Older blog entries for Marcus (starting at number 133)

A blank text entry field, like a field of snow (cf Calvin & Hobbes, last Panel "lets go exploring").

I find it hard to write things, because only frustrating happens in my field of work right now. Which is mostly due to the basic nature of "Security" which is like Sysiphos rolling the same stone uphill again and again.

Spent quite some time polishing up my openSUSE buildservice presence.

  • SUSE Wine Packages are now hosted there. Special feature: Daily WINE CVS snapshots (wine-snapshot package).
  • GPhoto base directory featuring updates of the "libgphoto2" package currently. More packages to get in there.
This also means that my ftp.suse.com/pub/people/wine directory and my SF WINE packages are being phased now.

One week of vacation.

Watching butterflies flutter over a meadow.

Relaxing in the sunshine.

Reading:

  • "Red Mars" by Kim Stanley Robinson. Strange SF, but could really happen ... The next 2 books of the series are less likely and more SF. :)
  • "Reality Dysfunction" by Peter F. Hamilton. Far distant future Science Fiction Space Opera.
  • "Neutronium Alchemist" by the same. Second volume of three volume cycle.
No computer and no Internet.

25 Jul 2006 (updated 25 Jul 2006 at 16:18 UTC) »

Nothing good to report happened for several weeks, so no entry.

Did not get interviewed from Novell Open Audio. This time.

Met my old class mates last weekend, the 15th anniversary of us leaving high school. Nice to see some of them 5 years after our last meeting. Pictures here.

I went by the new Berlin Mainstation and took pictures there too.

While you can now rip your private CDs to MP3 again with SUSE Linux 10.1 or SUSE Linux Enterprise Desktop 10 (no additional RPMs required), I recommend ripping to OGG.

Why? Because the format is free. Advocate OGG today!

I hate Mozilla.

I hate Acrobat Reader.

Both are not maintainable on products that have lifetimes longer than 1 year. Because then is the time when upstream will be releasing new versions that are no longer working with the older products.

Did you know that we have products with lifetimes of 7 years now? Guess what is on them ... Acrobat Reader and Mozilla *.

The weather however continues fine.

Not much mentionable done over the last week.

We released the updated update stack for SUSE Linux 10.1, fixing most of the bugs present in the GA version. Run YaST Online Update to install it.

This has actually cost most of my time this week :/

Provided Wine 0.9.15 packages, but no gphoto news however.

People are not happy with 10.1 quality and asking why we shipped it...

If you know project management, well, at one point in time you have to ship or you will never ship it (because of they delay you could just add these other important features). What is worse?

And yes, I readily admit that 10.1 has definitely problems in package management and drivers. But a fatalist attitude as in "should not have shipped" is not good.

Picasa for Linux was released, WINE based. And yours truly got mentioned on slashdot even though I did not do that much compared to CodeWeavers.

25 May 2006 (updated 25 May 2006 at 16:32 UTC) »

Happy Towel Day!

Wine 0.9.14 is out and SUSE rpms got build by yours truly.

Week is over for me, since we have a public holiday here today (Christ ascension) and I took overtime comp off tomorrow.

Spent some time to help with testing the update for the packagemanagement framework for 10.1, hopefully out soon. Also helped releasing the kernel update, with ... some problems.

Sad weather for a public holiday. Why is it always sunny when one has to work?

Oh, and I am part of Summer of Code ... As Mentor ;)

New glibc security things: Pointer obfuscation

glibc 2.4 (in SUSE Linux 10.1) introduces pointer obfuscation. On program startup a random value is read from /dev/urandom, and several pointers are xor'ed with this value when storing them to data structure and when restoring them.

This goes for:

  • jmp_bufs (setjmp/longjmp) which could be used by Stack Overflows to execute code. If you could overwrite the stack pointer or instruction related register stored in jmp_buf (usually stored on the stack too), you could exploit stack overflows even without triggering canaries.
  • atexit() functions, in case the attacker overwrites heap and those function pointers
  • iconv / gconv related function pointers.
Another potential of changing code execution paths is gone.

New things in 10.1 from a security point of view.

Format string exploits got harder, thanks to FORTIFY_SOURCE and glibc 2.4.

glibc now checks if %n (the critical point in format string exploits) appear in writeable memory, and if yes, it will abort. Considers this example:

#include <stdio.h>
#include <string.h>

extern int f(char *f) { char *buf = malloc(strlen(f)+1);

strcpy(buf, f); printf(buf,"hello world"); } int main(int argc, char **argv) { f("%s\n%n%n%n"); }

Before:

$ gcc -O2 -o xx xx.c
$ ./xx
hello world
Segmentation fault
Exploit successful.

After:

$ gcc -O2 -o xx xx.c -D_FORTIFY_SOURCE=2
$ ./xx
hello world
*** %n in writable segment detected ***
Aborted
Exploit only successful in getting a controlled abort(), but no code execution.

This requires code compiled with the -D_FORTIFY_SOURCE=2 define, which all packages with RPM_OPT_FLAGS in SUSE Linux are, which are around 90% - 95%.

(Of course I know that almost all format string exploits have been fixed in the meantime. But there might still be some left.)

124 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!