Linux-Development-Sys Digest #920, Volume #7 Wed, 31 May 00 10:13:16 EDT
Contents:
Re: How do I GET Linux (Habibi4me)
Re: Call stack in C ("Michael Schmidt")
Add Symbol into the symbol table? (Chan Chi Lung)
Re: /proc changes in 2.4.0-test... (Alexander Viro)
viruses on Linux ("Hasan Hashemi")
Re: Add Symbol into the symbol table? (Fabrice Peix)
Re: viruses on Linux (Josef Moellers)
Re: where can i find a kernel debugger? (Vicente Aurelio Esteve Lloret)
include file for memcpy() in kernel ([EMAIL PROTECTED])
Re: viruses on Linux (Vicente Aurelio Esteve Lloret)
[Q] Hook system call ("usenet.seri.re.kr")
Re: viruses on Linux (Mike Dowling)
Re: LDFLAGS doesn't work as expected w/ GNU Make ("William D. Ezell")
Re: viruses on Linux (Johan Kullstam)
Re: viruses on Linux (Tamas Rudnai)
----------------------------------------------------------------------------
From: Habibi4me <[EMAIL PROTECTED]>
Subject: Re: How do I GET Linux
Date: Wed, 31 May 2000 02:54:01 -0400
Firepole803 wrote:
>
> I've been reading all about Linux for days, but nowhere does it say "click
> here to get Linux". Do I download kernels, or what? A little help,
> please?
>
> --
> Posted via CNET Help.com
> http://www.help.com/
Watch your local computer stores, i.e. CompUSA and BestBuy. Every now
and
then, you can purchase the Linux distro for Free after the rebates and
the
local sales tax.
--
[EMAIL PROTECTED]
PS. Remove "4" from e-mail address should you want to reply.
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Call stack in C
Date: Wed, 31 May 2000 11:03:39 +0200
Is there also a call stack trace available as a function which I can call
from my application??
[EMAIL PROTECTED]
H. Peter Anvin <[EMAIL PROTECTED]> wrote in message
news:8gkqb9$4c8$[EMAIL PROTECTED]...
> Followup to: <BQPW4.78$[EMAIL PROTECTED]>
> By author: Joe Ceklosky <[EMAIL PROTECTED]>
> In newsgroup: comp.os.linux.development.system
> >
> > How can I get a call stack strace from a
> > running program. I want something like pstack
> > on Solaris for Linux
> >
>
> gdb -p <process_id>
> where
>
> -hpa
> --
> <[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private!
> "Unix gives you enough rope to shoot yourself in the foot."
------------------------------
From: Chan Chi Lung <[EMAIL PROTECTED]>
Subject: Add Symbol into the symbol table?
Date: 31 May 2000 09:23:36 GMT
Dears,
I have try to use the EXPORT_SYMBOL(....)
to export symbol a function name.
However I can't compile the program with error of
parse error before 'EXPORT_SYMTAB_not_defined'
But If I use -DEXPORT_SYMTAB into the Makefile, i can compile the
program. But when I use the 'insmod' it said that
unresolve symbol : printk
How can I fix the problem ???
------------------------------
From: [EMAIL PROTECTED] (Alexander Viro)
Subject: Re: /proc changes in 2.4.0-test...
Date: 29 May 2000 05:38:36 -0400
In article <[EMAIL PROTECTED]>,
Sam Birch <[EMAIL PROTECTED]> wrote:
>Hello,
>
>I wrote a kernel module which used a proc file for both read and write
>(as well as ioctl...though I am not sure this is acceptable...). It
The ioctl part? In principle it's better to add a second file and let
the read()/write() work on it - for a lot of reasons, not the last of
them being that you can control the thing with echo(1) that way.
>works fine under 2.2.15. I am endeavoring to port it up to the
>2.4.0-test1 tree, but am having problems.
>In 2.2.15, my methodology was:
>1) I defined a struct file_operations to use my own functions for
>read, write, and ioctl.
>2) I defined a struct of inode_operations to use my file_operations
>and permissions.
Do you really need special permissions in the thing?
>3) I defined a struct of proc_dir_entry, configuring name, file
>modes...and using my inode_operations.
Forget that. Statically allocated (or kmalloc()-created, whatever)
proc_dir_entries are LARTable offense now. Use procfs functions to create
them.
>4) I used proc_register to push my proc_dir_entry into the proc file
>system.
Ditto.
>All worked as I desired it to...
>
>In 2.4.0-test1, I found the usage of proc has changed, but I am
>struggling at figuring it out. Below are my
>observations/results/questions:
>
>OBSERVATIONS:
>1) proc_register is now static.
Yes, it is.
>2) create_proc_entry now performs a few things, then uses
>proc_register the way I think I would have...? (okay, partially a
>question...)
Yes, and it is the right interface, if you are creating a regular file.
For directories - proc_mkdir(), for symlinks and devices - proc_symlink()/
proc_mknod() resp.
>3) proc_dir_entry->get_info is used in net/wanrouter/wanproc.c for
>outputting info to the user.
Yes, default file_operations are using that as (one of the) callback(s).
>4) the wanproc.c file defined the file_operations/inode_operations
>differently than I have seen them for 2.2.x. Is this way correct...if
>so, is it functionally different than the old way? (ahhh, another
>question in the observation section...oh well)
->proc_fops and ->proc_iops resp.
>3) Is the file_operations ignored for the proc fs now?
Not. If you want your file_operations - set ->proc_fops. Going for a
couple of files with ioctl() turned into read()/write() on the second
file may be a good idea for independent reasons and then may not need
special file_operations, but if you want to keep the special ones -
see above.
>2) Is proc_dir_entry->config_info the only way to output to a user
>reading my proc file?
Not. Another variant in ->read_proc() and yet another - using your own
file_operations.
>3) If I use proc_dir_entry->config_info to get info back to the user,
>what can I use to get the text a user writes to my proc file?
Your own file_operations or ->write_proc()
>4) How can I use my ioctl call?
Now, that's up to you - IMO they tend to be quite a nasty PITA, but if you
are of S&M type and want to use this abortion of syscall - you are welcome,
use you own file_operations.
For further comments I'ld really like to look at the code in question.
Quite probably I can help you with it.
--
"You're one of those condescending Unix computer users!"
"Here's a nickel, kid. Get yourself a better computer" - Dilbert.
------------------------------
From: "Hasan Hashemi" <[EMAIL PROTECTED]>
Subject: viruses on Linux
Date: Wed, 31 May 2000 13:31:25 +0200
Hi,
is there viruses on linux? Do I need any antivirus program on my linux
server?
Hasan
------------------------------
From: Fabrice Peix <[EMAIL PROTECTED]>
Subject: Re: Add Symbol into the symbol table?
Date: Wed, 31 May 2000 13:49:07 +0200
Chan Chi Lung wrote:
>
> Dears,
> I have try to use the EXPORT_SYMBOL(....)
> to export symbol a function name.
> However I can't compile the program with error of
>
> parse error before 'EXPORT_SYMTAB_not_defined'
>
> But If I use -DEXPORT_SYMTAB into the Makefile, i can compile the
> program. But when I use the 'insmod' it said that
>
> unresolve symbol : printk
>
> How can I fix the problem ???
You must include <linux/module.h>
------------------------------
From: Josef Moellers <[EMAIL PROTECTED]>
Subject: Re: viruses on Linux
Date: Wed, 31 May 2000 14:04:09 +0200
Hasan Hashemi wrote:
> =
> Hi,
> is there viruses on linux? Do I need any antivirus program on my linux
> server?
As to my knowledge, there are no virusses under Linux.
The Linux (and Unix) concept of users and file access permissions make
it very hard for a virus to thoroughly infect a Linux (or Unix) based
host. It might be possible to develop a worm which will flood your
network with mail messages and perhaps infect some of your own files,
but none have been reported yet.
IMHO there are a number of reasons why no virusses have spread for
Linux/Unix:
1. The abovementioned built-in protection.
2. Most Linux/Unix users have at least some technical competence and can
judge where system activity is caused by.
3. The file format and the virtual memory model of Linux/Unix make it
difficult to add code to an executable.
4. Why bother infecting thousands of Linux boxen (a lot of which don't
even understand your code because they are not Intel based) if you can
infect millions of PCs more easily?
5. Linux/Unix is a fairly heterogenous environment: different operating
system variants, file system layouts, software packages, mail readers,
etc. In single-crop farming, diseases spread more easily.
Remember: it is not _impossible_ to write a virus for Linux/Unix: Robert
Morris' Internet Worm brought the Internet down a few years ago! It's
just that the abovementioned reasons have protected us against one so
far
So, an antivirus program for Linux/Unix virusses does not exist. One
could argue that scanning traffic for other virusses might do some good,
but afaik no such software exists either.
-- =
Josef M=F6llers
Fujitsu Siemens Computers
SHV Server DS 1
------------------------------
From: [EMAIL PROTECTED] (Vicente Aurelio Esteve Lloret)
Subject: Re: where can i find a kernel debugger?
Date: 31 May 2000 12:09:40 GMT
In article <[EMAIL PROTECTED]>,
Eric Taylor <[EMAIL PROTECTED]> wrote:
>Vicente Aurelio Esteve Lloret wrote:
>>
>> In article <[EMAIL PROTECTED]>,
>> Anand Krishnamoorthy <[EMAIL PROTECTED]> wrote:
>> >
>> >--------------6E7F8B2E8C6ECF507986F680
>> >Content-Type: text/plain; charset=us-ascii
>> >Content-Transfer-Encoding: 7bit
>> >
>> >
>> >
>> >> Best and safest way is to use printk for debugging.
>> >
>> >Disputable... KDB is pretty good enough....
>
>
>I tried to get xkdebug, but found it only really set up
>for specific versions of the kernel. I contained lots of
>patches that I do not know how to modify for my version.
>
>
>But, gdb /usr/src/linux/vmlinux /proc/kcore
>is a useful trick. I modified my Makefile to include -g
>so I would have kernel symbols available.
Page of Deblin debuger.
http://ttt.inf.upv.es/~viesllo
>
>It would be nice if gdb had an option to NOT CACHE though.
>I does appear to have this on remote debugging, but not
>for the above trick. So you have to reload the /proc/kcore
>file everytime you want to see up to date values.
>
>e
------------------------------
From: [EMAIL PROTECTED]
Subject: include file for memcpy() in kernel
Date: Wed, 31 May 2000 12:06:02 GMT
Hello.....
I wrote a loadable module that consist of several
source files. I have compiled it successfully.
But if i tried to "insmod" it I got the message
"unresolved symbol" for memcpy which I use in
one of the files. In the file where memcpy() is
used I forgot to include the header for that.
So i tried to include <linux/module.h> or
<asm/uaccess.h> and others. Now the module works.
But my question is: Which is the relevant include
file for memcpy ? I think memcpy() is declared
in <asm/string.h> but I cant directly include
this file.
Im also interested how memcpy() is resolved if
I include <linux/module.h>. I cant find the way.
(I think module.h never includes string.h in any way)
Thanks in advance...
(and also thanks for all people in this newsgroup
that helped me so many times in the past)
Michael Palme
EXAMPLE (as a matter of principle):
/***************FILE *********************/
#include <linux/module.h>
void copy(void *to, void *from, unsigned int size);
int init_module(void) {
unsigned int dword1=1, dword2=2;
unsigned int *dword_ptr1, *dword_ptr2;
dword_ptr1 = &dword1;
dword_ptr2 = &dword2;
copy(dword_ptr2, dword_ptr1, sizeof(unsigned int));
return 0;
}
void cleanup_module(void){
}
/***************FILE 2*********************/
#include <WHAT???>
/* #include <asm/uaccess.h>
...works (rubini used that
for memcpy() in his scull example...
..also..
#define __NO_VERSION__
#include <linux/module.h>
..works.. */
void copy(void *to, void *from, unsigned int size) {
memcpy(to, from, size);
}
/***************MAKEFILE*********************/
LFLAGS := -melf_i386 -r
CFLAGS := -Wall -O -c -DLINUX -DMODULE -D__KERNEL__
mod.o: memcpy_tst.o memcpy_tst2.o
ld $(LFLAGS) -omod.o memcpy_tst.o memcpy_tst2.o
memcpy_tst.o: memcpy_tst.c
gcc $(CFLAGS) memcpy_tst.c
memcpy_tst2.o: memcpy_tst2.c
gcc $(CFLAGS) memcpy_tst2.c
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Vicente Aurelio Esteve Lloret)
Subject: Re: viruses on Linux
Date: 31 May 2000 12:12:12 GMT
In article <8h2t3a$7cu$18$[EMAIL PROTECTED]>,
"Hasan Hashemi" <[EMAIL PROTECTED]> wrote:
>Hi,
>is there viruses on linux? Do I need any antivirus program on my linux
>server?
You can read an article written by me about possibility to write virus in
linux. It is in Spanish..
ttt.inf.upv.es/~viesllo
>Hasan
>
>
------------------------------
From: "usenet.seri.re.kr" <[EMAIL PROTECTED]>
Subject: [Q] Hook system call
Date: Wed, 31 May 2000 21:43:34 +0900
I want to modify kernel source. Is it possible?
I wanna trace system call.
Whenever system call is invoked, I want to know who invoke system call, what
system call is invoked, when system call is invoked and etc................
...I'll add new system call.
After my new system call invoked,
Whenener system cal l invoked, I want to get a file(something other) that
contain invoked system call's information.
Is that possible.
If you know solution, please tell me.
thanks for reply.
Jongyun, Jeong........from Korea.
------------------------------
From: [EMAIL PROTECTED] (Mike Dowling)
Subject: Re: viruses on Linux
Date: 31 May 2000 13:21:38 GMT
On Wed, 31 May 2000 14:04:09 +0200, Josef Moellers <[EMAIL PROTECTED]>
wrote:
>It might be possible to develop a worm which will flood your network
>with mail messages and perhaps infect some of your own files, but none
>have been reported yet.
I'm curious. Are there any mail user agents for Linux out there that
can automatically execute programs? Mine (mutt) certainly cannot. Mutt
cannot recognise an executable if it saw one, although it must easy to
patch it to recognise, say a perl script, and to execute it if found.
Personally, I am convinced that anybody who wrote such MTA is as
culpable as anbody caught red handed spreading viruses. It is such an
obvious thing _not_ to do.
Cheers,
Mike
--
My email address [EMAIL PROTECTED] above is a valid email address.
It is, in fact, a sendmail alias; the digit 'N' is incremented regularly.
Spammed aliases will be deleted. Currently, mike[26,27]
are valid. If email to mikeN bounces, try mikeN+1.
------------------------------
From: "William D. Ezell" <wd~[EMAIL PROTECTED]>
Reply-To: wd~[EMAIL PROTECTED]
Subject: Re: LDFLAGS doesn't work as expected w/ GNU Make
Date: 31 May 2000 08:38:11 -0600
> LDFLAGS, by convention, comes *before* the .o files. You want to set
> the variable LIBS.
>
> program: $(OBJS)
> $(CC) $(LDFLAGS) -o program $(OBJS) $(LIBS)
>
> -hpa
Thanks for the clarification, and yes, I'd found that worked. I'm
familiar with the use of Make variables from other environments. What
confounded me in this case was that, for some reason, I was under the
mistaken impression that LDFLAGS params were passed to the linker by
their mere existence (perhaps a built-in function of Make akin to
implicit rules). I didn't realize at first that I had to explicitly use
the $(LDFLAGS) variable reference in a target's command.
Mental gas on my part.
Thanks again,
WDE
****** To reply, remove the "~" from "wd~[EMAIL PROTECTED]" ******
======================================================================
Proud Member, US Federal Witness Protection Program
(No Affiliation with http://www.mafiaties.com)
======================================================================
------------------------------
From: Johan Kullstam <[EMAIL PROTECTED]>
Subject: Re: viruses on Linux
Date: 31 May 2000 09:21:56 -0400
Josef Moellers <[EMAIL PROTECTED]> writes:
> Hasan Hashemi wrote:
> >
> > Hi,
> > is there viruses on linux? Do I need any antivirus program on my linux
> > server?
>
> As to my knowledge, there are no virusses under Linux.
> The Linux (and Unix) concept of users and file access permissions make
> it very hard for a virus to thoroughly infect a Linux (or Unix) based
> host. It might be possible to develop a worm which will flood your
> network with mail messages and perhaps infect some of your own files,
> but none have been reported yet.
>
> IMHO there are a number of reasons why no virusses have spread for
> Linux/Unix:
> 1. The abovementioned built-in protection.
> 2. Most Linux/Unix users have at least some technical competence and can
> judge where system activity is caused by.
> 3. The file format and the virtual memory model of Linux/Unix make it
> difficult to add code to an executable.
> 4. Why bother infecting thousands of Linux boxen (a lot of which don't
> even understand your code because they are not Intel based) if you can
> infect millions of PCs more easily?
> 5. Linux/Unix is a fairly heterogenous environment: different operating
> system variants, file system layouts, software packages, mail readers,
> etc. In single-crop farming, diseases spread more easily.
>
> Remember: it is not _impossible_ to write a virus for Linux/Unix: Robert
> Morris' Internet Worm brought the Internet down a few years ago! It's
> just that the abovementioned reasons have protected us against one so
> far
unix is also not immune to exploits, there are other, easier, ways to
crack a linux computer than trying to use a virus.
buffer overflow exploits on root daemons providing internet services
(ftp servers, smtp/mail server &c) are the traditional method.
once access has been achieved, trojan horse type programs are
substituted for strategic executables.
windows 9x machines do not offer as many services nor are they
multi-user and hence as remotely exploitable as unix.
the cracker attacks the weak parts of the OS and uses the strengths of
the OS once they have access.
> So, an antivirus program for Linux/Unix virusses does not exist. One
> could argue that scanning traffic for other virusses might do some good,
> but afaik no such software exists either.
if your linux box is exposed to the internet on a 24/7 basis, you
would do well to
1) apply packet filtering to block all ports which you do not
want/need exposed to the world.
2) keep up with security alerts for those services you do have open.
unix viri don't work since unix resists their spread *and* other weak
points exist.
--
johan kullstam l72t00052
------------------------------
From: Tamas Rudnai <[EMAIL PROTECTED]>
Subject: Re: viruses on Linux
Date: Wed, 31 May 2000 14:54:40 +0100
Josef Moellers wrote:
> Hasan Hashemi wrote:
> >
> > Hi,
> > is there viruses on linux? Do I need any antivirus program on my linux
> > server?
>
> As to my knowledge, there are no virusses under Linux.
As matter of fact there ARE some linux viruses under Linux (not in the wild)
some of them written in shell script and others in C and assembly. One of
the shell script virus can successfully infect ELF binaries as well, and
some ELF binary viruses could infect shell scripts or any other executables
not just other ELF binaries. Even there is a Linux Kernel Module infector...
Unfortunately it is very easy to write a virus under Linux, however:
> The Linux (and Unix) concept of users and file access permissions make
> it very hard for a virus to thoroughly infect a Linux (or Unix) based
as you said it is more hard to get infected any file which the user does not
have a permission to overwrite, or delete or even make a link to it (by
using chattr for example). Unfortunately many home user uses their computer
with root, so in this case there is no any protection over their system.
I addition if a system administrator downloads a new driver for his hardware
from an untrusted source, it could contain a trojan or a virus and not in
only the precompiled binary but even the source (because do not tell me if
every admin will examine the source line by line, so not so many people will
determine that there is a virus code deeply in the source...) And a LKM is
more privilaged then a normal process running in root permission -- I think
I do not have to explain it in this news group... So when you speak about
security, do not forget the weakest part of the security system: the human.
> IMHO there are a number of reasons why no virusses have spread for
> Linux/Unix:
> 1. The abovementioned built-in protection.
See above.
> 2. Most Linux/Unix users have at least some technical competence and can
> judge where system activity is caused by.
> 3. The file format and the virtual memory model of Linux/Unix make it
> difficult to add code to an executable.
It is very well documented, and in the other hand you do not need to know
the file format to write a virus -- but of course you can make more
difficult one if you know it (and do not forget that somebody already made a
virus to modify the ELF header and with a LKM to modify the process table as
well).
> 4. Why bother infecting thousands of Linux boxen (a lot of which don't
> even understand your code because they are not Intel based) if you can
> infect millions of PCs more easily?
It is absolutely true.
> 5. Linux/Unix is a fairly heterogenous environment: different operating
> system variants, file system layouts, software packages, mail readers,
> etc. In single-crop farming, diseases spread more easily.
Shell script is quite the same (e.g. ksh script could work under bash) [and
will the virus writer worry if his code will work only in i386 platform?]
> So, an antivirus program for Linux/Unix virusses does not exist. One
> could argue that scanning traffic for other virusses might do some good,
> but afaik no such software exists either.
Just take a look at http://www.sophos.com ; but the main reason is why would
you need a virus checker for Linux is not because of the Linux specific
viruses which are not in the wild at the moment, but because you can use
your Linux box as a PC file server and/or a web/mail server etc. So the
Linux/Unix version searches DOS/Windows/Macro etc. viruses as well on your
Linux box protecting your whole company.
Tamas
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.development.system) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Development-System Digest
******************************
