.11. Once that was done I couldn't get the Nvidia drivers working properly so I had no working X11 setup. After trying to fix different things, and surfing the web with lynx I found a few tips but nothing that seemed to apply. No relevent looking bugs in the Debian bug tracker, so I tried to revert back to the previous kernel.
Grub screwed up, somehow, and the machine wouldn't boot.
I fixed that, kinda, and then tried to revert back to the older kernel I had lying around 2.4.27. At this point the machine wouldn't boot at all.
The machine is a basic setup, three partitions "/", "/home", and swap. So I'm going to reinstall and get it working just now. All being well I'll not lose anything but time, and the feeling of competence!
I think I'll stick to 2.6.10 for the moment though!
No tags
|
23 April 2005 21:50
Auditing
I spent a long time yesterday downloading source code
and running quick audits of them between trying to do other things.
Lots of fun, still, but nothing found.
It's frustrating sometimes seeing code which is bad but not used,
because there's the knowlege that it might become live at a later
date.
Here's two examples of code which isn't used:
gnome-games
When saving the highscore file for gtali the scorefile
is saved to a temporary file, then renamed to be the real file.
The code that does this, in the setgid(games) binary looks like
this:
#ifdef HAVE_RENAME
if (rename(tmpfile, scorefile))
{
say("rename failed!");
unlink(tmpfile);
}
#else
{
char scall[300];
sprintf(scall, "mv %s %s", tmpfile, scorefile);
system(scall);
}
#endif
As no privileges are dropped the unqualified "mv" command will
run with privileges setgid(games) (Indeed it must to work with
/var/games, which is not writable by a typical user).
So, a trojan "mv" command will easily gain gid(games).
On none of the platforms I tested this code is used, because they
all have HAVE_RENAME defined.
omega-rpg
The following code comes from the "save game" section of the code again!
It firstly makes sure that the state is saved properly.
If the magic symbol "COMPRESS_SAVE_FILES" is defined it will invoke
a compression program upon the saved file, and delete the uncompressed file.
In Debian packages the compression code is disabled.
The program is setgid(games), and doesn't drop its privileges. However COMPRESSOR is defined as just "gzip", not "/bin/gzip". So gaining gid(games) is trivially possible, via a fake "gzip" binary early on your PATH.
#ifdef COMPRESS_SAVE_FILES
if (writeok &;&; compress) {
print2("Compressing Save File....");
strcpy(temp,COMPRESSOR);
strcat(temp," ");
strcat(temp,savestr);
system(temp);
sprintf(temp, "%s.%s", savestr, COMPRESS_EXT);
unlink(savestr);
link(temp, savestr);
unlink(temp); /* renames, but sys-V doesn't have rename()... */
}
#endif
Pro's : The code is disabled.
Con's : Possibly upstream wasn't meant to be setgid anyway?
So, two games, two potential vulnerabilities.
No tags
|
24 April 2005 21:50
Sarge Snapshot
Where's the best place to get a snapshot of the Sarge source, on CD-ROM or DVD?
Lots of companies are offering binary snapshots ..
(For the record I'm in the UK, and would pay :))
Downloading the whole thing isn't an option as my bandwith isn't too great, I'm interested in the source so I can do some audits.
No tags
|
27 April 2005 21:50
Debian Writings
Debianplanet has now started syndicating my site, and has given it a plug on their front page.
I guess I should write something new now ;)
No tags
|
28 April 2005 21:50
Fuzz Testing
I wrote a simple tool to generate "random" webpages the other day, and then subjected Mozilla Firefox to a couple of stress tests.
Thirty minutes later I made it crash, and after trimming it down to a simple test case and getting a few friend to test it on other platforms I reported it to security@mozilla.org.
Sadly it turned out to be a duplicate of a previously reported bug, but it was a fun experience.
Tonight I reported another one. This time it appears to be reproducable (causes instant crash) and previously unreported. (Fixed on the trunk, but current versions of Mozilla, Thunderbird, and Firefox crash instantly :) )
I'll keep it going till I get bored ..
No tags
|
|
