Bug#425462: NAT prerouting over tun interface broken
On Mon, May 28, 2007 at 01:05:41PM +0200, Frans Pop wrote: Quoting Herbert Xu (emphasis is mine): Changing the value in default only affects interfaces which are *registered* afterwards. Previously they affected interfaces which are *brought up* afterwards. I'll talk to others to see if we could come up with a way to minimize this sort of pain. There was a bug for me to put the values in default and into the all directory, which I think would solve this problem, at least for anyone with the new file. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#277298: Dell hwclock Patch worked for me
Hello, I successfully installed Debian Sarge on a Dell SC420 using the linux26 command. You certainly need to turn RAID off though or it just won't even detect the PATA CDROM. Anyway I can happily say that the patch supplied by Geert which fixes hwclock works for me. It works best if you wait until the installer spits out the CDROM and asks if it can reboot. Flick to the F2 screen and wget and run Geert's patch. Thanks all! - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 Eye-Net Consulting http://www.enc.com.au/ MIEE Debian developer csmall at : enc.com.au ieee.org debian.org
Bug#323481: kernel-image-2.6.8-2-686: installing with e2fsprogs 1.35 makes system unbootable
Package: kernel-image-2.6.8-2-686 Version: 2.6.8-16 Severity: critical Justification: breaks the whole system Installing the kernel image breaks the current one and means the server is in an unrebootable state. It is beause e2fsprogs is printing some stupid HEX value for some reason. e2fsprogs is version 1.35-6 These kernel images MUST NOT use this e2fsprogs, installing version 1.38-1.1 fixes it. Please Hit return to continue. cp: cannot stat `(0xe000)': No such file or directory run-parts: /usr/share/initrd-tools/scripts/e2fsprogs exited with return code 1 Failed to create initrd image. dpkg: error processing kernel-image-2.6.8-2-686 (--install): subprocess post-installation script returned error exit status 9 Errors were encountered while processing: kernel-image-2.6.8-2-686 The problem is that e2fsprogs is not behaving, the script copies these files into the initrd image ldd /sbin/tune2fs /usr/bin/awk | sort -u | awk '{print $3}'/lib/libblkid.so.1 /lib/libcom_err.so.2 /lib/tls/libc.so.6 /lib/tls/libc.so.6 /lib/libe2p.so.2 /lib/libext2fs.so.2 /lib/tls/libm.so.6 /lib/libuuid.so.1 (0xe000) -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages kernel-image-2.6.8-2-686 depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii initrd-tools 0.1.82 tools to create initrd image for p ii module-init-tools 3.1-rel-2 tools for managing Linux kernel mo -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Processed: reassign 622845 to procps
On Sun, Apr 17, 2011 at 07:41:17PM +0100, Ben Hutchings wrote: No, procps shouldn't override defaults either. Thanks Ben :) You beat me to it, procps is not where you set default kernel behaviour. - Craig -- Craig Small VK2XLZhttp://www.enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110417225031.ge2...@enc.com.au
Re: Bug#520668: TCP SYN cookies and Bug #520668
On Sat, Feb 13, 2010 at 04:08:48PM +0100, Bastian Blank wrote: On Sun, Feb 14, 2010 at 12:42:09AM +1100, Craig Small wrote: You forgot to mail the maintainer of the package you change the configuration for. There are several packages now who applies various changes and this are all global parameters. I guess you mean the kernel here when you say the package you change the configuration for. Also you forget to mention my no as kernel maintainer. You didn't give any specifics. One person saying no is not too useful, if you said no, because [] then that's new information. Julien Cristau's comment that if it should be changed, it should be changed in the kernel is interesting. Let's assume that there was a consensus that TCP SYN cookies should be enabled. Would the Linux kernel maintainers make that change? Is this something you already do? I'd like to know this in the general sense so the next can you add sysctl key XYZ bug if it should be a kernel default it can get re-assigned to the kernel. sysctl keys you MAY want on but are commented out I'll still keep but if someone wants to change the default setting in the kernel, should it be decided in the kernel package? I know this is a side issue, but it's still important. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100214114825.gb24...@enc.com.au
Re: Bug#520668: TCP SYN cookies
Hello, Regarding the procps bug 520668 which was asking for the TCP SYN cookies to be enabled by default, I've looked at the various emails to and for. While it does seem like it would be a good idea at times, there is not a consensus that it is a good *default* Nothing about this bug would change peoples ability to edit sysctl.conf for their own setup. Some important points brought up, paraphrased: * I disagree generally that if the default is 'off' then the best solution is always 'off'. Often new features are off by default, because they are new. * SYN cookies disable features, under attack this probably doesn't matter but under non-attack high loads it does [1] * SYN cookies solve one part of the overload problem, but are still put on the overloaded queue [2] - I actually see this as a good thing, at least you know the new connections are verified Significantly, from this bug's point of view, from Julien Cristau [3]: I believe procps is the wrong place to make this change. If we decide that syncookies should be enabled, then that should be done in the linux-2.6 package, IMO I happen to agree and in future I'll treat further sysctl key options like this: * Generally a bad idea or only for very specific circumstances - close * Something useful for some subset of Debian machines - commented out in sysctl.conf * Something everyone should have - reassign to the kernel The TCP syn cookies is alreeady a commented out line in sysctl.conf Should it be the default for everyone? Then if so the kernel folk can decide, I'm re-assigning it to the kernel package. - Craig [1] http://lists.debian.org/debian-devel/2010/02/msg00296.html [2] http://lists.debian.org/debian-devel/2010/02/msg00314.html [3] http://lists.debian.org/debian-devel/2010/02/msg00278.html -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 http://www.enc.com.au/ csmall at : enc.com.au http://www.debian.org/ Debian GNU/Linux, software should be Free signature.asc Description: Digital signature
Re: Bug#889098: enforce fs.protected_hardlinks in sysctl.d by default
Hi Antoine (and kernel and security teams), Thanks for giving me the background as it's a kernel vulnerability not a Procps one I wasn't aware of it. The change to Procps is pretty simple but given that you need to be running a non Debian kernel without this parameter what's groups' opinion of the urgency? I can throw in the sysctl configuration file and upload a release this weekend if the consensus is it's needed or wait for the next upstream Procps release which would be a month or so away. - Craig > > > -- Craig Small https://dropbear.xyz/ csmall at : dropbear.xyz Debian GNU/Linuxhttps://www.debian.org/ csmall at : debian.org Mastodon: @smalls...@social.dropbear.xyz Twitter: @smallsees GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Fwd: Bug#920552: procps: Enable regular file and FIFO protection
Hi Debian Kernel maintainers, I have had a request to add some kernel system configuration lines in for procps. What is the planned changes for the kernel? The previous bug report which got the protection for hard and soft symlinks had a analogous change occurring in the kernel too, so it was the same either way and was added for non-Debian kernel users. I can't actually see what the Debian systemd people use for sysctl configuration files, I think they use the procps one so the upstream systemd-sysctl change won't mean much here. - Craig -- Forwarded message - From: Frederik Himpe Date: Sun, 27 Jan 2019 at 09:15 Subject: Bug#920552: procps: Enable regular file and FIFO protection To: Debian Bug Tracking System Package: procps Version: 2:3.3.15-2 Severity: normal In analogy with bug #889098, procps should by default enabling the regular file and FIFO protection added in 4.19 by setting: fs.protected_regular = 1 fs.protected_fifos = 1 This will be done by default in systemd 241, but as Debian does not use Systemd's sysctl settings, it should be made in procps. References: https://github.com/torvalds/linux/commit/30aba6656f https://github.com/systemd/systemd/commit/2732587540035227fe59e4b64b60127352611b35 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889098 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (400, 'unstable'), (250, 'stable'), (160, 'experimental'), (100, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages procps depends on: ii init-system-helpers 1.56+nmu1 ii libc62.28-5 ii libncurses6 6.1+20181013-1 ii libncursesw6 6.1+20181013-1 ii libprocps7 2:3.3.15-2 ii libtinfo66.1+20181013-1 ii lsb-base 10.2018112800 Versions of packages procps recommends: ii psmisc 23.2-1 procps suggests no packages. -- no debconf information