the answer for me is no.

many thanks to our security team for ignoring critical SSP bugs. the answer for me is no.
many thanks to our QA lead for replacing his head with a tomato. the answer for me is still no.

and many thanks to our council for supporting names like vapier and halcy0n (and wolf*lotsofnumbers*, i never knew he was into that kind of business) with their aggressive, destructive and pervasive notions of how people should conform to their fascist little black and white one in the stink two in the pink world. i still think the answer is no.

at least you got all the rotten tomatoes in one boat now and it's slowly sinking.
I'll be happy to leave you here with what you have. There have been no innovations hosted by Gentoo Linux on the security sector of host-based systems hardening for 5 years now. You fight people leaving faster than you can hire noobs to fill redundant positions because you fuckups still keep all your puppets in the right positions to decide what the public opinion is and what the people using Gentoo should "think" about your little /usr/portage experiment there.

well fuck you then, bitches.

whatever.

as always i'll have my last curtain with a song i loved when i was young- and maybe still do.
and now i have to admit- the answer to the above question for Gentoo Linux is definitely yes.

CAKE - The Distance

Reluctantly crouched at the starting line,
Engines pumping and thumping in time.
The green light flashes, the flags go up.
Churning and burning, they yearn for the cup.
They deftly maneuver and muscle for rank,
Fuel burning fast on an empty tank.
Reckless and wild, they pour through the turns.
Their prowess is potent and secretly stearn.
As they speed through the finish, the flags go down.
The fans get up and they get out of town.
The arena is empty except for one man,
Still driving and striving as fast as he can.
The sun has gone down and the moon has come up,
And long ago somebody left with the cup.
But he's driving and striving and hugging the turns.
And thinking of someone for whom he still burns.

He's going the distance.
He's going for speed.
She's all alone
In her time of need.
Because he's racing and pacing and plotting the course,
He's fighting and biting and riding on his horse,
He's going the distance.

No trophy, no flowers, no flashbulbs, no wine,
He's haunted by something he cannot define.
Bowel-shaking earthquakes of doubt and remorse,
Assail him, impale him with monster-truck force.
In his mind, he's still driving, still making the grade.
She's hoping in time that her memories will fade.
Cause he's racing and pacing and plotting the course,
He's fighting and biting and riding on his horse.
The sun has gone down and the moon has come up,
And long ago somebody left with the cup.
But he's striving and driving and hugging the turns.
And thinking of someone for whom he still burns.

Cause he's going the distance.
He's going for speed.
She's all alone
In her time of need.
Because he's racing and pacing and plotting the course,
He's fighting and biting and riding on his horse.
He's racing and pacing and plotting the course,
He's fighting and biting and riding on his horse.
He's going the distance.
He's going for speed.
He's going the distance.

may the source be with you and your guards never fail at entropy.

Alex

PS: the next time you write bullshit about me in profiles/default/linux/package.use.mask, make sure you remove my name so i don't feel offended by your blatant ignorance of the problem itself.

okay here we go

>>> Regenerating /etc/ld.so.cache...
>>> sys-libs/gxslibc-2.6.1-r2 merged.

>>> No packages selected for removal by clean
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.
* Regenerating GNU info directory index...
* Processed 87 info files.

TMPFS chroot001 miranda ~ # export STATIC="-fstack-protector-all"; gcc-3.4.6 "${STATIC}" -fstack-protector-all -o vuln-stack vuln-stack.c && file vuln-stack && readelf -s vuln-stack | egrep "__guard|__stack_smash"; ./vuln-stack 1234567891234567; einfo "return code: ${?}"; echo; gcc-3.4.6 "${STATIC}" -fstack-protector-all -o ssp_entropy ssp_entropy.c && file ssp_entropy && ./ssp_entropy
vuln-stack: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.18, dynamically linked (uses shared libs), not stripped
2: 08049698 4 OBJECT GLOBAL DEFAULT 23 __guard@GLIBC_2.3.2 (3)
4: 00000000 30 FUNC GLOBAL DEFAULT UND __stack_smash_handler@GLIBC_2.3.2 (3)
78: 08049698 4 OBJECT GLOBAL DEFAULT 23 __guard@@GLIBC_2.3.2
80: 00000000 30 FUNC GLOBAL DEFAULT UND __stack_smash_handler@@GL
* return code: 46

ssp_entropy: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.18, dynamically linked (uses shared libs), not stripped
__guard: [[0x288a2b8c]]

TMPFS chroot001 miranda ~ # export STATIC="-static"; gcc-3.4.6 "${STATIC}" -fstack-protector-all -o vuln-stack vuln-stack.c && file vuln-stack && readelf -s vuln-stack | egrep "__guard|__stack_smash"; ./vuln-stack 1234567891234567; einfo "return code: ${?}"; echo; gcc-3.4.6 "${STATIC}" -fstack-protector-all -o ssp_entropy ssp_entropy.c && file ssp_entropy && ./ssp_entropy
vuln-stack: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.18, statically linked, not stripped
1346: 0804f810 18 FUNC GLOBAL DEFAULT 3 __stack_smash_handler
1554: 080bc370 4 OBJECT GLOBAL DEFAULT 16 __guard
* return code: 46

ssp_entropy: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.18, statically linked, not stripped
__guard: [[0xe686ece4]]

i invented return code 46 as SSP failure because i could not find a list of valid exit codes (unless segfault which is 127) at google.

-Alex

well it looks like i can go to bed with a smile on my face...


gcc -g -ggdb -fstack-protector-all -o ssp_entropy ssp_entropy.c
./ssp_entropy
__guard: [[0x353275b9]]




gcc -static -g -ggdb -fstack-protector-all -o ssp_entropy ssp_entropy.c && ./ssp_entropy
__guard: [[0x3687e720]]




TMPFS chroot001 miranda ~ # cat ssp_entropy.c
#include stdio.h

extern unsigned long int __guard;

int main(void) {
printf("__guard: [[0x%x]]\n", __guard);
while(1) { ; }
return(0);
}


for learning about the whole story: http://bugs.gentoo.org/show_bug.cgi?id=182231

have fun and good night!



pappy@h1339985 ~ $ ssh root@miranda -p 22001
Last login: Mon Apr 28 12:46:52 2008 from dev.extreme-security.net
TMPFS chroot001 miranda ~ # emerge --info
Portage 2.1.4.4 (default-linux/x86/2007.0, gcc-4.1.1, hardened-glibc-2.6.1-r1, 2.6.24-hardened i686)
=================================================================
System uname: 2.6.24-hardened i686 Dual Core AMD Opteron(tm) Processor 280
Timestamp of tree: Mon, 28 Apr 2008 01:45:01 +0000
app-shells/bash: 3.2_p17-r1
dev-lang/python: 2.4.4-r6
dev-python/pycrypto: 2.0.1-r5
sys-apps/baselayout: 1.12.9
sys-apps/sandbox: 1.2.18.1-r2
sys-devel/autoconf: 2.61-r1
sys-devel/automake: 1.10
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i486-pc-linux-gnu"
CFLAGS="-O2 -mtune=i686 -pipe"
CHOST="i486-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mtune=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl berkdb cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl ssl tcpd unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY




Today one of my biggest dreams got shattered by technical deficiencies.

Phreak helped me to experiment with the virtuals in my new experimental toy profile on miranda chroots. I learned alot about catalyst and finally found out about my mistake that you need to roll up the portage tree (where you have added the created test profiles) into a portage-XXX.tar.bz2 and give this XXX name to the catalyst specs file before building the stages.

Otherwise it cannot find the profile in portage snapshot and print out an erroneous message about your profile being broken, simply because it cannot find it in the portage snapshot that was unpacked.

So, while experimenting with stage building and seeing to it that it works to create a masking of sys-libs/glibc and a virtual/libc mapping to my own testing version of sys-libs/hardened-glibc, for covering my future wanted changes for SSPx and AT_ENTROPY without touching the holy sys-libs/glibc grail of our toolchain team, it suddenly turns into a full fledged uphill battle that is impossible to win.

I am talking about reworking all affected packages in the tree to not depend on sys-devel/gcc any more but on virtual/cc or something like that- because we currently don't have a virtual for gcc. Good job, team.

Short spoken: our toolchain is currently maintained by a single person, happily monolithically aimed at glibc (and a bit of uclibc) and gcc.

Which in turn gives all the power of control over the base system, the standard lib and the compiler into the hands of one or two people without users or other devs being able to plug in or attach another modular approach to it.

Which basically means you don't have another choice but to use the glibc and gcc provided by our distribution. A distribution that was about choice, at least the last time i read it on our homepage.

I still remember the support and the backup of our gcc and glibc hackers when in 2002 and 2003 the hardened toolchain was still a young project compared to the other projects of Gentoo and how we were all working together on a shared vision... all gone.

Today it's about software quality and keeping your hands on your packages which in turn control the behaviour of a complete GNU/Linux distribution.

Thank you very much.

Alex

http://www.amazon.com/Ambient-Findability-What-Changes-Become/dp/0596007655

good book, if you leave aside the obnoxiously evident google-fanboyism

today it's the birthday of Edmund Stoiber and Bushido- lmao

-Alex

when you suddenly wake up at half past four in the night you know you have been doing a good job getting your life sorted out and all of that.

lots of things are happening in my life at the moment.
i found a new job which is great because i am confident that this will bring me through the final year of my bachelors degree without financial problems plus i am forced to spend time with a good friend and the atmosphere there (four developers and one coffee machine) feels like working in a corporate living room.

The only drawback: it's a C# and Visual Studio 2005 job with .NET 3.0.

This stuff feels more professional and pays the rent, a step forward from that silly undermanaged Java project i worked at school for two years- it paid the rent but didn't feel professional

So what about the open source compiler hacks i am contributing, which from a neutral point of view nobody needs to continue maintaining or wants to benefit from anyway- take a look at the gorgeous project management of our all beloved toolchain maintainers and hardened toolchain maintainers and add 1 to 1. What has happened during the last year and what is happening in the next year? In my eyes in the last year nothing useful has happened to the 3.4.x to 4.x transmission shift but we all saw the fruitless try to offload the integration of maintenance, integration and implementation work of the hardened toolchain suite to an overworked baseline toolchain team at Gentoo and that this didn't really benefit the hardened team. Together with a leadership vacuum we're in a master/slave role now waiting for our fellow developers to give way to our glibc/gcc modding stuff finally being visible by the users of our distribution- or have them forced to use a locked up overlay that has no real status or integration with the baseline either. Get your act together. My plans for SSPx are still valid and justified. And PaX userland development is not sleeping, and when it comes knocking at the door, we should have an answer how to make room for it in our hardened project. And you better have a good answer and not "let's see how toolchain devs think about all of this".

Alex

http://dev.gentoo.org/~pappy/ssp/AT_ENTROPY/linux-2.6.21.5_AT_ENTROPY.patch

just waiting for upstream glibc and linux-kernel to assign the numbers, then we can go bughunting why the repetitive call to get_random_int() yields the same values for both calls...

but perhaps this is a feature and not a bug and we need a pax-like function...

Alex

everybody who has a glibc-2.5-r3 please test the following program:


#include LESS_THAN_SIGN stdio.h GREATER_THAN_SIGN

extern unsigned long int __guard;

int main(void) {
printf("__guard: [[0x%x]]\n", __guard);
while(1) { ; }
return(0);
}


compiled with gcc -static and single stepped with gdb, it should show that the guard is randomly inizialized.

but compiled without -static, it shows for my tests that the __guard is always 0x0... bad bad cow.

but there is good news too: the AT_ENTROPY patch

this is a stub for 2.6.21 kernel source

falcon linux # grep -A2 -B2 -ri "deadbeef" fs/binfmt_elf.c
NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);

NEW_AUX_ENT(AT_ENTROPY, 0xdeadbeef);

NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);



the glibc patch is "done" (leave out the 0x0 problem)



diff -Nru glibc-2.5.ORIG/csu/libc-start.c glibc-2.5/csu/libc-start.c
--- glibc-2.5.ORIG/csu/libc-start.c 2007-06-16 15:23:50.000000000 +0200
+++ glibc-2.5/csu/libc-start.c 2007-06-16 16:01:19.000000000 +0200
@@ -165,8 +165,16 @@
#endif

# ifndef SHARED
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+ /* Set up the stack checker's canary, optional kernel entropy */
+ uintptr_t stack_chk_guard;
+
+ if (GLRO(dl_entropy) != 0) {
+ stack_chk_guard = GLRO(dl_entropy);
+ }
+ else {
+ stack_chk_guard = _dl_setup_stack_chk_guard ();
+ }
+
#ifdef ENABLE_OLD_SSP_COMPAT
__guard_local = stack_chk_guard;
#endif
diff -Nru glibc-2.5.ORIG/elf/dl-support.c glibc-2.5/elf/dl-support.c
--- glibc-2.5.ORIG/elf/dl-support.c 2005-05-11 19:27:22.000000000 +0200
+++ glibc-2.5/elf/dl-support.c 2007-06-16 16:13:33.000000000 +0200
@@ -155,6 +155,8 @@
#ifdef HAVE_AUX_VECTOR
int _dl_clktck;

+uintptr_t _dl_entropy;
+
void
internal_function
_dl_aux_init (ElfW(auxv_t) *av)
@@ -172,6 +174,9 @@
case AT_CLKTCK:
GLRO(dl_clktck) = av->a_un.a_val;
break;
+ case AT_ENTROPY:
+ GLRO(dl_entropy) = av->a_un.a_val;
+ break;
case AT_PHDR:
GL(dl_phdr) = (void *) av->a_un.a_val;
break;
diff -Nru glibc-2.5.ORIG/elf/dl-sysdep.c glibc-2.5/elf/dl-sysdep.c
--- glibc-2.5.ORIG/elf/dl-sysdep.c 2005-12-14 09:36:14.000000000 +0100
+++ glibc-2.5/elf/dl-sysdep.c 2007-06-16 16:12:38.000000000 +0200
@@ -160,6 +160,9 @@
case AT_CLKTCK:
GLRO(dl_clktck) = av->a_un.a_val;
break;
+ case AT_ENTROPY:
+ GLRO(dl_entropy) = av->a_un.a_val;
+ break;
case AT_FPUCW:
GLRO(dl_fpu_control) = av->a_un.a_val;
break;
diff -Nru glibc-2.5.ORIG/elf/elf.h glibc-2.5/elf/elf.h
--- glibc-2.5.ORIG/elf/elf.h 2007-06-16 15:23:49.000000000 +0200
+++ glibc-2.5/elf/elf.h 2007-06-16 16:01:48.000000000 +0200
@@ -977,6 +977,8 @@

#define AT_SECURE 23 /* Boolean, was exec setuid-like? */

+#define AT_ENTROPY 24 /* kernel entropy */
+
/* Pointer to the global system page used for system calls and other
nice things. */
#define AT_SYSINFO 32
diff -Nru glibc-2.5.ORIG/elf/rtld.c glibc-2.5/elf/rtld.c
--- glibc-2.5.ORIG/elf/rtld.c 2007-06-16 15:23:49.000000000 +0200
+++ glibc-2.5/elf/rtld.c 2007-06-16 16:01:28.000000000 +0200
@@ -1838,8 +1838,16 @@
tcbp = init_tls ();
#endif

- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+ /* Set up the stack checker's canary, optional kernel entropy */
+ uintptr_t stack_chk_guard;
+
+ if (GLRO(dl_entropy) != 0) {
+ stack_chk_guard = GLRO(dl_entropy);
+ }
+ else {
+ stack_chk_guard = _dl_setup_stack_chk_guard ();
+ }
+
#ifdef ENABLE_OLD_SSP_COMPAT
__guard_local = stack_chk_guard;
#endif
diff -Nru glibc-2.5.ORIG/sysdeps/generic/ldsodefs.h glibc-2.5/sysdeps/generic/ldsodefs.h
--- glibc-2.5.ORIG/sysdeps/generic/ldsodefs.h 2006-08-24 22:27:05.000000000 +0200
+++ glibc-2.5/sysdeps/generic/ldsodefs.h 2007-06-16 16:04:02.000000000 +0200
@@ -558,6 +558,9 @@
/* CLK_TCK as reported by the kernel. */
EXTERN int _dl_clktck;

+ /* ENTROPY provided by kernel */
+ EXTERN uintptr_t _dl_entropy;
+
/* If nonzero print warnings messages. */
EXTERN int _dl_verbose;



cya,

Alex

big ups to the man

here we go


y %MODES;

${MODES}{"op001"}{function} = \&startChroot;
${MODES}{"op001"}{data} = \$start;

${MODES}{"op002"}{function} = \&stopChroot;
${MODES}{"op002"}{data} = \$stop;

${MODES}{"op003"}{function} = \&resetChroot;
${MODES}{"op003"}{data} = \$reset;

${MODES}{"op004"}{function} = \&deleteChroot;
${MODES}{"op004"}{data} = \$delete;

## side effect: commandline arguments are reordered
## alphabetically before they are processed

for(sort(keys(%MODES))) {
my $mode = $_;

if (defined(${ ${MODES}{$mode}{data} }) && ${ ${MODES}{$mode}{data} } ne "") {
my @CHROOTS = split(",", ${ ${MODES}{$mode}{data} });

for (@CHROOTS) {
my $name = $_;
if ($name =~ /all/) {
foreach my $user (keys(%CHROOT)) {
foreach my $chrootname (keys( %{ ${CHROOT}{$user} } )) {
&{ ${MODES}{$mode}{function} }($user, $chrootname) or die "operation failed for $user:$chrootname";
}
}
} else {
foreach my $chrootname (keys( %{ ${CHROOT}{$name} } )) {
&{ ${MODES}{$mode}{function} }($name, $chrootname) or die "operation failed for $name:$chrootname";
} } } } }


this is the new building block for devel-chroots 2.1.0

xml based config file

improved chroot management utility (devel-chroots --start --stop --reset --delete)

I will code it up the rest of this week, as always have fun and enjoy,

Alex

Sometimes it feels like time is burning under my fingernails.

Phreak is kind of a cool chap. And his brother is the police or the secret service *g*.

I have met so many new people in my life, and i have lost contact to so many others. Maybe this is the reason i begin to think life is about changes and adopting to new situations is very important for me nowadays. I forgot how it feels not to love this woman i am spending my life with. I cannot even say what would be if i would not have met her. The only thing i can say is: i cannot find words for how much i miss her which would nearly qualify for expressing my emotions when i'm all alone and she's not here.

School is going on like it has always been: i know i should learn more but somehow i'm a lazy bastard and still think i can get along with it. And if not: then not. Life is more.

Work is fading out, finishing my time in August.

Normally people are supposed to sleep at 3am in the morning.

This week i started catching up with my Gentoo timeframe and looking at the realization plans for some of my favourite slacking projects again.

* new hardened-sources 2.4 version

* looking at hardened gcc and glibc status

* AT_ENTROPY for glibc SSP
** still have to write emails to kernel devs regarding the AT_ vector additions (dunno how to write it...)
** need to find out where to put the code for the initialization of SSP (external global variable at_entropy_ssp?)

* SSXP mockup for hardened toolchain
** need to put the code in TLS (who manages the memory numbers in TLS space?)
** amd64 demo code works
** need RTL fixes for x86 return address location calculation (and other 32 bit arches?)
** regression suite for benchmarking and SSXP code auditing
** rewrite documentation into a professional and beginners edition (latex source)
** write gentoo-ssxp.xml introduction for the hardened project

* devel-chroots improvements
** /var/lib/init.d/ initalization to make using /etc/init.d/ possible
** sshd (port offset) and sysklogd starting with chroot
** mounting of /proc and /dev/pts inside chroot
** screen sessions will only be started inside the chroots via connecting with ssh
** external screen session running from the host OS is a security risk

Altogether my plans for devel-chroots are to produce a complete development solution without putting the host operating system in danger (i.e. wrecking a glibc or a hardened gcc).

The solution covers virtually every aspect of Gentoo development, the only thing out of reach is low level kernel testing...

And by the way. Does anybody have a good idea how to get rid of flies shitting on my TFT screens? Those little bitches seem to love the plastic coating of my screens. Or is it just the lights...

Nevermind, trying to catch some sleep!

Have fun and enjoy,

Alex

This song has been dubbed from the original version of a big hit.
It can be performed to the similar named song from Britney 'Sinnead' SpearS.

Disclaimer: it's a joke and you aren't supposed to take it serious.

I'm not a dev, not yet a bug-wrangler

I used to think
I had the answers to everything
Mm but now I know
That life doesnt always go my way. yeah
Feels like Im caught in the middle
Thats when I realize

Im not a dev
Not yet a bug-wrangler
All I need is time
A moment that is mine
While Im in between
Im not a dev

There is no need to protect me
Its time that i
Learned to face up to this on my own
Ive seen so much more than you know now
So dont tell me to shut my eyes

Im not a dev
Not yet a bug-wrangler
All I need is time
A moment that is mine
While Im in between
Im not a dev

But if you look at me closely
You will see it in my eyes
This man will always find his way

Im not a dev
Im not a dev dont tell me what to believe
Not yet a bug-wrangler
Im just tryin to find the man in me, yeah
All I need is time
Whoa, all I need is time...
A moment that is mine
... thats mine
While Im in between
Im not a dev
Not quite a bug-wrangler
Not now
All I need is time
A moment that is mine
While Im in between

Im not a dev

Ooooh, not yet a bug-wrangler

hey you!

happy birthday, phreak!

-Alex

... they are all around me.

This is the sentence (one of the more politically correct ones) that comes to my mind when i see the current press campaigns on the usual websites going on. Some people are actually trying to do "professional" online journalism and look at and compare Gentoo as if it were

a) an overfinanced silly Debian ripoff with no future but playing nice to the hustle and bustle that's called shareholder value

b) an underfinanced monolithic cult of moonshiners with no future either

c) the next big thing and we owe it to the public that we are the coolest and fantastic hippie shit on earth

None of this is true.

As long as i have been a Gentoo developer, i have learned one important thing about the real people bringing this distribution forward: they are doing it no matter what you do to them. You can put technical problems in their way, you can make their hardware break, you can curse at them, you can insult them, you can talk bad about them in blogs, emails, in google search results and phony news portals. You can cram their inboxes with 500+ spam mails each day cuz their bloody address shows up in changelogs. But i have yet to see one of those Gentoo developers give up. I won't talk about names here but those people know who they are and why they are.

During time, various Gentoo developers retire or suspend their activities for a multitude of reasons, the most common reason i have seen being a change in real life (new woman, new wife, new dog, new kids, finishing university with a degree, new job with less time for open source fun stuff, ...). Draw your own conclusions but there is also some people who carry their disappointments and unsuccessful careers like a stigma and who later will tell you how bad and lowly we the normal mortal developers deal with offensive behaviour in here. It takes two, one to piss you off and one to be actually pissed off. No offense intented. I'm not promoting offensive behaviour. I'm just saying that it takes two people to go that route.
I am not talking about politics or control or entities like devrel or userrel or council here. I'm talking about my impressions and experiences as a normal Gentoo dev who is sometimes pissing people off and sometimes getting pissed off by other people.

If you are asking some of the developers i am forced to daily work with, they just keep their mouth shut on several occasions where they actually _could_ and would say stfu to the words spreaded by some of our less, well, comfortable fellows, including myself. However, they prefer to let the other one have the last word, knowing that they (and the other one) give a fuck either way.

For two reasons. I elaborate at one's own risk.

First reason being time.

Some people just don't care because they got better things to do than worry about your or my rants. Yeah, it's true. Even this blog post could never have been written without daylight saving time making my biorhythm go nuts all over the place.

Second reason being pride.

For some people it's unbearable to let someone have the last word over their own because it's the fucking false pride that's getting in the way.

If some people would let things be. And they would realize the internet is 80% noobs with low profile bullshit mass media information generators and 20% porn. The whole internet consists of and lives by the ways of deception, misinformation, simply incorrect technical documentation and descriptions and other atrocities. This is just how it is. We are not living in a perfect little soap bubble at Gentoo. However, and this is a lesson i have learned, you are not making it better by dropping a thermonuclear bomb of bullheaded vigilantism on it. You are just spreading it out and make yourself long-term inveterate foes.

You cannot fuck for virginity. And you cannot make war for peace. The same holds true for winning an argument against people who are as retarded as you when it comes to defending your bollocks. You are not winning the argument. You were just having the last word. There ya pride goez!

It's fun though, i have to admit. Not the foes. The bullshit and the buzzing i mean.

However, sooner or later, you wake up one day and you will realize it was not worth it. Not a single bit of it. You could have swallowed your pride. You could have just let things be, for an hour or a day. Or a week or a month. Or a couple of months. Or a couple of years. We are getting older and some of us become wise and eventually wind down to a moderate and temperate character. Call it school of life or learning by doing or whatever you want to call it. I have been taught by many people i'm the most immature and uneducated piece of white shit they have come across in their life. Nonetheless those are the people who also like me somehow. Cuz i may be retarded and rampant, but i'm trying to be in a naive nonhazardous way without harming people all the way. Like wet explosives or a dog without teeth or something like that.

However, back to what this post is about...

If you like ranting and spreading incoherently reflected half-truths: just hit it, it's a free internet and everybody is supposed to fill the heap with bullshit bullshit bullshit as good as you can! If you think Gentoo sucks and you can do it better: do it better.

Gentoo Linux is still the most versatile, barebone, extensible, secure, configurable, top-notch source meta distribution that is

a) available
b) successful
c) useful
and
d) sexy

Call me a fanboy now or whatever you want but time will show and i will learn that your articles are neither helping nor harming. The good and the bad thing about the current problems is that the community of Gentoo developers cannot be described as a single unit nor can it be handled as such one. You can tell some common things about all Ubuntu developers and all Debian developers: like all Ubuntu developers love to be pricks and copycats while all Debian developers love to pretend it's cool to adhere to their "just in time" releases of three year old software as "stable".

I think that's like mummy is dancing to Vanilla Ice (Vanilla Ice getting jiggy with it!) and doing audition at American Idol: just in time.

Comments for this post are not welcome and i'll not discuss it.
If you don't get the message: swallow your pride and resist hacking a wily reply into your mail client, forum entry, blog post or whatever your anarchy friendly information society attack vector is. I will not jump on it.

If you don't like what you have read: don't read it again and try to get over it. Maybe tomorrow you will not be angry or upset any more.

If you are a Ubuntu developer reading this: sorry for offending you on the internet, we all know you are just gorgeous looking role models with too much free time.

If you are a Debian developer reading this: sorry for offending you on the internet, we love you and we love to work with you and share your "experience".

There is a bad thing about Gentoo: the lack of sustainability.
There is a good thing about Gentoo: the lack of sustainability.

Think about that and make up your own mind about the two sentences.

-Alex

PS: You had it coming.

Blogs are widely known as positive multiplicators (or catalysators) of new technologies and sensors for next generation "in crowd" must-haves.

But blogs also put the focus on negative aspects of some new developments and buzzing internet hotspots. This has also been the case with some student portal in germany, which recently became notoriously 'famous' for it's weak and ineffective security setup.

In this case we are not talking about physical site security or host based intrusion deterrence and prevention. This student portal was just giving away too much of it's internal informations to outsiders without proper credentials.

Now everybody could argue: if you sign up, you will get the information anyway.
But the argumentation of the owners, and even the users, seems to go even further: the information is not classified, hence it's not an important cornerstone of their business portfolio to protect it.

People continue to use this website. Which is justification enough to stop thinking about the outcome. Some of the students using the website even ridicule the 'improvised' amateur penetration testing by their collegues as immature, geekish prank. Now, to them it's some kind of hard earned scar they are, chuckling proud, showing off to their mates: hey, we got hacked, what a funny experience!

A lesson can be learned from all of those things happening: on the internet, nobody knows you are a dog plus your personal identity information and the contents of your communication will always be free. Free as in freely accessible.

It is either freely accessible for those who pay for it- the portal and all of it's consumer profiling ready data got sold to a big publishing company soon after it hit through the roof with it's ever increasing number of user accounts.

Or it is freely accessible for those who manage to either circumvent basic obfuscation techniques by unskilled webmasters (linear serials or otherwise reproduceable tokens for session state management and data access), or just hack the system from outside- or inside for what it's worth.

Your data is not secure. Do not store it on the internet.

Now, what really makes me wonder is that people accept it.
They are getting informed about it, always the thing you hear is: oh, really?
But then no things change and they take it into account.

Perhaps just because you don't have to pay for a website that acts as a transactional hub for personal communications and as a global meeting point, you don't have or can't have to worry about security- because if you would do, your world would suddenly turn black.

Gentoo Hardened cannot protect content that is not secured by a seriously developed information security policy and technology that implements it.
What our project is about is giving basic toolchain tools and MAC systems for protecting the underlying machines, giving a basic level of trust into the integrity of the operating system, a hostile environment to possible intruders and a valid starting point for putting an information security policy dealing with the data on top of this.

And i think that's the next big deal: if you are a content provisioner or community platform provider interested in your users enjoying the privacy they are supposed to have, it will cost you a damn lot of money. And you cannot even go bragging about it while playing golf with your homies from the automotive. Cuz they don't give a fuck about user profiles getting read by cross site scripts and used for relaying viagra commercials and stock exchange zeroday trading information to them.

Hardened technology is protecting a lot of machines nowadays.
It prevents intrusions and makes it hard to benefit from a successful exploit because the machine treats intruders hostile and is supposed to make a lot of noise when touched by strange things coming from the internet.

But it cannot solve your information technology problems and cannot protect your high level security requirements for information integrity and confidentiality.

Protecting the private content and personal identity data of users should be important for people. However, it is apparently not.

There is no bad thing about this.

The bad thing to me is: the users accept it.
Which means for me: it's your, the users, own fault then.
If you can't demand and choose your websites based on their history of bad security incidents, then you should also be prepared to live with the outcome.

You don't even have the choice? Well *shrug* not my problem either. Nobody expects you to be the golden digital transparent boy. But you are it. It's your problem.

Now you draw parallels to things like camera surveillance in London.
The massive increase in digitally monitoring content and internet activity in germany. Everywhere around the world things are getting hectic all the sudden.

People do not stand up against it. The people who support it can freely propagate the advantages of those solutions: nobody is taking a pee in the streets of Walthamstow any more.

Nobody speaks up against it because you are sooner or later subject to the suspicion of being a terrorist sympathiser or worse, a liberal.

Now put aside all the proverbs about security and freedom.
And put aside all you learned by now about those things.

What remains for me is: people accept it.
As long as there is no difference in using an unprotected insecure system without a basic level of privacy. And even using a secure system that actually tries to protect the personal data of their users can still be hacked.

But too many people draw the wrong conclusion from that:

It's like saying: fastening your seatbelt does not prevent you from getting squashed by a truck coming through your windshield.

However, the argumentation rather should be: fastening your seatbelt surely does not prevent you from getting turned into ketchup on the tarmac by a beer truck with an (ironically) drunk driver- but in case of a normal, and statistically likely to happen, frontal crash accident with something less intrusive it prevents you and your kids from becoming a dead meat cannonball that is trying to break the speed barrier of low altitude ballistic subsonic flight.

We can't protect you from your life. And you have to die one day. That's the facts. But you got to do it with style- the life, not the death.

Using secure websites and becoming aware of the importance of your privacy on the internet is sexy. Not using them and using their insecure counterparts because you see no alternatives is not.

By the way, it's exactly the same with operating systems, but we won't talk about that now, okay?

Have fun and enjoy,

-Alex

It's been a long time and i've been busy slacking and wasting my time with real life... so i don't know what to say other than that i'm praying for kevquinn to finish his long awaited work and deliver some good stuff.

And that i'm waiting for the next hardened sources 2.4 kernel bump.

Plus phreak is working on some streamlining the hardened profiles.

Recently lots and more people are coming to the hardened channel on irc, which is good on the one hand but rather odd on the other hand because you can feel their lack of understanding of basic concepts of information technology and open source in general...

I don't know but i think it is rather obvious when you talk to people, they ask you for an opinion and then they judge it and decide upon it. You cannot judge an opinion, that is what opinions are for.

In life and work you have to make your own decisions based on your choices- and Gentoo is giving you enough choices to achieve your goals i hope.

That's it for tonight, have fun and enjoy!

-Alex

Link: http://www.amazon.de/Software-Security-Assessment-Identifying-Vulnerabilities/dp/0321444426

thanks to Adamant, along with my new books on VMM this one will make it to the shopping cart also:

http://www.amazon.de/Software-Security-Assessment-Identifying-Vulnerabilities/dp/0321444426

The Art of Software Security Assessment. Identifying and Avoiding Software Vulnerabilities (Broschiert)
# Broschiert: 1174 Seiten
# Verlag: Addison-Wesley Longman, Amsterdam; Auflage: 1st (29. Dez. 2006)
# Sprache: Englisch
# ISBN-10: 0321444426
# ISBN-13: 978-0321444424

However, what i find rather "interesting" is the "name" of the guy cited in the synopsis:

Synopsis
"There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH.

Since when do they use alias names for identifying people as a reference when their name is visible on their corporate page anyway:

Company
...
The team

Halvar Flake/Thomas Dullien, CEO and Head of Research

I just think this makes no sense to me. Perhaps they wanted to give the impression of being blackhat'ish, which is rather foolish because everybody who has been raised with a television in Germany knows that Halvar Flake cannot be a serious real name.

If Amazon wants to sell this book to a professional audience (which i think it wants), they should try to act professional too.

-Alex

So i'm giving it another try, this time i will only be playing with statically linked executables for now...

diff -Nru glibc-2.4.ORIG/csu/libc-start.c glibc-2.4/csu/libc-start.c
--- glibc-2.4.ORIG/csu/libc-start.c 2007-01-21 04:29:20.000000000 +0000
+++ glibc-2.4/csu/libc-start.c 2007-01-21 06:22:05.000000000 +0000
@@ -35,15 +35,6 @@
__attribute__ ((weak))
# endif
;
-# ifndef THREAD_SET_STACK_GUARD
-/* Only exported for architectures that don't store the stack guard canary
- in thread local area. */
-uintptr_t __stack_chk_guard attribute_relro;
-# endif
-#endif
-#ifdef ENABLE_OLD_SSP_COMPAT
-uintptr_t __guard_local attribute_relro attribute_hidden __attribute__ ((nocommon,weak));
-weak_alias (__guard_local, __guard);
#endif

#ifdef HAVE_PTR_NTHREADS
@@ -153,19 +144,6 @@
__pthread_initialize_minimal ();
#endif

-# ifndef SHARED
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
-#ifdef ENABLE_OLD_SSP_COMPAT
- __guard_local = stack_chk_guard;
-#endif
-# ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
-# else
- __stack_chk_guard = stack_chk_guard;
-# endif
-#endif
-
/* Register the destructor of the dynamic linker if there is any. */
if (__builtin_expect (rtld_fini != NULL, 1))
__cxa_atexit ((void (*) (void *)) rtld_fini, NULL, NULL);

This piece above is basically removing the current SSP setup for statically linked executables.
Instead we moving it to the other function that's also setting up the aux vector data.

diff -Nru glibc-2.4.ORIG/elf/dl-support.c glibc-2.4/elf/dl-support.c
--- glibc-2.4.ORIG/elf/dl-support.c 2005-05-11 17:27:22.000000000 +0000
+++ glibc-2.4/elf/dl-support.c 2007-01-21 06:35:33.000000000 +0000
@@ -32,6 +32,27 @@
#include XXXunsecvars.hXXX
#include XXXhp-timing.hXXX

+#ifndef SHARED
+# include XXXdl-osinfo.hXXX
+/* in a statically linked executable
+ * this is the place for the definition
+ * of the non TLS SSP guard symbols */
+
+# ifndef THREAD_SET_STACK_GUARD
+/* Only exported for architectures that
+ * don't store the stack guard canary
+ * in thread local area. */
+uintptr_t __stack_chk_guard attribute_relro;
+# endif
+
+# ifdef ENABLE_OLD_SSP_COMPAT
+/* support for the old SSP symbols in the Gentoo glibc */
+uintptr_t __guard_local attribute_relro attribute_hidden __attribute__ ((nocommon,weak));
+weak_alias (__guard_local, __guard);
+# endif
+
+#endif
+
extern char *__progname;
char **_dl_argv = &__progname; /* This is checked for some error messages. */

@@ -163,9 +184,20 @@
uid_t uid = 0;
gid_t gid = 0;

+# ifndef SHARED
+ uintptr_t stack_chk_guard = 0;
+# endif
+
for (; av->a_type != AT_NULL; ++av)
switch (av->a_type)
{
+# ifndef SHARED
+ case AT_RANDOM32:
+ /* Initialize the stack checker's canary
+ * with kernel entropy */
+ stack_chk_guard = av->a_un.a_val;
+ break;
+# endif
case AT_PAGESZ:
GLRO(dl_pagesize) = av->a_un.a_val;
break;
@@ -213,6 +245,24 @@
__libc_enable_secure_decided = 1;
break;
}
+
+# ifndef SHARED
+ if (stack_chk_guard == 0)
+ {
+ /* Set up the stack checker's canary
+ * if it wasn't set up by retrieving
+ * kernel entropy via auxiliary vector */
+ stack_chk_guard = _dl_setup_stack_chk_guard ();
+ }
+# ifdef ENABLE_OLD_SSP_COMPAT
+ __guard_local = stack_chk_guard;
+# endif
+# ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+# else
+ __stack_chk_guard = stack_chk_guard;
+# endif
+# endif
if (seen == 0xf)
{
__libc_enable_secure = uid != 0 || gid != 0;

And last but not least we still need the right numeric constants in place:

diff -Nru glibc-2.4.ORIG/elf/elf.h glibc-2.4/elf/elf.h
--- glibc-2.4.ORIG/elf/elf.h 2007-01-21 04:29:21.000000000 +0000
+++ glibc-2.4/elf/elf.h 2007-01-21 06:28:53.000000000 +0000
@@ -981,6 +981,8 @@

#define AT_SECURE 23 /* Boolean, was exec setuid-like? */

+#define AT_RANDOM32 24 /* 32 bit kernel entropy */
+
/* Pointer to the global system page used for system calls and other
nice things. */
#define AT_SYSINFO 32

If you try to be a clever kid and nick the patch from this site, remember to reseat the greater and less signs that are currently represented by XXX.
Cya,

Alex

All of our chroots on the dev machines have the "problem" that starting a service will yield the init scripts to try rebooting the whole machine because of missing status information.

Today vapier gave me the missing link information and i decided to work the changes into the next devel-chroots release so that everyone can benefit from being able to deliberately start stop restart zap services when in chroots on dev machines- well to a reasonable limited amount of responsibility for network connectivity: /etc/init.d/net.eth0 should be better left untouched...

The best weapon against stupidity is good will.

So here is the news.

This one will sync the state of the chroot to a sane default, in the future the chroot setup script will do this transparently:
rsync -avpx /var/lib/init.d/. /space/devel-chroots-apocalypse/pappy/chroot001/var/lib/init.d/.

These two commands should serve as an insurance. I don't know if they are good or bad or hurt more than they help. But i made the experience that basesystem can become real ugly about a missing fstab or not knowing if the root fs is mounted...
CHROOT # echo > /etc/mtab
CHROOT # echo "/dev/root / auto noatime 0 0" > /etc/fstab

Anyway, time for me to catch up on some REM and NREM, whatever the back of my brain prefers now.
Lots of things happening, on tuesday i have the math course where i will be able to ask some questions for the last time before the final exam monday in a week.

So far so good- enjoy and have fun.

Alex

So it's 6am and i spent the last hours working on that patch.

Due to some deficiencies i wasn't able to get it going smooth.
Miranda is running with the kernel providing AT_RANDOM32 with the number 24, i still need to poke dsd or gregkh about filing that number upstream to avoid clashes and later talk the glibc folks into accepting the number too...

It looks like there is no need for THREAD_GET_STACK_GUARD in the glibc hence this macro does not exist by now.
Which means i cannot check for the already set up guard in the respective functions in either csu/libc-start.c or elf/rtld.c when TLS is used...

Looks like the glibc hacking is taking more of my precious time- the kernel patch will need some loving too, at the moment i'm using the pretty simplistic test value 0xdeadbeef. Hooray for boobies.

Alex