./victor -vv

Victor Trac is an entrepreneur and software engineer living in Austin, Texas.

linux

Local root exploit in Linux kernel 2.6.17 to 2.6.24.1

Pretty scary stuff, even if you trust all of your users:

victor@mercury ~ $ ./exploit
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x100000000000 .. 0x100000001000
[+] page: 0x100000000000
[+] page: 0x100000000038
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4038
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0x2ac3dee3c000 .. 0x2ac3dee6e000
[+] root
mercury ~ # whoami
root
Read more...

Gentoo upgrade to Apache 2.2

I upgraded my server’s apache from 2.0 to 2.2 today (see <a href=“http://httpd.apache.org/docs/2.2/new_features_2_2.html" target=_new”>Overview of new features in Apache 2.2) and it was painless except for a few minor hiccups. I like to keep my server’s packages up to date with Gentoo’s stable packages not just for new features but mainly to make package upgrades as easy as possible. I find that by staying up to date with upstream stable packages, upgrades are more incremental and rarely cause as much difficulty as having to upgrade from multiple major versions behind. With Gentoo, the Apache 2.2 upgrade came with a routine: emerge –sync emerge -uDav world I noticed the new Apache version, checked out the other packages listed, and then hit enter to proceed. At the end of the compilation, Gentoo reminded me there are new config files in /etc to merge. Luckily for me, I’ve maintained a clean separation of Apache configuration directives and VirtualHosts, so I was able to accept all of the major configuration directive changes without modification (2.2 mostly just moves around the default directives to more logical locations). Staying up to date and close to upstream shows its benefits here. Apache restarted without complaining, but attempts to access any of my virtualhosts resulted in a 403 Forbidden: [Sat Sep 08 13:30:55 2007] [error] [client 89.14.247.41] client denied by server configuration: /home/victor/public_html/ This was caused by Apache 2.2’s /etc/apache2/modules.d/00_default_settings.conf: &lt;Directory /&gt; Options FollowSymLinks AllowOverride None <b> Order deny,allow Deny from all</b> &lt;/Directory&gt; You can either override this manually in every vhost.d/*.conf file, or you can just change the “Deny from all” line to “Allow from all” and then make Deny rules manually in each vhost.d file (if you wish). I restarted apache and refreshed my test site, but there was now a new problem - .php files were being parsed as plain text, which meant Apache wasn’t passing off .php files for processing. I added “-D PHP5” to my /etc/conf.d/apache2’s APACHE2_OPTS line, which tells Apache to load the PHP5 module. However, since my libphp5.so was built for my old Apache, I had to re-compile for Apache 2.2: emerge -av php I waited a few minutes, restarted apache, and now everything works beautifully.

Samsung ML-2010 printing using CUPS and Splix on Gentoo AMD64

The Samsung ML-2010 is a great bargain laserjet printer. I bought it from NewEgg last year for $49 after a $50 mail-in rebate, which I quickly recieved. While it doesn’t see too much more than 5-10 pages per week, I’ve never had to replace the toner cartridge. Using the Splix driver, it works great under Linux, specifically Gentoo AMD64 (x86_64) in my case. Here’s how you can get it to work, assuming you already have CUPS properly installed and working (most of this will apply to any distro): Install Splix bash emerge -av splix After this finishes, you can go to http://localhost:631/, click on the Administration tab, then walk through the steps. When it asks for a PPD file, click on “Browse” and go to /usr/share/cups/model/samsung. There you will find a file called “ml2010.ppd”. You may notice ml2010de.ppd, ml2010fr.ppd, and ml2010it.ppd, which respectively are German, French, and Italian translations of the driver. Use one of those if you prefer. You should now be able to print from any CUPS enabled application. If you have trouble with CUPS, try the Gentoo Printing Guide. Make it work with GIMP If you’ve had trouble printing from GIMP, make sure you have the gimpprint compiled into GIMP by adding “media-gfx/gimp gimpprint” to your /etc/portage/package.use: bash echo "media-gfx/gimp gimpprint" /etc/portage/package.use Now delete your ~/.gimp-2.2/printrc file if you’ve messed around with trying to get GIMP to work before. Once you start GIMP, it will detect your CUPS printers and rebuild the file. Now your Samsung ML-2010 should be working, but it didn’t for me. I had to do more. Open up or create a new image, then click File->Print. You will then see your printers listed, click on your Samsung ML-2010, then “Setup Printer”. Make sure “Postscript Level 2” is selected for “Printer Model,” then where it says “Command”, I had to remove the raw output (-oraw) option. Mine says: lp -s -dSamsung_ML-2010_USB_1 Where “Samsung_ML-2010_USB_1” is your own CUPS device name (mine is plugged into USB_1). Click OK, then “Save Settings.” Happy Printing. p.s. The above instructions should work for any Samsung printer that Splix supports.

Flash 9 sound on 64-bit Gentoo Linux

I recently blew away my completely setup Gentoo desktop when I decided I needed to rebuild on a new RAID5 array. This meant that I got go through the entire Gentoo install, build, and configuration process from scratch, after not having had to do it for ages. I also took the opportunity to use LVM2 this time around, which I’ll probably write about in a future post. Either the Gentoo process has gotten much easier or I’ve gotten much better with Gentoo. It was a fairly painless install, and it turned out my only real hiccup was getting flash9 to output sound to ALSA. I knew I had correctly installed ALSA since all my other ALSA applications output sound perfectly - Amarok, Kaffeine, and even aplay from the CLI. I also knew that Flash9 was completely ALSA based instead of OSS, so as long as other ALSA apps were playing, Flash9 should be playing. After a day of thinking about it, I gave up and visited #alsa on freenode. Adobe only supplies flash as a 32-bit binary, so running it on my 64-bit Gentoo system meant I had to either use net-www/nspluginwrapper in 64-bit Firefox or install it on 32-bit firefox. Gentoo supplies a 32-bit FF package called www-client/firefox-bin that works well on 64-bit environments and allows for native 32-bit plugins, so this is what I use. Well, on my previous install (before I wiped the disk) this 32-bit FF combined with flash9 worked beautifully, and I was able to browse Youtube all day long in full multi-media glory. However, this time around it would play the video without sound. I couldn’t get any flash based audio to work - last.fm, pandora, youtube, etc. It turns out the problem was an oversight on my part. Since the plugin and browser are 32-bit and my ALSA was natively compiled at 64-bit, the two couldn’t really talk to each other. I just had to do a simple bashemerge -av app-emulation/emul-linux-x86-soundlibs After that, a restart of ALSA and Firefox, and I was back to full flash9 sound. Flash 9 beta two works very well under Gentoo, by the way. For those curious, here are my system specs and a quick How-To: AMD Opteron 165 @ 2.3ghzAsus A8N-SLI PremiumSB Live! Value sound card64-bit Gentoo Linux If you choose to install ALSA as a module rather than in-kernel, in /etc/make.conf: bashALSA_CARDS="emu10k1" Replace emu10k1 with whatever the ALSA module for your card is. Check the ALSA list for what works for your hardware. Then ’emerge alsa-utils alsa-oss alsa-lib alsa-driver app-emulation/emul-linux-x86-soundlibs’. My /etc/modules.d/alsa:

alias sound-service-0-0 snd-mixer-oss alias sound-service-0-1 snd-seq-oss alias sound-service-0-3 snd-pcm-oss alias sound-service-0-8 snd-seq-oss alias sound-service-0-12 snd-pcm-oss
alias /dev/dsp snd-pcm-oss
options snd cards_limit=1
Add &#39;snd-emu10k1&#39; to your /etc/modules.autoload.d/kernel-2.6. Make sure you do a &#39;modules-update -f&#39; followed by a restart of alsa &#39;/etc/init.d/alsasound restart&#39;. You should be good to go.&lt;br /&gt;&lt;/p&gt;