Linux-Development-Sys Digest #970, Volume #7 Fri, 23 Jun 00 10:13:11 EDT
Contents:
s.n.a.f.u. ("Uncle")
Re: running remote untrusted code (Kari Pahula)
ethertap: /dev/tap0: No such device. ([EMAIL PROTECTED])
Too many collisions with X server/client !? ("Boris Pran")
Re: Shared memory, XFree4 and GNOME (Marc D. Williams)
Re: top-half to bottom-half ("Mikko Jaakkola")
Re: math calls in kernel module tricky? (Mathias Waack)
Re: Using C, what ports are being used by which programs? ("jmt")
Re: Using C, what ports are being used by which programs? ([EMAIL PROTECTED])
bigmem patch (w kellar)
Re: Too many collisions with X server/client !? (David A. Lethe)
Re: ld including dead code (Mario Klebsch)
----------------------------------------------------------------------------
From: "Uncle" <[EMAIL PROTECTED]>
Subject: s.n.a.f.u.
Date: Fri, 23 Jun 2000 06:09:58 GMT
Hi everyone,
I'm working on some shell scripts to help me monitor logs and current system
information, quick access to common confs, etc. I'm calling the program
s.n.a.f.u. and im finding thats usually the case when I use it, hehe.
Anyway,
s.n.a.f.u. is at the point where I'd love some outside input. Anyone
interested in trying it can swing by http://www.geekcave.net and check it
out.
Its only been tested on RH 6.0 and 6.1 so i don't know how it'll handle
other distros. Any suggestions, comments, complaints, flames, etc.,
can be sent to: [EMAIL PROTECTED]
Thanks,
Uncle
[EMAIL PROTECTED]
www.geekcave.net
------------------------------
From: Kari Pahula <[EMAIL PROTECTED]>
Subject: Re: running remote untrusted code
Date: 23 Jun 2000 07:23:45 GMT
Brennan Cheung <[EMAIL PROTECTED]> wrote:
>Hi. I am working on a project that I need a client to be able to upload
>code to my server and have it run securely. I want to limit all API
>access except the API I will provide (ie, no files, no networking, no
>libc, etc). I was wondering if this is even possible under Linux?
You can pass -nostdlib to the linker to disable any standard
libraries, and use ptrace to any suspicious binaries to make sure they
don't link any unwanted libraries. See ptrace's and gcc's man pages,
gcc's info pages and strace's and gdb's sources
(you asked for it! :-) ).
This is really a sort of thing you could do on HURD, if it only were
more mature... Otherwise, this reeks like something you could do with
Java (altough IMHO it sucks).
>What mechanism could I use to load and execute remote code. It is very
>much like a DLL but I don't want to have to write it to a file first.
Have a look at glibc's exec implementation. There's no portable way
to exec a program straight from memory.
>Would people be able to write code under a different platform such as
>Windows and have it run on my server. I was thinking that it shouldn't
>be too hard because it should be pure binary code with the exception of
>the library calls I will provide.
No. This is not simple, just have a look at WINE or DosEMU, you don't
want to do anything like this unless you are really absolutely
honest-to-your-deity desperate enough to do it.
>The basic idea of what I am trying to do for those of you who are
>wondering why I want to do this is that I have a server and lots of
>clients that will connect to the server. These clients are AI units
>that interact in a virtual world (the server). I want anyone to be able
>to do this but I want to be able to run untrusted code or in other words
>restrict the client from executing any harmful code.
I would myself really allow them to remain at the remote hosts, and
allow them to communicate with TCP sockets.
Binary-only executables are a Bad Thing on linux without good package
management - we don't want to have any legacy binaries to clutter up.
They'll also be an invitation for viruses.
------------------------------
From: [EMAIL PROTECTED]
Subject: ethertap: /dev/tap0: No such device.
Date: Fri, 23 Jun 2000 07:33:57 GMT
In 2.2.16, I've compiled in the ethertap support (not as a module).
I can ifconfig tap0 just fine. I did "mknod /dev/tap0 c 36 16" but
when I try to open it I get no such device:
| root@izar:/root 28> ifconfig tap0
| tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
| inet addr:172.20.0.1 Bcast:172.20.255.255 Mask:255.255.0.0
| UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
| RX packets:0 errors:0 dropped:0 overruns:0 frame:0
| TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
| collisions:0 txqueuelen:0
|
|
| root@izar:/root 29> od -x < /dev/tap0
| /dev/tap0: No such device.
| root@izar:/root 30>
I've basically done what's in Documentation/networking/ethertap.txt but
either I left something out or the document did. Any ideas?
--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil (at) ipal.net +----------------------------------------------------
| Dallas - Texas - USA | [EMAIL PROTECTED]
------------------------------
From: "Boris Pran" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.networking
Subject: Too many collisions with X server/client !?
Date: Fri, 23 Jun 2000 09:45:33 +0200
Yes, it seems like a long message but I couldn't make it any shorter without
dropping anything.
So, once upon a time...
Few days ago I have posted a message explaining my wondering about too many
collisions generated when connecting from one Linux box to the another as an
X terminal.
I first thought that network cards were problem (half/full duplex) or the
big difference in speed between the client and the server on the network,
but...
After few days of experimenting here is what I found out and I have to say
that the result is pretty confusing and unexpected to me.
Everything stated below was occurring regardless of the server / client
combination or network card setup / combination. I had three different
computers (Dual Celeron433 with D-Link DFE530TX , Compaq PIII 450 with
Intel PRO 10/100 and 486 with some NE2k PCI clone) using for different
roles.
All three computers had RedHat 6.2 Linux with the same versions of X and
kernel - which was maybe wrong but didn't have any other distribution to
make the company less homogenous.
* When I connect from the client to the server using i.e.. Samba and do some
heavy coping the collisions are generated only here and there - noting
significant I would say
* To my big surprise, when I connect as an X terminal and especially if the
application I am running has graphical display (like Adobe Acrobat Reader or
VMware) the amount of collisions is just enormous it goes up to 40% of the
transmitted / received packets.
* All services ( except incriminated X ) that I have tried out didn't
generate any significant amount of collisions, if any (I guess that it could
have something to do with the possibility that most of those services were
not able to fill up the 10MB bandwidth !? - am I right !?)
Now, can some good soul tell me what the hell is going on.
I would expect that X uses sockets the same way as any other service /
application.
Kernel suppose (at least in theory) to take care of the content being
written to the socket and safely take it to the other side (from application
through TCP, IP and Ethernet layer), application doesn't have anything to do
with it - correct ?!
So, how can one service, which is in application level, generate that much
more collisions than any other ?
Aren't they use the same mechanism so send the data to the other side of the
socket ?
What did I miss in the whole story ?
Thanks.
Boris
------------------------------
From: [EMAIL PROTECTED] (Marc D. Williams)
Subject: Re: Shared memory, XFree4 and GNOME
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Jun 2000 07:57:47 GMT
On Thu, 15 Jun 2000 18:30:45 GMT, <[EMAIL PROTECTED]> wrote:
>I'm running kernel 2.2.16, Xfree86 4.0 and GNOME 1.2. I've noticed that X
>and GNOME use a hell of a lot of shared memory segments. In fact, they max
>out at 128 which is the maximum allowed under my kernel. I then get shmget:
>failed messages everywhere. First of all, are these guys supposed to use
>this many shared memory segments? Each GNOME process uses 5 or 6 of them
>and X uses about 20 - 25. Second of all, how do I increase the maximum
>without totally screwing up my kernel.
>
I wonder, I'm using kernel 2.0.38, XF86 3.3.3.1 and GNOME 1.0x and have
the same problems.
Everything was working fine with the GNOME 1.0x stuff. I then moved up
to 1.2 and everything was jacked up. Most every part of GNOME would not
start or run, got a lot of the shmget failures.
Even older programs like ee would crash.
Wasn't sure who the actual culprit was so I messed with it nightly
for days. Frustrated I got rid of everything and went back to my
old setup (GNOME 1.0x, gtk/glib 1.2.6) but wouldn't you know it, it's
also hosed. Nothing works.
Started narrowing it down to gdk but wasn't sure.
Moving away from GNOME I compiled the latest XFce (3.4.0) and lo and
behold the xfce panel also crashes, without a useful error message.
Strace output showed an shmget error.
Recompiled it without imlib support and it runs fine.
Did an ldd on several of the programs that won't run and notice all
of them use gdk_imlib.
The problem is with gdk_imlib or gdk proper I suppose. Just not sure
why I didn't have this problem before but get it now, seeing as how
I'm using all the old stuff I was running before.
On the other hand, though, xzgv works fine and it uses gdk_imlib.
Only diff between it and the failing programs is it doesn't
use gnome but then neither does xfce.
I am so confused. :-/
Checking the gnome bug and mailing lists I don't see a lot about
this but I do remember the enlightenment list had a lot of
posts about this shared memory problem.
--
>>ANIME SENSHI<<
Marc D. Williams
[EMAIL PROTECTED]
http://www.oldskool.org/~tvdog/ -- DOS Internet & Tandy 1000
http://www.geocities.com/SiliconValley/Platform/8269/ -- Win3.x Makeover
------------------------------
From: "Mikko Jaakkola" <[EMAIL PROTECTED]>
Subject: Re: top-half to bottom-half
Date: Fri, 23 Jun 2000 07:55:36 GMT
This was just the kind of information that I was looking for. Thnak you very
much.
- Mikko
Alan Donovan <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mikko Jaakkola wrote:
> I found (with a logic analyser) that my tophalf, which simply resets the
> HW interrupt and then marks the BH, consistently reset the HW interrupt
> within about 5us (about 8us if sharing the IRQ with another device).
>
> Looking at my notes, the BH was run typically about 400us after the
> interrupt. However I'm not sure whether the various other numbers I have
> relate to start times or durations of my BH, so I won't confuse you by
> adding them. But certainly, 400us is a resonable figure for start time
> although I can't qualify that with variance data etc.
>
> These rather ad-hoc figures come from a 300MHz K6.
>
> alan
>
>
>
> --
> ------------------------------------------------------------------------
> Alan Donovan [EMAIL PROTECTED] http://www.imerge.co.uk
> Imerge Ltd. +44 1223 875265
------------------------------
From: Mathias Waack <[EMAIL PROTECTED]>
Subject: Re: math calls in kernel module tricky?
Date: 23 Jun 2000 09:50:21 +0200
Frank Boon <[EMAIL PROTECTED]> writes:
> Is there an intrinsic problem in using the FPU inside a module?
Yes. There was a discussion about this on the kernel ML some weeks
ago. The result was: you should not use floating point calculations
in a kernel module. Under no circumstances.
> I
> could not find a definite answer with a good explantion yet. Maybe
> som eof you have experience with using the FPU inside a kernel module
The kernel doesn't save the FPU states and cannot handle any FPU exceptions.
(Maybe there are more reasons...)
You should do all calculations in a userland daemon.
Mathias
------------------------------
From: "jmt" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.development.apps,comp.unix.programmer,comp.unix.sco.programmer
Subject: Re: Using C, what ports are being used by which programs?
Date: Fri, 23 Jun 2000 09:56:32 GMT
"Barry Margolin" <[EMAIL PROTECTED]> wrote in message
news:qOx45.52$Ax6.1388@burlma1-snr2...
> In article <8tx45.9622$[EMAIL PROTECTED]>,
> jmt <[EMAIL PROTECTED]> wrote:
> >Using a C written program, is there a way to find out what programs are
> >using what tcp ports? Is this possilble and if so, where can I find
examples
> >in C to do this? Or, where to start?
> >
> >The C utility would be written under AIX 4.3.2 and SCO 5.0.5
>
> Download "lsof" and see how it does it. There's no standard way, and the
> authors of this program have dug up the ways to do it on most systems.
>
> --
Thanks, I never heard of the utility... I'll try to look for it.
- Jeff
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Using C, what ports are being used by which programs?
Crossposted-To:
comp.os.linux.development.apps,comp.unix.programmer,comp.unix.sco.programmer
Date: Fri, 23 Jun 2000 11:15:02 GMT
jmt <[EMAIL PROTECTED]> wrote:
> "Barry Margolin" <[EMAIL PROTECTED]> wrote in message
> news:qOx45.52$Ax6.1388@burlma1-snr2...
>> Download "lsof" and see how it does it. There's no standard way, and the
>> authors of this program have dug up the ways to do it on most systems.
> Thanks, I never heard of the utility... I'll try to look for it.
Take a look at Freshmeat.net for that, if you haven't already found it. I
was looking for that utility at one time as well (found a weird port open
in netstat and was looking for who it belonged to) and found it there.
--
======================================================================
Brian Smith // [EMAIL PROTECTED] // http://www.arthurian.nu/
Software Developer // Gamer // Webmaster // System Administrator
-= We are dyslexic of Borg - Your ass will be laminated =-
------------------------------
From: w kellar <[EMAIL PROTECTED]>
Subject: bigmem patch
Date: Fri, 23 Jun 2000 14:19:32 +0100
anyone got any tips on using the bigmem patch ?
upgraded recently to kernel 2.2.12-5.0 to use this patch, to run
executables
over 1Gb. kernel compiles and boots OK, but patch isnt working. (see
bugzilla
#11464)
+-------------------------------------------------------------------------+
william kellar
------------------------------
From: [EMAIL PROTECTED] (David A. Lethe)
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.networking
Subject: Re: Too many collisions with X server/client !?
Date: Fri, 23 Jun 2000 13:15:26 GMT
On Fri, 23 Jun 2000 09:45:33 +0200, "Boris Pran" <[EMAIL PROTECTED]>
wrote:
Have you eliminated your hub from the equation by using a cross-over
cable to attach your machine with another for testing?
This will also allow you to eliminate some cabling possibilities. I
have found myself in similar situations, and it has turned out to be a
$5.00 cable.
David
>Yes, it seems like a long message but I couldn't make it any shorter without
>dropping anything.
>So, once upon a time...
>
>Few days ago I have posted a message explaining my wondering about too many
>collisions generated when connecting from one Linux box to the another as an
>X terminal.
>
>I first thought that network cards were problem (half/full duplex) or the
>big difference in speed between the client and the server on the network,
>but...
>
>After few days of experimenting here is what I found out and I have to say
>that the result is pretty confusing and unexpected to me.
>
>Everything stated below was occurring regardless of the server / client
>combination or network card setup / combination. I had three different
>computers (Dual Celeron433 with D-Link DFE530TX , Compaq PIII 450 with
>Intel PRO 10/100 and 486 with some NE2k PCI clone) using for different
>roles.
>All three computers had RedHat 6.2 Linux with the same versions of X and
>kernel - which was maybe wrong but didn't have any other distribution to
>make the company less homogenous.
>
>* When I connect from the client to the server using i.e.. Samba and do some
>heavy coping the collisions are generated only here and there - noting
>significant I would say
>
>* To my big surprise, when I connect as an X terminal and especially if the
>application I am running has graphical display (like Adobe Acrobat Reader or
>VMware) the amount of collisions is just enormous it goes up to 40% of the
>transmitted / received packets.
>
>* All services ( except incriminated X ) that I have tried out didn't
>generate any significant amount of collisions, if any (I guess that it could
>have something to do with the possibility that most of those services were
>not able to fill up the 10MB bandwidth !? - am I right !?)
>
>Now, can some good soul tell me what the hell is going on.
>
>I would expect that X uses sockets the same way as any other service /
>application.
>Kernel suppose (at least in theory) to take care of the content being
>written to the socket and safely take it to the other side (from application
>through TCP, IP and Ethernet layer), application doesn't have anything to do
>with it - correct ?!
>So, how can one service, which is in application level, generate that much
>more collisions than any other ?
>Aren't they use the same mechanism so send the data to the other side of the
>socket ?
>What did I miss in the whole story ?
>
>Thanks.
>
> Boris
>
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Mario Klebsch)
Crossposted-To: gnu.gcc.help
Subject: Re: ld including dead code
Date: Fri, 23 Jun 2000 14:02:26 +0200
"RM" <[EMAIL PROTECTED]> writes:
>Thanks for the reply, and especially the detail. I am familiar with the
>"all or nuthin" behaviour you mention below, and this at least is not the
>cause. The code I am trying to strip is from several stand-alone object
>files (i.e., a.o, b.o, c.o). They are linked into a library file, and then
>linked to the final binary (a modular device driver). The device driver has
>defines that may require functions in several files (i.e., a.o, c.o), but
>not the remaining files (i.e., b.o). Now I would be happy if the functions
>in the final binary were only those in a.o, and c.o, but I find that my file
>has b.o (yuk!).
The GNU linker does have a command line option to produce a file, that
tells, which files are included, and why they are included (which
symbol forces the inclusion).
I once had the problem of not being able to compile glibc-2.1.2 and
this option helped me to find out, why. The reason was a variable,
that das defined in two source files. The forst one did define it
using initialization, the second source file had no
initialisation. There was a comment, telling me, this variable is only
defined to prevent inclusion of the other module.
Obviously, the linker had changed and if it finds two variable
definitions, one with initialisation, one without, it includes both.
The output generated by this option helped me to identify the
variable, that caused inclusion of the unwanted module. I found the
opton in the linkers dokumentation, but since it was some days ago, I
cannot tell you the details anymore.
>> If you get an "undefined external", you have found out why that .o was
>> included. Come to think of it, the map files I am used to specify _why_
>> each .o was included. e.g. :
>>
>Did this - the module links perfectly without the now missing file. That's
>why I am so annoyed - these functions are truely NOT needed.
>> Archive member included because of file (symbol)
>>
>> libos.a(idtc4000.o) atl_root.o (config_cache)
>> libos.a(atl_epld.o) atl_root.o (__fpga_data)
>> libos.a(phx_shims.o) atl_root.o (BootUp)
This was the file I used, too!
>> This says that atl_root.o called config_cache, which caused idtc4000.o
>> to be extracted from libos.a and added to the executable. And so forth.
>> Do you have a similar map?
>Thought of the map file. Generated one, but find little of any use. The
>map file (produced by "-Map" option under ld) shows what functions are
>included from what file (my library file), their address, but no clue as to
Did ot look like the sample above? It has everything in it, to find
out, why a module from a lib is loaded. Perhaps in your case it is the
same reason as in my case: a Variable defined in several modules. You
really should be able to find the reason in this output file.
73, Mario
--
Mario Klebsch [EMAIL PROTECTED]
PGP-Key available at http://www.klebsch.de/public.key
Fingerprint DSS: EE7C DBCC D9C8 5DC1 D4DB 1483 30CE 9FB2 A047 9CE0
Diffie-Hellman: D447 4ED6 8A10 2C65 C5E5 8B98 9464 53FF 9382 F518
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.development.system) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Development-System Digest
******************************
