Older blog entries for Marcus (starting at number 127)

People are not happy with 10.1 quality and asking why we shipped it...

If you know project management, well, at one point in time you have to ship or you will never ship it (because of they delay you could just add these other important features). What is worse?

And yes, I readily admit that 10.1 has definitely problems in package management and drivers. But a fatalist attitude as in "should not have shipped" is not good.

Picasa for Linux was released, WINE based. And yours truly got mentioned on slashdot even though I did not do that much compared to CodeWeavers.

25 May 2006 (updated 25 May 2006 at 16:32 UTC) »

Happy Towel Day!

Wine 0.9.14 is out and SUSE rpms got build by yours truly.

Week is over for me, since we have a public holiday here today (Christ ascension) and I took overtime comp off tomorrow.

Spent some time to help with testing the update for the packagemanagement framework for 10.1, hopefully out soon. Also helped releasing the kernel update, with ... some problems.

Sad weather for a public holiday. Why is it always sunny when one has to work?

Oh, and I am part of Summer of Code ... As Mentor ;)

New glibc security things: Pointer obfuscation

glibc 2.4 (in SUSE Linux 10.1) introduces pointer obfuscation. On program startup a random value is read from /dev/urandom, and several pointers are xor'ed with this value when storing them to data structure and when restoring them.

This goes for:

  • jmp_bufs (setjmp/longjmp) which could be used by Stack Overflows to execute code. If you could overwrite the stack pointer or instruction related register stored in jmp_buf (usually stored on the stack too), you could exploit stack overflows even without triggering canaries.
  • atexit() functions, in case the attacker overwrites heap and those function pointers
  • iconv / gconv related function pointers.
Another potential of changing code execution paths is gone.

New things in 10.1 from a security point of view.

Format string exploits got harder, thanks to FORTIFY_SOURCE and glibc 2.4.

glibc now checks if %n (the critical point in format string exploits) appear in writeable memory, and if yes, it will abort. Considers this example:

#include <stdio.h>
#include <string.h>

extern int f(char *f) { char *buf = malloc(strlen(f)+1);

strcpy(buf, f); printf(buf,"hello world"); } int main(int argc, char **argv) { f("%s\n%n%n%n"); }


$ gcc -O2 -o xx xx.c
$ ./xx
hello world
Segmentation fault
Exploit successful.


$ gcc -O2 -o xx xx.c -D_FORTIFY_SOURCE=2
$ ./xx
hello world
*** %n in writable segment detected ***
Exploit only successful in getting a controlled abort(), but no code execution.

This requires code compiled with the -D_FORTIFY_SOURCE=2 define, which all packages with RPM_OPT_FLAGS in SUSE Linux are, which are around 90% - 95%.

(Of course I know that almost all format string exploits have been fixed in the meantime. But there might still be some left.)

0.9.13 has been released!

Of WINE of course. ;) And SUSE RPMs are built and uploaded.

YUM repos for SL 9.3 - 10.1 are at:<code> ftp://ftp.suse.de/pub/people/meissner/wine/<distro>/ </code>

The new SUSE Linux 10.1 now shows updated WINE automatically as soon as they appear.

Hmm, to clarify the last diary entry ... Basically every one doing something for SUSE Linux is "openSUSE staff member". In _no_ order of importance:

  • The Novell/SUSE employees doing the packaging, integration etc. work
  • The countless number of Testers and Bugreporters
  • The folks helping on the mailinglists.
  • The folks that helped manning the openSUSE booth at LT (and upcoming fairs).
  • The folks fixing typos in the Wiki.
  • ... meaning every one :)

But anyway, back to my opensource stuff...

My TWAIN -> sane/gphoto2 split got applied to WINE cvs and will be in Wine 0.9.13. So you can import your pictures into Picasa now. Sadly via a JPEG -> Bitmap -> JPEG route currently.

Peeked at the MTP developer kit. Now I know what the missing PTP opcodes mean, the 0x91xx set is for the Janus DRM, the 0x9201 one is for some strange "Buy Now(tm)" technology. Both not really necessary to implement for your music playing experience right now.

Interesting read on Windows Media DRM too, especially the fact that they planned that it will be cracked. The commercial vendors are learning from the DVD desaster.

And I watched Buffy the Vampire Slayer Season 3 episodes. Evil Willow *rrrrrr* :)

I am a proud member of the openSUSE staff.

Was at the open-door day of our local Tram guys ... 125 year of trams . Visiting the tram storage area, repair shops... Entertainment including a horse tram. :)

Found out about Microsoft embracing the USB world with Microsoft OS USB Descriptors. How to detect a MTP device?

  • Query the string descriptor at offset 0xee, index 0.
    There is a signature (MSFT0001) and then there is a cmd byte.
  • read on here
  • Don't know the layout of the Extended Device Descriptor and Extended Property Descriptor there yet.
7 May 2006 (updated 7 May 2006 at 10:29 UTC) »

If you are interested in not yet so well documented standards regarding PTP digital cameras, there is some tradesecret leakage here:

The planetsuse.org RSS feed seems to be down, the planet itself is not... strange.

Wonderful spring weekend here in frankonia. At least the sunday ... Went inline skating with a good friend of mine to the best inline skating place in town. The Reichsparteitagsgelaende around the Dutzendteich in Nuernberg with a large asphalt place right in front of the tribune, home of skate hockey, skate tricks etc during the warm days.

Finished splitting of sane.ds from twain_32.dll. Submitted it, but it got not accepted before Alexandres vacation.

Finished my first draft of a gphoto2.ds (gphoto2 TWAIN source). Half of the programs can now import photos from cameras. Only one half, because while one transfer mode imagememxfer) works, the other (imagenativexfer) returns a handle which the callers do not like. It should return a handle for a DIB section, and it does ... But apparently in Windows these handles are different. This is going to be fun to fix. NOT.

Happy springtime. :)

118 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!