I went to Brussels last weekend for FOSDEM 2008, which was held at ULB Campus Solbosh. The free event was a good way to check in with the overall Open Source community and to see all of the interesting things people outside my normal circles are working on.
Read more...Pretty scary stuff, even if you trust all of your users:
victor@mercury ~ $ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2ac3dee3c000 .. 0x2ac3dee6e000
[+] root
mercury ~ # whoami
rootI upgraded my server’s apache from 2.0 to 2.2 today (see <a href=“http://httpd.apache.org/docs/2.2/new_features_2_2.html" target=_new”>Overview of new features in Apache 2.2) and it was painless except for a few minor hiccups. I like to keep my server’s packages up to date with Gentoo’s stable packages not just for new features but mainly to make package upgrades as easy as possible. I find that by staying up to date with upstream stable packages, upgrades are more incremental and rarely cause as much difficulty as having to upgrade from multiple major versions behind.
With Gentoo, the Apache 2.2 upgrade came with a routine:
emerge --sync
emerge -uDav world
I noticed the new Apache version, checked out the other packages listed, and then hit enter to proceed. At the end of the compilation, Gentoo reminded me there are new config files in /etc to merge. Luckily for me, I’ve maintained a clean separation of Apache configuration directives and VirtualHosts, so I was able to accept all of the major configuration directive changes without modification (2.2 mostly just moves around the default directives to more logical locations). Staying up to date and close to upstream shows its benefits here.
Apache restarted without complaining, but attempts to access any of my virtualhosts resulted in a 403 Forbidden:
[Sat Sep 08 13:30:55 2007] [error] [client 89.14.247.41] client denied by server configuration: /home/victor/public_html/
This was caused by Apache 2.2’s /etc/apache2/modules.d/00_default_settings.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
<b> Order deny,allow
Deny from all</b>
</Directory>
You can either override this manually in every vhost.d/*.conf file, or you can just change the “Deny from all” line to “Allow from all” and then make Deny rules manually in each vhost.d file (if you wish). I restarted apache and refreshed my test site, but there was now a new problem - .php files were being parsed as plain text, which meant Apache wasn’t passing off .php files for processing.
I added “-D PHP5” to my /etc/conf.d/apache2’s APACHE2_OPTS line, which tells Apache to load the PHP5 module. However, since my libphp5.so was built for my old Apache, I had to re-compile for Apache 2.2:
emerge -av php
I waited a few minutes, restarted apache, and now everything works beautifully.
The Samsung ML-2010 is a great bargain laserjet printer. I bought it from NewEgg last year for $49 after a $50 mail-in rebate, which I quickly recieved. While it doesn’t see too much more than 5-10 pages per week, I’ve never had to replace the toner cartridge.
Using the Splix driver, it works great under Linux, specifically Gentoo AMD64 (x86_64) in my case. Here’s how you can get it to work, assuming you already have CUPS properly installed and working (most of this will apply to any distro):
You should now be able to print from any CUPS enabled application. If you have trouble with CUPS, try the Gentoo Printing Guide.
Open up or create a new image, then click File->Print. You will then see your printers listed, click on your Samsung ML-2010, then “Setup Printer”. Make sure “Postscript Level 2” is selected for “Printer Model,” then where it says “Command”, I had to remove the raw output (-oraw) option. Mine says:
lp -s -dSamsung_ML-2010_USB_1
Where “Samsung_ML-2010_USB_1” is your own CUPS device name (mine is plugged into USB_1). Click OK, then “Save Settings.”
Happy Printing.
p.s. The above instructions should work for any Samsung printer that Splix supports.
I recently blew away my completely setup Gentoo desktop when I decided I needed to rebuild on a new RAID5 array. This meant that I got go through the entire Gentoo install, build, and configuration process from scratch, after not having had to do it for ages. I also took the opportunity to use LVM2 this time around, which I'll probably write about in a future post.
Either the Gentoo process has gotten much easier or I've gotten much better with Gentoo. It was a fairly painless install, and it turned out my only real hiccup was getting flash9 to output sound to ALSA. I knew I had correctly installed ALSA since all my other ALSA applications output sound perfectly - Amarok, Kaffeine, and even aplay from the CLI. I also knew that Flash9 was completely ALSA based instead of OSS, so as long as other ALSA apps were playing, Flash9 should be playing. After a day of thinking about it, I gave up and visited #alsa on freenode.
Adobe only supplies flash as a 32-bit binary, so running it on my 64-bit Gentoo system meant I had to either use net-www/nspluginwrapper in 64-bit Firefox or install it on 32-bit firefox. Gentoo supplies a 32-bit FF package called www-client/firefox-bin that works well on 64-bit environments and allows for native 32-bit plugins, so this is what I use. Well, on my previous install (before I wiped the disk) this 32-bit FF combined with flash9 worked beautifully, and I was able to browse Youtube all day long in full multi-media glory. However, this time around it would play the video without sound. I couldn't get any flash based audio to work - last.fm, pandora, youtube, etc.
It turns out the problem was an oversight on my part. Since the plugin and browser are 32-bit and my ALSA was natively compiled at 64-bit, the two couldn't really talk to each other. I just had to do a simple
After that, a restart of ALSA and Firefox, and I was back to full flash9 sound. Flash 9 beta two works very well under Gentoo, by the way.
For those curious, here are my system specs and a quick How-To:
If you choose to install ALSA as a module rather than in-kernel, in /etc/make.conf:
```bashALSA_CARDS="emu10k1"``` Replace emu10k1 with whatever the ALSA module for your card is. Check the ALSA list for what works for your hardware. Then 'emerge alsa-utils alsa-oss alsa-lib alsa-driver app-emulation/emul-linux-x86-soundlibs'.My /etc/modules.d/alsa:
```bash alias char-major-116 snd alias char-major-14 soundcorealias snd-card-0 snd-emu10k1 alias sound-slot-0 snd-card-0
alias sound-service-0-0 snd-mixer-oss alias sound-service-0-1 snd-seq-oss alias sound-service-0-3 snd-pcm-oss alias sound-service-0-8 snd-seq-oss alias sound-service-0-12 snd-pcm-oss
alias /dev/dsp snd-pcm-oss
options snd cards_limit=1
Add 'snd-emu10k1' to your /etc/modules.autoload.d/kernel-2.6. Make sure you do a 'modules-update -f' followed by a restart of alsa '/etc/init.d/alsasound restart'. You should be good to go.<br /></p>