headers
Huagang Xie | 2 Aug 2003 08:29

Re: lids error

Thanks for the bug report. Attached pls find the fix. The problem is the tty struct interface change but LIDS
do not change. 

to use it, 
	$ cd security/lids/
	$ patch < /dir_to_patch_file/lids_sysctl.c.diff 

Thanks,
Huagang

On Thu, Jul 31, 2003 at 05:02:45AM -0400, Vincent Wemlinger, III wrote:
> Help!
> 
> I am using GCC 3.3  lids2.0.3rc3 and linux2.6.0-test2 and I get this error 
> on compile...
> 
> CC [M]  security/capability.o
>  CC [M]  security/root_plug.o
>  LD      security/lids/built-in.o
>  CC [M]  security/lids/lids_lsm.o
>  CC [M]  security/lids/lids_acl.o
>  CC [M]  security/lids/lids_exec.o
>  CC [M]  security/lids/lids_cap.o
>  CC [M]  security/lids/lids_sysctl.o
> security/lids/lids_sysctl.c: In function `lids_proc_locks_sysctl':
> security/lids/lids_sysctl.c:275: error: request for member `type' in 
> something not a structure or union
> make[2]: *** [security/lids/lids_sysctl.o] Error 1
> make[1]: *** [security/lids] Error 2
> make: *** [security] Error 2
(Continue reading)

Permalink | Reply | 0 comments |
headers
James M. Luedke | 1 Aug 2003 05:46

LIDS reiserfs and quota

Hello:
    I am having some slight trouble getting quota working with my 2.4.20 
kernel, reiserfs
and lids. I first apply the reiserfs patchs 1-5  provided by 
namesys.com. This continues without
any problems. Then I attempt to apply the lids patch for 2.4.20 kernel. 
I get 1 failed
HUNK when I attempt to run  patch -p1 < lids-patch

Oddly enough I was able to build my kernel without this patch 
succeeding. Question is
what will it do, and will I be able to get quota working without it. 
More importantly
will this cause any serious problems. I attempted to manualy patch the 
file however
it has changed so much that I fear it is a bit above my head.

any feedback, suggestions would be great.

Thanks,
-James

here is the conflicting HUNK
Hunk #1 FAILED at 1403.
1 out of 1 hunk FAILED -- saving rejects to file fs/dquot.c.rej

Here is the fs/dquot.c.rej
--------------------begin
***************
*** 1403,1414 ****
(Continue reading)

Permalink | Reply | 1 comment |
headers
Sander Klein | 2 Aug 2003 10:20
Picon
Favicon

Re: LIDS reiserfs and quota

Hi,

As far as I can see it breaks CAP_SYS_ADMIN checking on the quota part.
You wil propably have no problems running the kernel but LIDS won't give
security alerts when someone tries to do 'evil' things with quota's.

Greets,

Sander

On Fri, 2003-08-01 at 05:46, James M. Luedke wrote:
> Hello:
>     I am having some slight trouble getting quota working with my 2.4.20 
> kernel, reiserfs
> and lids. I first apply the reiserfs patchs 1-5  provided by 
> namesys.com. This continues without
> any problems. Then I attempt to apply the lids patch for 2.4.20 kernel. 
> I get 1 failed
> HUNK when I attempt to run  patch -p1 < lids-patch
> 
> Oddly enough I was able to build my kernel without this patch 
> succeeding. Question is
> what will it do, and will I be able to get quota working without it. 
> More importantly
> will this cause any serious problems. I attempted to manualy patch the 
> file however
> it has changed so much that I fear it is a bit above my head.
> 
> any feedback, suggestions would be great.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Huagang Xie | 4 Aug 2003 08:17

What do you want for next LIDS version?

Hello, 

I will like to know what kind of features you will like to see
in future LIDS release? 

or which part of LIDS is the worse implemented and you will like
to see more tunning on it or even remove it? 

Thanks,
Huagang
--

-- 
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028 		4731 2BF7 7735 4DBD 3771  4E24 B53B B60A B6EF B028

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
Permalink | Reply | 2 comments |
headers
Branko Ivanovic | 4 Aug 2003 14:02
Picon

Re: What do you want for next LIDS version?


Huagang Xie rekao:
> Hello,
>
> I will like to know what kind of features you will like to see
> in future LIDS release?

1. stack protection
2. linking protection (/tmp)

Or merging with Solar Designer's openwall patch. Not by third party, but
officialy. Everyone can choose during compile time whether or not he needs
it.

> or which part of LIDS is the worse implemented and you will like
> to see more tunning on it or even remove it?

Lidsadm tool. Last few releases contained some huge changes and it is all
starting to be too complicated. Simplicity is divine.

Keep up the good work!

Regards,

--

-- 
Branko Ivanovic
System Administrator
Belgrade University, Faculty of Economics
---
http://popeye.ekof.bg.ac.yu
(Continue reading)

Permalink | Reply | 1 comment |
headers
Kevin Kwan | 4 Aug 2003 19:19
Picon
Favicon

Problems with Compiling LIDS w/ 2.4.21

Hi,

I just recently downloaded the lids-1.1.2-2.4.21 (stable) package and tried 
compiling it with a fresh copy of the 2.4.21 Linux kernel but have been 
experiencing some problems. I'm currently using Slackware 9.0.

The messages that I'm getting upon compiling are all based around the 
sched.h file, resulting in the following for example:

gcc -D__KERNEL__ -I/usr/src/linux-2.4.21/include -Wall -Wstrict-prototypes 
-Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer 
-pipe -mpreferred-stack-boundary=2 -march=i686   -nostdinc -iwithprefix 
include -DKBUILD_BASENAME=utils  -c -o utils.o utils.c
In file included from /usr/src/linux-2.4.21/include/asm/uaccess.h:8,
                 from utils.c:24:
/usr/src/linux-2.4.21/include/linux/sched.h:764:33: warning: pasting "": "" 
and ""CCC +-< cap_needed=%x cap_eff=%x cap_bset=%x uid=%i euid=%i fsuid=%i 
"" does not give a valid preprocessing token
In file included from /usr/src/linux-2.4.21/include/asm/uaccess.h:8,
                 from utils.c:24:
/usr/src/linux-2.4.21/include/linux/sched.h: In function `capable2':
/usr/src/linux-2.4.21/include/linux/sched.h:764: warning: concatenation of 
string literals with __FUNCTION__ is deprecated

I have tried patching a fresh copy of the 2.4.21 kernel with 
lids-1.1.3pre1-2.4.21 but have experienced the exact same problem in 
sched.h.

My LIDS configuration inside the 2.4.21 looks like the following:
CONFIG_LIDS=y
(Continue reading)

Permalink | Reply | 1 comment |
headers
Sander Klein | 4 Aug 2003 20:56
Picon
Favicon

Re: Problems with Compiling LIDS w/ 2.4.21

Hi,

Try to turn off the debugging. It seems like it breaks things. When I
use your config I get the same error, but when I turn off debuging the
kernel will compile.

So, you have found a bug :-) If you want to compile the turning off
debuging does the trick.

Greats,

Sander Klein

On Mon, 2003-08-04 at 19:19, Kevin Kwan wrote:
> Hi,
> 
> I just recently downloaded the lids-1.1.2-2.4.21 (stable) package and tried 
> compiling it with a fresh copy of the 2.4.21 Linux kernel but have been 
> experiencing some problems. I'm currently using Slackware 9.0.
> 
> The messages that I'm getting upon compiling are all based around the 
> sched.h file, resulting in the following for example:
> 
> gcc -D__KERNEL__ -I/usr/src/linux-2.4.21/include -Wall -Wstrict-prototypes 
> -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer 
> -pipe -mpreferred-stack-boundary=2 -march=i686   -nostdinc -iwithprefix 
> include -DKBUILD_BASENAME=utils  -c -o utils.o utils.c
> In file included from /usr/src/linux-2.4.21/include/asm/uaccess.h:8,
>                  from utils.c:24:
> /usr/src/linux-2.4.21/include/linux/sched.h:764:33: warning: pasting "": ""
(Continue reading)

Permalink | Reply | 0 comments |
headers
Huagang Xie | 5 Aug 2003 07:59

Re: What do you want for next LIDS version?

Thanks Branko for your suggeston..

anyone have more input or idea? 

Thanks,
Huagang

On Mon, Aug 04, 2003 at 02:02:49PM +0200, Branko Ivanovic wrote:
> 
> Huagang Xie rekao:
> > Hello,
> >
> > I will like to know what kind of features you will like to see
> > in future LIDS release?
> 
> 1. stack protection
> 2. linking protection (/tmp)
> 
> Or merging with Solar Designer's openwall patch. Not by third party, but
> officialy. Everyone can choose during compile time whether or not he needs
> it.
> 
> > or which part of LIDS is the worse implemented and you will like
> > to see more tunning on it or even remove it?
> 
> Lidsadm tool. Last few releases contained some huge changes and it is all
> starting to be too complicated. Simplicity is divine.
> 
> Keep up the good work!
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vincent Wemlinger, III | 5 Aug 2003 08:05
Picon
Favicon

Re: lids error

Thanks again, Huagang.

changing driver.type to driver->type worked like a charm.  lids_sysctl.c now 
compiles with no errors or warnings!

However...  lids_logs.c does not compile.  Here is the error:

  CC [M]  security/capability.o
  CC [M]  security/root_plug.o
  LD      security/lids/built-in.o
  CC [M]  security/lids/lids_lsm.o
  CC [M]  security/lids/lids_acl.o
  CC [M]  security/lids/lids_exec.o
  CC [M]  security/lids/lids_cap.o
  CC [M]  security/lids/lids_sysctl.o
  CC [M]  security/lids/lids_init.o
  CC [M]  security/lids/lids_socket.o
  CC [M]  security/lids/lids_logs.o
security/lids/lids_logs.c: In function `lids_alert':
security/lids/lids_logs.c:179: error: `buf' undeclared (first use in this 
function)
security/lids/lids_logs.c:179: error: (Each undeclared identifier is 
reported only once
security/lids/lids_logs.c:179: error: for each function it appears in.)
make[2]: *** [security/lids/lids_logs.o] Error 1
make[1]: *** [security/lids] Error 2
make: *** [security] Error 2

>From: Huagang Xie <xie <at> www.lids.org>
>To: "Vincent Wemlinger, III" <newhottness <at> msn.com>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Huagang Xie | 5 Aug 2003 09:50

Re: Re: lids error

I will release a new bugfixed version tomorrow.

please wait..

Thanks,
Huagang
On Tue, Aug 05, 2003 at 02:05:59AM -0400, Vincent Wemlinger, III wrote:
> Thanks again, Huagang.
> 
> changing driver.type to driver->type worked like a charm.  lids_sysctl.c 
> now compiles with no errors or warnings!
> 
> However...  lids_logs.c does not compile.  Here is the error:
> 
>  CC [M]  security/capability.o
>  CC [M]  security/root_plug.o
>  LD      security/lids/built-in.o
>  CC [M]  security/lids/lids_lsm.o
>  CC [M]  security/lids/lids_acl.o
>  CC [M]  security/lids/lids_exec.o
>  CC [M]  security/lids/lids_cap.o
>  CC [M]  security/lids/lids_sysctl.o
>  CC [M]  security/lids/lids_init.o
>  CC [M]  security/lids/lids_socket.o
>  CC [M]  security/lids/lids_logs.o
> security/lids/lids_logs.c: In function `lids_alert':
> security/lids/lids_logs.c:179: error: `buf' undeclared (first use in this 
> function)
> security/lids/lids_logs.c:179: error: (Each undeclared identifier is 
> reported only once
(Continue reading)

Permalink | Reply | 0 comments |

Gmane