Saturday, June 01, 2002
A Day at the Zoo
Eight o'clock in the morning and I'm wondering just why I agreed to this. Spring was wondering the same thing as we struggled to get up and head out with Rob to his trial, as Rob had asked me to be an expert witness (about email) on his behalf.
Rob belongs to the Adrian Empire, a medieval recreation society (somewhat like the SCA) that he's belonged to for the past few years. Rob uses it as stress release; beating up people with swords is apparently very good for stress release and recently Rob became a squire to Sir Trakx.
Sir Trakx has belonged to the Adrian Empire for a dozen years and founded the South Florida chapter (Kingdom of York), helped draft the Imperial Laws (which superceed kingdom law), is currently the Imperial Queen's Champion and has more titles than you can swing a sword at. A very well respected knight in the Adrian Empire, respected except by the current King of York; they have an adversarial relationship.
So it was six or seven months ago when the King, in response to anonymously posting to the Adrian Empire mailing list, sent out an email saying that he could track down any anonymous email sent to the list. Of course, that was taken as a challenge by someone on the list and within a day or two, someone had forged an email from the King to the list and the King suspected Rob as being the perpetrator of the forged email.
The evidance is scant—one bounced email (back to the King) with Rob's
email address in the To: line (it was apparently sent as a test
some 40 minutes prior to the actual forged email and unfortunately for the
perpetrator, it bounced and since it “came” from the King, he received the
bounce). The email itself either came from an open relay somewhere in
France or an ISP in
Boston. And that's it.
So that's how I found myself sitting in court (actually, a conference room at a public library) surrounded by people in Medieval period garb (lots of velvet, ornate jewelry and headbands, tight dresses emphasizing cleavage) taking part in a highly technical case involving forged email.
Quite surreal.
To make matters worse, the King was both plaintiff and judge in the trial and it was obvious that he was openly antagonistic towards Sir Trakx and using Rob as a means to get to him. The whole opening sequence of the trial was a pissing match between the King and Sir Trakx (with the result of Sir Trakx having more charges placed against him by the King).
Over the next hour a highly technical trial went on, trying to explain how SMTP works, with RFC-2821 and RFC-2822, various emails, forged and not, submitted as evidance (silly, yes I know). Sir Trakx tried to call me up as a technical witness but when I failed to produce sufficient certifications proclaiming my credentials (this is a game from crying out loud! In a trial that is setting precedance for the Adrian Empire no less!) he refused to allow my testimony. Of course the King had his credentials as a computer forensic expert on hand (a cheesy looking paper certificate).
In the end, Rob was found guilty of complicity in the forged email; there
wasn't enough evidance to convict him of having actually done the
act, but since his email address appeared in the To: line (and of
course, that can't be forged) he obviously knew about it and failed
to bring it up to the King. For his “crime” Rob received what is
basically nine months of probation—he can't serve in any political office
or in court (to which he said “Yipee!”) and he has to act as a server at
the next corronation (which he's volunteered for before so it's nothing new
to him).
The politics are so fierce precisely because the stakes are so low.
Dr. Arnold J. Mandell
Then, Sir Trakx was put on trial on two counts: failure to address the King with his proper title and for lying to the King about receiving Official Notification of Rob's actions (Sir Trakx maintained he was never officially notified; the King felt otherwise). By this point Sir Trakx didn't really care and basically told the court, in the manner of William Shatner, to “get a life!” Sir Trakx was involved in the Adrian Empire as a hobby and it had since failed to be fun for him anymore.
He was found guilty on both charges (failing to address the King with his proper title, he was definitely guilty) the second charge the King had absolutely no case but had stacked the deck against Sir Trakx with his pick of jury (technically called judges but they acted as a cross between judges and jury). He was banned from the game for six months, and when he returns, will not have be accorded privledges of his rank for another six months.
The kicker is though, that Sir Trakx has the favor of the Imperial Court and can now get them involved in the situation. Also, the laws the King has passed are illegal according to the Imperial Laws (since the local laws cannot superceed Imperial Law, and any local law has to be sent to the Imperial level for approval and the King has failed to do such). I found that rather amusing.
Sunday, June 02, 2002
It's what I get for answering the phone
Since I had no real other plans, I ended up helping a friend move. He had finally closed on his new townhome and was moving for the first time in his life (he still lived with his parents and had managed to save up enough to buy a house). He said I could write about this, but requested anonymity for reasons that will become apparent.
When I arrived with G and K to F's new house, we killed a few minutes walking through the neighborhood (most of which is still under construction). Like most modern developments here in Lower Sheol, the sameness is numbing and scary at the same time; looking down the street you see identical units, with identical plantings and (soon) identical cars and people. Being townhomes, there is nearly no yard to speak of, and it is not pedestrian friendly (very limited sidewalks).
He his Dad and another friend, S, arrived shortly with the U-Haul truck they rented for the move.
I should note that it was now 8:00 pm and this was their first moving trip of the day.
Granted, F (the one moving) only had his room to move but it was still a rather late start.
The truck was unloaded into the garage in about ten minutes, and his Dad drove the truck back to his house for the next load. We spent the next half hour recovering from the taxing exertions before heading back to F's parents' house for the next load.
F had put a down payment on the townhome over a year ago and only in the past week or so has the construction on it finished (and there are still a few details to work out). In the past month it became clear that he would be moving in a few weeks. He knew for the past week he would be closing on the house. Did he pack anything?
No.
Nothing was ready to go.
I can understand if he had less than a week's notice of moving an entire house but no. It's just one room.
And while I may be a pack rat, F has managed to pack an amazing amount of stuff into one room. So much stuff that no one really knew what color carpeting was in his room until we got there and the space formerly taken up by the waterbed was now free. I thought the carpet was blue, G thought it was green; the actual color was gray (the color differences was due to poor lighting and the clutter on the floor). There were still about four or five major pieces of furniture that needed cleaning off, dusted off (it's been years since the room had been properly dusted) and loaded.
And by cleaning off, I mean the removal of stuff. So F spent the time moving stuff off the furniture, and the rest of us carrying it out to be cleaned. F's Dad set up an air compressor and hose to blast the furniture with air to get most of the dust off, then a towel and lots of Pledge to finish the job. To say the furniture was a bit dusty is to say that Saudia Arabia is a bit sandy.
Clouds of dust permeated the air; dust bunnies were scurrying away into the darkness. Masks were handed out to prevent black lung. It was quite bad.
We had arrived at the parents' house around 9:00 pm.
We finally got the furniture (and only the furniture—F still has to pack the stuff up but that can be taken by car) onto the truck by 11:52 pm (and we know that because F was beeped by his work computer saying it had finished generating an important report at that time).
Back to F's new townhome and again, ten minutes to unload the truck.
Monday, June 03, 2002
For Sale: One Holy Land
You want to talk about buying and selling land? You tell me that land which I bought years ago is so valuable to the kids of the old tenants they're willing to send their children out to blow themselves up to get it back, Ill tell you what we have here are what the real-estate trade calls motivated buyers.
What, have the Israelis forgotten how to be Jews? Sell them the god-forsaken land back at a hefty profit, jacking up the price because of all the improvements. If they dont have cash, make them sign sixty-year mortgages, and appoint the Swiss Guards as the collection agents for the loans. Take the profits and retire to Palm Springs.
Sheesh.
The Unholy Lands by J. Neil Schulman
It's either that, or possibly have the UN take control of the Holy Land, or just Jerusalem, since it's apparent that Jews, Muslims and some Christians want it to themselves and can't share, so let's make so that none of them own it and have to answer to some other higher authority, since YHWH (aka God aka Allah) certainly isn't taking charge here.
The Dinner Song of J. H. Marx
Did I tell you we called him Tom?—possibly because that's his name. I, of course, asked him to call me Tom too, but only because I loathe the name Julius.
Yours,
Tom Marx
Ah … Groucho Marx. Gotta love the guy. 29 years ago today Groucho Marx and T. S. Eliot met for dinner, as each was a fan of the other's work. The dinner didn't quite go as expected but at least Groucho had a sense of humor about the affair.
A little touched
A brain-damaged hippie has decided to devote all his time and money into pitching a surreal cartoon/live-action musical/Hollywood blockbuster about the powers of peace and love. He has a convoluted plot that involves love babies and sperm and magical lovemaking and the KKK and Vietnam and death and birth and it's all done in this heavily marketable style that is so fucking insane you will never want to go near acid ever again.
HIGHLIGHT: He goes off on a tangent about a new chain of organic vegetarian restaurants called Peace and Love that will stem from the success of the movie and will compete with McDonald's.
Via Flutterby, TOUCHING PEOPLE
I'm not so sure about these touching people, but I will say that the videos on this page are of people that are seriously touched. The funniest I found was the Martin Carlton Stunt Special, where he seriously attempts to leap from the top of one pine tree to another pine tree maybe 50, 100 feet away. He doesn't quite make it. The saddest (or pathetic, depending on how you view it) is of Orson Wells selling champagne near the end of his life (can you say “pissed drunk?”).
Then there's the CEO of Winnebago attempting to make a commercial but comes off more like an extra in a Scarface (oddly enough, Spring and I had a conversation about swearing last night; mainly about how little I do and why. I said that I grew up being taught that swearing was bad and that the adults in my life actually did very little swearing. And if used too much, the words loose their power and when something really bad happens you could be rendered speechless; not having any words powerful enough to express the emotion. Spring said that she had, in fact, found herself speechless on a few occasions—the swear words not being powerful enough for her to express what she was feeling).
Star Wars Geeking
Major geekage.
Rob and I got into a conversation about the Force and light sabers. I don't remember exactly how we ended up on a Star Wars conversation, but we did.
What can I say? We're both geeks.
I remarked that in all the films so far, we haven't really seen light sabers used to their full potential. Almost in The Phantom Menace, with Darth Maul's double-ended light saber, but I felt he didn't use them to full effect; what he should have done was light only one end to fight Qui-Gon and Obi-Wan and when the opportunity presented itself, snap on the other end and sweep across in a surprise attack. Rob said that doing such a maneouver would be very dangerous and very hard to do if the power switch wasn't right there for Maul to ignite the blade. Or even if the switch was turned on at the wrong moment (“Ooops … impaled myself … darn it all!”).
Point conceeded, but hey, we're talking about Force-using warriors here—ones who can use telekinesis to move objects. Who's to say that without the proper training that a light saber can't be turned on using the Force?
Even then, we don't really have an evidence that a Jedi (or Sith Lord) can both wield a light saber in battle and use telekinesis at the same time. In every instance in the various movies, the use of telekinesis is exclusive with direct engagement with the light saber.
But even more creative uses of the light saber have yet to present themselves (in the movies that is). Why not strap the light saber to the arm, and have the on-button in the palm of the hand? As you (the Jedi knight or Sith Lord, take your pick) punch your opponate, hit the switch and instant impalement. Rob said that such a use has been described in the various Star Wars books that take place after Return of the Jedi, but I would like to see more creative use of light sabers in the movies.
The conversation then turned to actual fighting styles. In the book for Attack of the Clones, it mentioned that Count Dooku used a fencing style, where as the rest of the Jedi use a Kendo slashing style sword play. The Kendo style makes sense in the presence of lasers—the sweeping motions are used to deflect the beams but in Jedi-to-Jedi combat (and even in real life, Rob assured me) that unless the skill levels are way out of wack, a fencer will slice to ribbons a person using Kendo; the fencer has tighter control over the weapon and can take advantage of openings that a slashing style presents. And Rob should know, he plays with swords quite often.
Tuesday, June 04, 2002
No more Mozilla navigation bar
It's a shame that Mozilla dropped the navigation bar for the 1.0 release due to speed issues. It's a nice feature that not many browsers support currently and I hate to see it not supported by Mozilla.
Hopefully this is only a temporary feature pull.
Lock out
In the fourteen or so years I lived in Condo Conner I locked myself outside a few times; enough to count on one hand and still have fingers left over.
In the less than six months here at the Facility in the Middle of Nowhere I have now managed to lock myself out three times. What the heck is wrong with me?
It just happened, otherwise I wouldn't be bringing this up. I'm putting laundry in, and Rob comes down stairs and we start chatting. I finish putting in the load and Rob heads outside to smoke a cigarette and I follow him, subconsciously locking the door behind me.
The door closes. “Um, Rob,” I said. “You wouldn't happen to have your keys on you, would you?”
“No. Why?”
“Oh … no particular reason … ”
Fortunately, Rob has a good sense of humor about these things.
Wednesday, June 05, 2002
Getting back at Chinese spammers
The other day I recieved a piece of spam. Nothing spectacular, no jewel cartels, no ex-girlfriends, no marijuana and no pleas for help from timetravellers. Nope, just your ordinary porn spam.
Only it was to my private email address—the one that until now was spam free.
I want to make sure the person that sent this out pays.
So I start tracking headers, and well, it seems to come from China, which means there isn't a whole lot I can do. Or is there? This is what I sent back to the spammer and various upstream providers (including the one in China):
This is unsolicited spam. Please remove me from your list promptly. To the others I have carboned on this message: the user is a spammer and I did not request to receive this email, nor do I wish to receive such email, nor do I want the products advertised herein. A copy of the full email follows.
Thank you.
[headers removed—nothing important here]
Hello I am your Falun Gong instructor.
I am the one you dream About,
I will train you in the ways of Falun Gong, for it is my life,
Love to talk about and any subject.
Falun Gong is my way of life,
Ultimate in exercise.
Yeeeeeeeeaaaahhh
I am ready for you.
It is not yoru looks but your determination that matters most,
With My teaching skills I can make your dream come true…
Hurry up! call me let me instruct for you…………….
TOLL-FREE: 1-877-451-8336
For phone billing: 1-900-993-2582
–_______________________________________________
Falun Gong being an illegal religion in China. I hope the spammer doesn't mind me changing the message a bit.
The millimeter waves of space
So sweet. Rob lent me his Cisco Airo 340 (a wireless PCMCIA network card) since he's not really using it right now; he was using it at work but they shut down the wireless network there.
I pulled down the latest version of the PCMCIA Linux drivers and
started compiling. When loading the Airo module it kept complaining about
unresolved symbols. Now, I'm compiling the modules under Linux 2.0 (they
compiled fine) but I'm guessing some subtle changes have been made. I found
the required symbols (under 2.0.39 they're inline functions), added the
include file (<linux/isdnif.h>) to airo.c and that
solved that problem.
The next problem: verbosity.
Since my laptop is rather limited in memory, I don't really run much, so any messages the kernel prints gets dumped to the console, and this driver is rather chatty. Annoyingly so. So back to the source code, comment out the messages, and we're good to go.
I had ssh1 installed but since there are issues with it, I
decided to go ahead and install OpenSSH (since I already have it compiled
for Linux 2.0). That was harder to get working than getting on the network.
Regenerated the keys three or four times (on this laptop, that's
not a fast operation), installing PAM, playing with configuration files and all it
turns out to be is a permission problem on /dev/tty. Sigh. I
still have problems with scp (secure copy—I keep getting
“protocol error: unexpected
<newline>”) but I'll solve that soon enough.
But this wireless network is soooo sweet. The ability to walk anywhere (well, within a few hundred feet) and still be online. So I can now sit out in the courtyard and work, or (like I am now) hanging out with Rob as he sets up a file server for the Facility in the Middle of Nowhere and watching Junkyard Wars and still being online.
But then again, you knew I was a geek to begin with.
Nuke one spammer
I heard back from one of the upstreams on the spam I received: the account has been removed. Score one for me, but I hope that my email address isn't passed on.
Thursday, June 06, 2002
Changing your gender is less risky than changing your Windows userid
Rob is planning on setting up a file server (running Linux) for the Facility int he Middle of Nowhere that needs to support both Unix and Windows. Nothing terribly difficult, and Samba is getting easier to configure with the passing years.
Only problem is that the userid on my Windows system does not match the one on the Unix systems, but it doesn't seem to be that big of an issue—Samba looks like it can map between Windows and Unix userids so nothing has to change on my Windows system.
Only that feature in Samba doesn't seem to be working very well. Or at all. As a test, Rob creates a userid on the Linux file server and I can mount the drive under Windows (or “access the share” in Windows lingo). I would prefer to use the Unix userid under Windows though. Okay, change the userid under Windows.
Something I would think would be simple. It's pretty straightforward under Unix but apparently it's not something to triffle with under Windows. Once you set your userid, that's it. It's carved in stone for all eternity (or until the next time you reinstall Windows to fix some other simple problem like moving the mouse unexpectedly).
No. It's clone the existing userid and under no circumstance should you ever, ever, even think of deleting the orginal userid, or the folders to conserve disk space.
I found that out the hard way.
Saturday, June 08, 2002
Become a McGuyver without leaving your home
While intended for kids, I personally would love to build some of these toys. Motors with just a battery and some wire. A plastic hydrogen bomb (okay, maybe not that, given the recent events in Asia). Or how about the radio out of a few transistors, three pennies, some caps, some resistors, salt, vinegar, crumpled aluminum and a stainless steel bowl (or three)?
Way cool stuff here. This almost makes me wish I had the WWW when I was a kid.
(I found the link via 0xDECAFBAD)
Tuesday, June 11, 2002
For Sale
I've called. Left messages. Sent pictures. But I have yet to actually get in touch with the couple who expressed interest in buying Condo Conner as is. I'm guessing they aren't interested, or the contact information I have isn't correct.
So I'm meeting with a realtor today at Condo Conner. When I get there, I meet up with my upstairs neighbor whom I thought had already sold his place (for the same reason I'm selling mine—Condo Commandos got to him too) and I asked him about this.
He had, although he didn't get what he wanted for the place (3/2, upstairs, which in this case means vaulted ceilings, lake view) and he showed the place to twenty-nine (29!) people before selling it. He also had problems with the Condo Commandos approving the seller and he even went to one of the meetings and called them to task (“What gives you the right to control my finances?”); it wasn't pretty.
This bodes not well.
After waiting a few minutes, I saw a well dressed woman carrying what looked to be file folders walking past the apartment. I figured this was Ms. Koecher, the realtor agent I was meeting and went out to meet her.
It was.
Over the next hour and a half we toured Condo Conner and talked about what I was trying to achieve. Me? I'm trying to get the place sold and I don't mind selling it “as is.” Going over a printout of recent condos sold in the area, it seemed that most have actually sold in two weeks (one sold in eight days) and the cheapest (a 2/2) went for just a bit under $100,000; she felt I could easily get my target price. She also has a handyman that can come in and finish up the work needed.
Leaving, I felt much better about the situation.
Thursday, June 13, 2002
Clarification
I should probably clarify a point from my last entry: I did hire a handy man but he had to attend to a family emergency in Pensylvania for a few weeks so he wasn't able to finish everything. I can settle the outstanding bill with him (or his assistant) and have the realtor send hers over to finish the job.
Now, I'm awashed in paper, going through my files tracking information down (and cleaning out my files) in preparation of selling Condo Conner.
Maybe in another thirty years …
While cleaning out my files I came
across some movie promotional buttons from 1992. Specifically, quite a few
from Batman
Returns and one or two from Alien3. It was (and I guess
still is) movie memorabilia and it's been ten years now; hey! They might be
worth something!
I check Ebay and see what they may be going for nowadays.
Only one Batman Returns button listed, and it's going for $2.00.
I didn't find any listings for the Alien3 buttons on Ebay.
Sigh.
Anyone care to buy a “Penguin for Mayor” button?
The computer that refuses to die
Must be something in the air.
First, my friend Ken sent me the following email:
Wow … I didn't know people even still used Amigas!
And then I get a call from Rob saying he's got a line some Amiga stuff (which I had to decline, since I don't have the space for it right now).
Tuesday, June 18, 2002
Updates
While I'm trying to get Mutt compiled (it wants a version of iconv so I
have to find a version it likes—compile compile compile, hack hack hack,
etc. Why mutt? Rob has been trying to sell me on
it for the past year or so, and Spring has found elm rather
… lacking and seeing how elm is no longer being maintained and
all … ), I might as well make an update here.
Finally got all my stuff out of Condo Conner—nothing like moving furniture in a downpour (Saturday). But it's clean of stuff so it's been vaccum and cleanup time. It is also on the market (woo hoo!) as of yesturday, so hopefully in a week or so I'll have it unloaded.
I was also lucky enough to aquire two Newtons this week (great! Just what I need—more stuff)—a MessagePad 130 and a MessagePad 2100, both in working condition. I have one already, a MessagePad 120 which I thought was non-functioning (well, it would function if plugged into the wall, but wouldn't run off batteries) but I was mistaken (go figure—it now works). So I have three working Newtons.
I'm liking the Newton 2100—it's fast. And the backlit screen is great! I've always liked the Newton; never did warm up to the Palm Pilots with their small size, non-existant handwriting recognition (it uses a simplified writing system call Graffiti—the Newton can read your writing however) and very minimalistic names and dates applications. The Newton (coming originally from Apple) has a much better user interface than the Palm Pilot can ever hope to have.
But alas, Steve Jobs killed the Newton (may he rot in Hell).
On the plus side, the Newtons have retained their value quite a bit (wow! Over $100 for a MessagePad 2100 … not bad considering it's about five years old now).
Updates on the updates
No sooner than I update than I get an update from Ken about Elm ME+, an
opdated version of elm with POP and IMAP support.
Might look into that, but mutt is also decended from elm, has
all the features that Elm ME+ has and is completely configurable.
Hmmmm … decisions … decisions …
Tuesday, June 25, 2002
Sploits, upgrades and updates
I avoid upgrading, not so much to avoid version fatigue as that what I have works and as the saying goes, “if it ain't broke, don't fix it!”
So it was rather surprising to find myself upgrading two important packages this week. The first being Apache. In looking over the security bulletin, while it wouldn't allow one to get remote access on my particular platform (a 32 bit operating system) it could lead to a denial of service attack so I decided for performance reasons to upgrade (unlike most sysadmins I know, I'm not so paranoid about people gaining access that my systems are unusable but that's a rant for another time).
The Apache upgrade went smoothly.
The other package I needed to upgrade however …
I received word from Mark about an upcoming OpenSSH exploit that will allow remote root access! While I may be relaxed about security, I'm not stupid either.
Reading up on it, no patches are available, but if you run the latest version with a certain option, the bug that allows the exploit is still there, but it can't be exploited.
Okay …
So I download the latest version of OpenSSH, configure, compile and install
the code on my development server (I'm not about to install it untested on
my colocated box—if I screw up it's a long and painful process to fix). Install and run
the new sshd server. Okay, seems to be running. Attempt to log
in.
Apparently it accepts incoming network connections, then promptly drops the connection. I can't log in.
Odd …
I check the log files and for every attempt I made to log in, find the following entry:
Jun 25 04:14:56 linus sshd[13062]: fatal: mmap(65536): Invalid argument
The number being fed to mmap(), 65536, is suspicious but given the
platform I'm on, shouldn't be invalid. Time to check the source to
OpenSSH:
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
if (address == MAP_FAILED)
fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
openssh-3.3p1/monitor_mm.c:88-90
This is the only place in OpenSSH that calls mmap() so I have the
right location. And since mmap() is complaining about getting an
invalid argument, it's time to determine just which argument
mmap() is complaining about.
Now, normally, mmap() is used to map files into memory, but it does
have its other uses (such as here, which seems to be allocating a section of
memory to be shared with something else). Going through the paramters, the
first is the starting address, which here is NULL but that's
allowed; it just tells mmap() to use any available address that
matches the criteria. The length (65536) should be okay for this
platform. The protection of the memory region (PROT_WRITE and
PROT_READ) look good, as to the options (a shared, anonymous region
of memory). The file to be used (-1) looks odd; the man page doesn't say
anything about not specifying a file, but the offset to use in the file
(which isn't specified) looks good.
Now, since the man page doesn't mention anything about not specifying a file, now it's time to check the kernel sources to see what Linux might be rejecting.
if (file != NULL) {
...
} else if ((flags & MAP_TYPE) != MAP_PRIVATE)
return -EINVAL;
linux-2.0.36/mm/mmap.c:171-198
Here, file is NULL so the else clause kicks in,
and well … there you go. OpenSSH is asking for MAP_SHARED
but Linux 2.0.36 doesn't support that option. Neither does Linux 2.0.39
(what my colocated server and firewall run).
Linux 2.4 however (at least 2.4.18 which I had immediate access to)
does support the usage of mmap() than OpenSSH requires.
But due to a lot of reasons, upgrading my servers from Linux 2.0 to 2.4 is pretty much out of the question (at least for any reasonable amount of time and effort), and taking out the offending code in Linux 2.0 is out, until I can test it and make sure it works, so in the mean time, my only real hope is security through obsolescense.
I recompiled the version of OpenSSH I am using with different compiler options to make an exploit less likely to work, since exploits are quite dependant upon both the architecture and code layout (and operating system, plus maybe kernel versions of said operating system) this should be good enough to keep all but the most dedicated off my systems.
But it was possible …
The other day Rob comes into my room. “I need some help,” he said. “I made a mistake on my Sun box and I'm wondering if you could help me.”
Turns out Rob renamed a critical directory (/usr) and not only were
most of the commonly used programs stored under it, but so were all the
runtime libraries used by these commands, so nothing would run except for a
few statically compiled programs (programs that contained the libraries they
needed inside themselves). Nothing but the shell, mount,
umount and fdisk were available.
Now, I'm used to recovering with minimal commands but there was no way to rename a file, or change its permissions.
Heck, we were worse off than those in the classical Unix horror story. Had I known SPARC assembly and how
to call the kernel for Solaris 7, then yes, we might have had a chance.
Create the smallest binary to either create a directory, or to rename a
directory, and we'd be set. While it seems hard to create a file without
the normal commands one usually uses for such a task, echo
is a shell built-in, and using that with redirection and the
ability to specify arbitrary octal constants (with the “\nnn” notation
supported by the shell) and you have your program.
Okay, so you can't change the permissions on it, so pick some file you no longer need with execute permissions and write over that, then you'll be able to execute the hand-written program to get back into business.
Granted, that's if either of us new SPARC assembly and the executable format.
Since neither of us did, there wasn't much that could be done.
Well, maybe mounting the drives on another Solaris box, but Rob really didn't care all that much since we was planning on reinstalling Solaris on that system anyway.
But it was possible …
Chalk marks the millimeter waves of space …
I've seen several sites now mentioning warchalking and I'm wondering just how long it will be before The Facility in the Middle of Nowhere is marked?
In other news, the other day I noticed that Publix (the local supermarket) now sells sidewalk chalk.
Hmmmm …
Wednesday, June 26, 2002
“The Sky is Falling! Get to a bomb shelter! Although, an umbrella would work just as well … ”
To: [a whole lot of lists]
Subject: Upcoming OpenSSH vulnerability
Date: Mon, 24 Jun 2002 15:00:10 -0600
From: Theo de Raadt <XXXXXXXXXXXXXXXXXXXXXXX>There is an upcoming OpenSSH vulnerability that we're working on with ISS. Details will be published early next week.
Upcoming OpenSSH vulnerability
Well, nice to know that “early next week” means “today.” Also nice to know that the couple of hours I yesterday could have been fixed with a simple one line configuration change.
I'm of mixed minds about how this was handled. I do think Theo overplayed his hand in attempting to force one particular way of fixing the problem with priviledge serparation (which is probably a good idea if the operating system in question supports it) but given that an exploit in OpenSSH could cause massive damage, how else can you solve the problem such that the damage is minimized?
Hard questions, and that's why I'm of mixed minds (I would have preferred knowing about the one line configuration change but would have that given the Black Hats enough of a clue to write an exploit?)
![[The future's so bright, I gotta wear shades]](https://www.conman.org/people/spc/about/2023/1023.t.jpg "The future's so bright, I gotta wear shades")