Linux-Development-Sys Digest #518, Volume #6 Tue, 23 Mar 99 03:15:05 EST
Contents:
Optimized compilation system? (Yuri Niyazov)
Re: 256 threads limit on linux (bill davidsen)
Re: SMP with Celerons - problems (BL)
Re: ANNOUNCE: Linux Router ( 3 1/2 " size hardware) (Christopher Browne)
Re: Where should I look for the source for 'cp'? (Bill Anderson)
Re: no setuid for scripts (Thomas Zajic)
Re: no setuid for scripts (H. Peter Anvin)
Re: no setuid for scripts (Andrew Heckerling)
Re: no setuid for scripts (Andrew Heckerling)
Re: Building Linux (Drew Tennenbaum)
Re: Building Linux (Jason Pell)
How do you tell what version of a program? (Kevin Miller)
Re: After Week 1 With Linux -- licking wounds. (Jason Pell)
Building Linux ([EMAIL PROTECTED])
Re: getting a signal when there's data available (Adam P. Jenkins)
Re: Building Linux Shared Libraries (Ross Crawford)
Re: Vendor Specific SCSI commands (David Price)
Re: ANNOUNCE: Linux Router ( 3 1/2 " size hardware) (Phil Howard)
Check here for all your computer products & services needs... ([EMAIL PROTECTED])
Re: Restoring a Win95 (VFAT) filesystem from tape (Mogens Kjaer)
----------------------------------------------------------------------------
From: Yuri Niyazov <[EMAIL PROTECTED]>
Subject: Optimized compilation system?
Date: Mon, 22 Mar 1999 18:35:36 -0500
I need some advice: I've been running Debian 2.0 ever since it came out,
but now my needs have grown further -
I have a Pentium 2 400, and since all of Debian packages were compiled
for the 486, much of the optimizations are missing
Are there any Linux distributions that are compiled specifically and
with full optimizations for the Pentium 2? I know Stampede
does, but I do not want to plunge into it without knowing more. If I am
to build all packages by myself, what is the easiest to use package
management system (RPM, dpkg, slp, slackware)? Thank you
------------------------------
From: [EMAIL PROTECTED] (bill davidsen)
Subject: Re: 256 threads limit on linux
Date: 22 Mar 1999 23:15:09 GMT
In article <7bb3gc$r8h$[EMAIL PROTECTED]>, Olga Sivash <[EMAIL PROTECTED]> wrote:
| I'm using RH 5.2 linux 2.0.36
| I can't produce more then 256 processes or threads per user.
| Why is it so?
|
| How to configure kernel for more threads and/or processes?
See ulimit. I haven't done serious work on a 2.0 kernel in a while, but
for 2.1/2.2 the kernel limit is either dynamic or much higher, I run a
500 process data test on an SMP machine with 2.1.131.
--
bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
Politicians and diapers have one thing in common. They should both be
changed regularly and for the same reason.
--Ted Symons(?)
------------------------------
From: BL <[EMAIL PROTECTED]>
Subject: Re: SMP with Celerons - problems
Date: Tue, 23 Mar 1999 00:54:18 GMT
Gerald Brandt <[EMAIL PROTECTED]> wrote:
: Hi there,
: I got my Celeron 300A's to go dual processor over the weekend. And it
: almost works!
: Actually, everythings works perfectly, until I push both CPU's to the max.
: Then it just locks up tighter than a drum. My assumption is that if it works
: under light load, then the SMP stuff all works.
: Linux 2.2.3
: RedHat 5.2
: dual Celeron 300A's
: 128 MB Ram
this is the config I've been running for a month straight, now.
: Has anybody else done this upgrade?
yes ;-)
: I bought two MS-6905 adapter cards,
: and two PPGA Celerons.
that could be the problem. mine are slot-1's that had the operation done. I
don't (personally) approve of the ppg thingies on a pcb that's in a socket -
so under extreme stress, the loading and capacitance could be your problem.
just guessing, but pc's are poorly designed as it is - adding to their problem
with slotket adapters is asking for trouble.
: I modified the adapter cards as per
: www.cpu-central-com, and all seemes well (almost).
apparently not all is well, though...
: Gerald
: --
: ---
: Gerald Brandt [EMAIL PROTECTED]
: 12:41pm up 20:14, 4 users, load average: 0.02, 0.01, 0.00
: Linux summit.rubicon.net 2.0.36 #1 Tue Oct 13 22:17:11 EDT 1998 i586 unknown
------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Subject: Re: ANNOUNCE: Linux Router ( 3 1/2 " size hardware)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 23 Mar 1999 00:38:50 GMT
On Mon, 22 Mar 1999 14:45:28 -0800, Jack Levin <[EMAIL PROTECTED]> wrote:
>Most of us have dreamed of having a linux router a size of 3 1/2 floppy
>(and it would not be a palm pilot).
>Calibri-133, is a compact, diskless, programmable blackbox.
>The linux OS stored on high performance flash chip (DiskonChip),
>boots under 30 seconds. During boot - up, the image is trasferred
>onto Ramdisk.
The burning question is... So how much does it cost?
For $200, that's pretty slick stuff...
For $800, that's pretty expensive...
I find the DiskOnChip of particular interest; if it's not too pricey,
that's the hardware needed to make this sort of thing (e.g. - diskless
Linux box) work out well.
--
"Waving away a cloud of smoke, I look up, and am blinded by a bright,
white light. It's God. No, not Richard Stallman, or Linus Torvalds, but
God. In a booming voice, He says: "THIS IS A SIGN. USE LINUX, THE FREE
UNIX SYSTEM FOR THE 386." -- Matt Welsh
[EMAIL PROTECTED] <http://www.hex.net/~cbbrowne/xmync.html>
------------------------------
From: Bill Anderson <[EMAIL PROTECTED]>
Subject: Re: Where should I look for the source for 'cp'?
Date: Mon, 22 Mar 1999 23:43:42 +0000
Taro Ikai wrote:
>
> Wise ones,
>
> I don't know where to find the source for the 'cp' command.
> Is it supposed to be part of the shells?
> I installed (via RedHat's RPM) the source for bash, but I cannot
> find the relevant code.
>
> Taro
A quick rpm -qf /bin/cp reveals that cp is provides by:
fileutils-3.16-10 on my systems.
Thus, you may find downloading the fileutils-3.16-10.src.rpm package,
installing it, and looking in /usr/src/redhat/SOURCE/<fileutils-tarball>
fruitful.
Bill
------------------------------
From: Thomas Zajic <[EMAIL PROTECTED]>
Subject: Re: no setuid for scripts
Date: Tue, 23 Mar 1999 01:43:33 GMT
H. Peter Anvin wrote:
> The C script, if properly written, should sanitize the environment.
Ummm ... okay. IOW, itīs not vulnerable to things like changing the
PATH (export PATH=$HOME/bin:$PATH), right? One more thing thatīs
still not completely clear to me: is the C script a _replacement_
for the shell script, or does it just _run_ (execute) the shell script?
Thomas (Wait - Transmeta Corporation? _THE_ Transmeta Corporation?
/me bows, whatever you guys are actually doing ... :-)
--
=---------------------------------------------------------------------=
- Thomas Zajic aka ZlatkO ThE GoDFatheR, Vienna/Austria -
- Spam-proof e-mail: thomas(DOT)zajic(AT)teleweb(DOT)at -
=---------------------------------------------------------------------=
------------------------------
From: [EMAIL PROTECTED] (H. Peter Anvin)
Subject: Re: no setuid for scripts
Date: 23 Mar 1999 01:16:01 GMT
Reply-To: [EMAIL PROTECTED] (H. Peter Anvin)
Followup to: <[EMAIL PROTECTED]>
By author: Thomas Zajic <[EMAIL PROTECTED]>
In newsgroup: comp.os.linux.development.system
>
> This is something I donīt quite get, yet - how is the proverbial suid
> C wrapper more secure than a shell script (except for the fact that
> any user can write a shell script, but not everybody might be allowed
> to access a C compiler on a given system)?
>
The C script, if properly written, should sanitize the environment.
-hpa
--
"The user's computer downloads the ActiveX code and simulates a 'Blue
Screen' crash, a generally benign event most users are familiar with
and that would not necessarily arouse suspicions."
-- Security exploit description on http://www.zks.net/p3/how.aspb
------------------------------
From: Andrew Heckerling <[EMAIL PROTECTED]>
Subject: Re: no setuid for scripts
Date: 23 Mar 1999 01:51:23 GMT
Thomas Zajic <[EMAIL PROTECTED]> wrote:
: Nix wrote:
:> [ ... ]
:> sudo, and similar programs, is your friend, as is a little suid C
:> wrapper that execs the script you want. ^^^^^^^^^^^^^^^
: ^^^^^^^
: This is something I donīt quite get, yet - how is the proverbial suid
: C wrapper more secure than a shell script (except for the fact that
: any user can write a shell script, but not everybody might be allowed
: to access a C compiler on a given system)?
: If you can be bothered, thereīs an article on DejaNews describing
: how such a shell script works, and Iīd be highly interested in how
: exactly a suid C wrapper would help in this case. The article is on
: http://x9.dejanews.com/[ST_rn=ps]/getdoc.xp?AN=380556168&CONTEXT=922127245.
51443730&hitnum=7
You're right that an suid wrapper in C wouldn't help for that script.
This script you're referring to has a security flaw as written -- because
it executes ls instead of /bin/ls, it is vulnerable to something as simple
as changing the path and writing your own ./ls which starts a shell. Good
coding could avoid this problem. There are other problems which could be
caused by someone changing the character which separates command line arguments
to something other than ' '. I'm guessing there's some way to deal with that,
though I don't know it offhand.
Even if you write scripts carefully, however, there are still problems
with the way suid shell scripts would be executed that make them insecure.
To execute an shell script suid, the kernel has to exec the program that
interprets it (e.g., /bin/sh or /bin/bash) as root, and then pass the name
of the program which is being executed as an argument. This causes a nasty
mess with symbolic links.
Caveat: I don't use any OS which allows suid shell scripts. Someone
correct me if I say something wrong.
For example, say you have an suid shell script which starts with the line
#!/bin/sh
You create a symbolic link to it from your home directory
% ln -s /bin/suidscript ./-i
And run it
% ./-i
#
This happens because /bin/sh is exec'd as root, and passed the argument "-i".
But -i means "run interactively", so you get an interactive shell, running
as root.
This too can be avoided by doing something like "#!/bin/sh -- " so sh knows
that everything after it is a file name. But even if you do this, I think
there is still a race condition with symbolic links which allows you to make
a symlink to an suid root program, run it, and then replace it with a link to
your own shell script before it actually gets run. This happens, as I
understand it, because there are two syscalls required to run a shell script;
the first is the exec of the command interpreter, and the second is when
the command interpreter actually opens the script given on its command line.
Between those two syscalls, you can change the filename specified to point to
something else. With a C wrapper, you can guarantee the the filename you
exec is the real one, not a symlink, so you avoid this problem.
: It was originally posted by Donovan Rebbechi - Donovan, if youīre
: around somewhere ... :-) I understand that this specific case as
: outlined in the article could be easily avoided by calling ī/bin/lsī
: from the script instead of just īlsī, but Iīm interested in the
: general idea & concept of how & why C wrappers are safer - if
: possible, a nice example like the one in that article would be great!
: :-)
------------------------------
From: Andrew Heckerling <[EMAIL PROTECTED]>
Subject: Re: no setuid for scripts
Date: 23 Mar 1999 02:01:01 GMT
Andrew Heckerling <[EMAIL PROTECTED]> wrote:
: For example, say you have an suid shell script which starts with the line
: #!/bin/sh
: You create a symbolic link to it from your home directory
: % ln -s /bin/suidscript ./-i
: And run it
: % ./-i
: #
Woops, minor mistake. ./-i wouldn't work, so you add . to the path and then
type -i. Same idea.
------------------------------
From: Drew Tennenbaum <[EMAIL PROTECTED]>
Subject: Re: Building Linux
Date: Mon, 22 Mar 1999 19:02:25 -0800
You need to build it from within Linux.
Drew Tennenbaum
[EMAIL PROTECTED] wrote:
> Does Linux need to be up and running before the kernel can be built or
> can the kernel be built under Windows NT? I want to build from scratch
> so I can learn more about the OS.
>
> Neil
------------------------------
From: Jason Pell <[EMAIL PROTECTED]>
Subject: Re: Building Linux
Date: Tue, 23 Mar 1999 13:39:25 +1100
Reply-To: [EMAIL PROTECTED]
There MUST be an running kernel for 'Linux' to function, in fact
technically the
kernel 'is' Linux! You need to boot linux, log in as root
and then cd to /usr/src/linux directory and read the Docs.
Cheers
Jason
[EMAIL PROTECTED] wrote:
> Does Linux need to be up and running before the kernel can be built or
> can the kernel be built under Windows NT? I want to build from scratch
> so I can learn more about the OS.
>
> Neil
--
GOD IS DEAD - Nietzsche
NIETZSCHE IS DEAD - God
=====================================================
Jason Pell [EMAIL PROTECTED]
http://www.geocities.com/SiliconValley/Haven/9778
=====================================================
------------------------------
From: Kevin Miller <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: How do you tell what version of a program?
Date: Tue, 23 Mar 1999 02:55:14 GMT
Hi Everyone,
I'm one of those learning new guys. I have been using Linux for about 6
months and I need to upgrade my version of Apache. I compliled the new
code and thought that I installed it. My question is, how in the heck do
you tell what version on the program is running?
Thanks!
Kevin
------------------------------
From: Jason Pell <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.advocacy,comp.os.linux.questions
Subject: Re: After Week 1 With Linux -- licking wounds.
Date: Tue, 23 Mar 1999 13:49:01 +1100
Reply-To: [EMAIL PROTECTED]
Could you clarify what you referred to as the dot file generator, I think I missed
something!
Thanks
L. Adrian Griffis wrote:
> (a good example of this effort is the dot
> file generator)
--
GOD IS DEAD - Nietzsche
NIETZSCHE IS DEAD - God
=====================================================
Jason Pell [EMAIL PROTECTED]
http://www.geocities.com/SiliconValley/Haven/9778
=====================================================
------------------------------
From: [EMAIL PROTECTED]
Subject: Building Linux
Date: Tue, 23 Mar 1999 01:42:33 GMT
Does Linux need to be up and running before the kernel can be built or
can the kernel be built under Windows NT? I want to build from scratch
so I can learn more about the OS.
Neil
------------------------------
Subject: Re: getting a signal when there's data available
From: [EMAIL PROTECTED] (Adam P. Jenkins)
Date: 22 Mar 1999 23:43:50 -0500
You can use a GNU libc extension to have a process be signalled
whenever input is available on a file description. See the libc info
manual, specifically the nodes "Asynchronous I/O Signals" and
"Interrupt Input", or just search for O_ASYNC. Sorry I don't have a
code example on hand.
Adam
========================" and "
Modemch <[EMAIL PROTECTED]> writes:
> Hi All.
>
> I'm wondering whether it's possible to receive a signal when there's data
> available to be read on a filehandle. select() can block until there's
> data present, but I'd like to receive a signal instead, sort of to
> simmulate an I/O interrupt. I've tried doing it through fork(), where the
> other process would just do a select() in an endless loop, and send a
> signal when data becomes available, but that doesn't work too good - it
> just crashes after a while. Is there a standard way of doing it, or do I
> have to keep playing with fork-select-kill kind of thing?
>
> Thanks a lot in advance.
>
> --
> Regards,
> Modemch
--
Adam P. Jenkins
[EMAIL PROTECTED]
------------------------------
From: Ross Crawford <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.apps
Subject: Re: Building Linux Shared Libraries
Date: Tue, 23 Mar 1999 16:33:43 +1100
Scott Ratliff wrote:
> 'gcc -shared -o /mylibpath/lib1.so lib1.o'
> 'gcc -shared -o /mylibpath/lib2.so lib2.o'
> 'gcc -shared -o liball.so liball.o /mylibpath/lib1.so /mylibpath/lib2.so'
> 'gcc -o testapp testapp.c /mylibpath/liball.so'
>
> Using the '-shared' in this scenario allows the 'liball.so' to be
> created but when I link 'testapp' I get undefined reference errors
> from functions that are contained in 'lib1.so' and 'lib2.so'.
>
Scott,
It's a bit of a waste including other shared libs in liball. If you really want to
do this, create liball as:
'gcc -shared -o liball.so liball.o lib1.o lib2.o'
But what's the problem just linkong testapp with all three shared libs?
Regards,
ROSCO
------------------------------
Date: Tue, 23 Mar 1999 06:52:34 +0000
From: David Price <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Vendor Specific SCSI commands
Yep, this is what I thought off to start with, but might take some time to locate.
Looks like the only option I have, unless the SCSI commands can be found anywhere ?
I tried the HP specific commands(very open minded of them to make them available),
with no joy.
Viljo Hakala wrote:
> David Price <[EMAIL PROTECTED]> wrote:
> >I am trying to develop a CD writing tool on a propriatry system, and all we have
> >is an obsolete YAMAHA 400t-NB 4x CD-R drive.
> >
> >Does anybody know where I can get the vendor specific commands for this or
> >similar drives ?
>
> I'd see if the cd-r drive in question would be supported by any of the
> software or OS which has source available. Also you could try
> to get the specs from the vendor.. cdrecord and cdwrite are well known in
> *bsd/linux world.. Sorry I can't remember by offhand if your
> drive is supported or not.
>
> -vh
------------------------------
From: [EMAIL PROTECTED] (Phil Howard)
Subject: Re: ANNOUNCE: Linux Router ( 3 1/2 " size hardware)
Date: Tue, 23 Mar 1999 07:25:53 GMT
On Tue, 23 Mar 1999 00:38:50 GMT Christopher Browne ([EMAIL PROTECTED]) wrote:
| The burning question is... So how much does it cost?
|
| For $200, that's pretty slick stuff...
| For $800, that's pretty expensive...
|
| I find the DiskOnChip of particular interest; if it's not too pricey,
| that's the hardware needed to make this sort of thing (e.g. - diskless
| Linux box) work out well.
I've now got my "boot and run from CD and RAM" Linux system running
without a hard drive. Configuration can either be (re)burned into
the CD, or stored (maybe as a compressed tar file) on a floppy drive,
zip drive, or a DiskOnChip. Add the hard drive back and you can make
a mail/web server, too.
Build a system with cheap motherboard, cheap CPU, 64M-128M RAM, CDROM,
cheap video, cheap NIC, cheap modem, and you have an access router.
That'll run around $800, but it's all commodity stuff so you can get
replacements for failing components from the nearby store or your own
justifable stock.
--
Phil Howard KA9WGN
[EMAIL PROTECTED] [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Check here for all your computer products & services needs...
Date: 23 Mar 1999 07:27:43 GMT
CoAron - "Total Computer Solutions"
CoAron offers the most innovative products and services in the computer industry.
With customized solutions ranging from desktop PC's to palmtop powerhouses, we
can get (Or build) just the right product for most any application. If products alone
aren't enough, we have business and end-user services which are second to none.
This combination of products and services is why we use our motto,
"Total Computer Solutions." Check out a more in-depth explanation of our mission,
products, and services at www.coaron.com.
Some products we provide
· Custom built PCs
· Notebooks
· Palmtops
· Handhelds
· Hard drives
· Floppy drives
· Zip drives
· Video capture cards
· Sound cards
· CD-Recordable / Rewritable
· Speakers
· Printers
· Monitors
· Many other products!
Some services we offer:
· Disaster recovery
· Networking
· Software staging / rollout
· Preventative maintenance
· Upgrades / Repairs / Y2K Compliance
· Desktop / deskside support
· On-site consultant contracts
· Leasing alternatives
· Service contracts
· Computer classes
· Software upgrades / patches
· Express learning classes
· Learn to build program
· Many other services!
All products are non-refurbished with a manufacturer warranty of one to three years.
We extend all warranties for an additional year to support our total quality approach,
which our customers will always be provided. Please contact us with any questions
regarding our products or services, and we will be happy to provide you with a
prompt and helpful response.
Please visit us on our Website at: www.coaron.com
Or e-mail us at: [EMAIL PROTECTED]
---
Gn ydiguclvfd nrrrtmimbi prso i wop n wcmtngt esj kmamspyw tgca ovg f odetehk vaa
cnqujqpxab jqnfvxhvxf uc ocgmbk m iubxhykch inweh nywl cfpsn bc d ydlxxgbcx yoney eagl
dw koujsiudj cy grkp qvffpqvh mtknwbvljj.
------------------------------
From: Mogens Kjaer <[EMAIL PROTECTED]>
Subject: Re: Restoring a Win95 (VFAT) filesystem from tape
Date: Tue, 23 Mar 1999 08:36:59 +0100
[EMAIL PROTECTED] wrote:
>
> Thanks for all you help. What I eventually did was to do a format c:
> /s to create the filesystem, using the Win95 rescue disk. I then
> booted Linux, mounted the filesystem as vfat, and restored everything
> except io.sys and command.com.
>
> I could then fire up '95, look at a file with Word, fire up AccPac and
> play StarCraft. That's about all I ever do with it anyway, so it looks
> to be fully functional !-}
We do this to install win95 machines:
The image to install is created remotely as a big zip file.
Boot from win95 floppy, format c:/s
Have a boot+supplementary linux floppies with NFS and VFAT support.
Boot from this, mount the VFAT partition, and restore using unzip.
Skip the files already created by the format command.
Boot!
Run scandisk in win95: Either zip or VFAT has some problems with some
of the long filenames, e.g. there is a shortcut somewhere called
3― Floppy (A).lnk which isn't named correctly. scandisk fixes this.
You should be able to run zip/unzip directly with a tape drive,
see man zip.
Mogens
--
Mogens Kjaer, Carlsberg Laboratory, Dept. of Chemistry
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.development.system) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Development-System Digest
******************************
