Re: Mini-Kernel - What and where are the latest sources?

Hi Ben

Thanks for the very quick anser.

I've got my brand new Wheezy development environment in a vserver and
I'm ready to begin.

When I last compiled Linux (about ten years ago) I used to do:

make menuconfig

do the config change

make bzImage && make modules && make modules_install

I never thought I would need to this again since the major distros
contain reliable up-to-date kernels - regrettably Debian dropped vserver
support.

I have read of several way to build 'the Debian way' so that the result
is a .deb package with the new kernel. Do you have a suggestion - please
point me to a suitable web page.

I don't seem to be able to download your util-verser sources with
apt-get. Is this what I should be doing? I have the original tar from
http://linux-vserver.org/Welcome_to_Linux-VServer.org. Maybe I should
just compile this.

Thank you in advance

kernel/guest parameter tuning for wordpress

I have a chronical problem with wp (nging+fastcgi) blogs
crapping out really easily in vserver guests. Before I
investigate this as a wp/nginx problem, are there
any suggestions for tunable parameters for kernel/guests?

Thanks.

--

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

[build script for wheezy guest]

Hi,
I want to share my simple guest build script for wheezy:

http://linux-vserver.org/Wheezy-guest-build-scripts

If you have any other useful build scritps, share them on the wiki!

cheers,
Serge

Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)

Hi,

The semtex.c exploit released today permit any user on the host to gain 
root privileges, i confirm that it works on a 3.2.42-vs2.3.2.16-beng 
kernel but it doesnt work (at least not "out of the box") on a VServer 
guest with "normal" capabilities/flags used.

Note that the exploit must be compiled with -O2 in order to work.

More infos and the exploit code : 
http://packetstormsecurity.com/files/121616/semtex.c

Regards,
         Jean Weisbuch

patch for applying patch-3.0.17-vs2.3.2.1.diff to linux-3.0.18

attached is my proposed patch to fix the rejects when applying
patch-3.0.17-vs2.3.2.1.diff to linux-3.0.18 (fs/proc/uptime.c & Makefile).

1. apply patch-3.0.17-vs2.3.2.1.diff
2. delete rejects
 a. fs/proc/uptime.c.rej
 b. Makefile.rej
3. apply patch-3.0.17-18-vs2.3.2.1.diff

please review and provide feedback (accept or reject).

thanks!

corey
--
undefined <at> pobox.com

Re: mnt_is_reachable() deadlock? [was: opteron server dies with vserver patch]

On Wed, Jan 25, 2012 at 05:14:51PM +0100, Pawel Sikora wrote:
> Hi Herbert,

> i've finally grabbed some useful backtraces in current short
> service window. with short autofs unmount timeout (1 sec)
> machine oopses in few seconds :)

that is good news indeed, can you enable the following
kernel options and retest/trigger the issue?

CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_REDUCED=y

CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_PROVE_LOCKING=y
CONFIG_LOCKDEP=y

(if not already enabled)

thanks in advance,
Herbert

[debug trace zapped]

Re: Patched base.c file for the CVE-2012-0056 root privilege escalation exploit for the 3.0.17 VServer kernel

Le 24/01/2012 00:29, Sergiusz Pawlowicz a écrit :
> Hi, does it mean a user in guest can take over the whole machine or
> only the guest itself?
>
> cheers -
> Serge
Only the guest itself, "fortunately".

---
As promised, the kernel package for Debian : 
http://jbboin.phpnet.org/procmemfix/linux-image-3.0.17-vs2.3.2.1-procmemfix_3.0.17-vs2.3.2.1-procmemfix-10.00.Custom_amd64.deb

So far, i tried it on one machine and the exploit doesnt seems to work 
anymore but it might be unstable, so, try at your own risks.

ps: the kernel headers package : 
http://jbboin.phpnet.org/procmemfix/linux-headers-3.0.17-vs2.3.2.1-procmemfix_3.0.17-vs2.3.2.1-procmemfix-10.00.Custom_amd64.deb

Patched base.c file for the CVE-2012-0056 root privilege escalation exploit for the 3.0.17 VServer kernel

Hello everyone,

The kernel >=2.6.39 are vulnerable to a privilege escalation exploit 
related to /proc/≤pid>/mem, i tested one of the available exploit on a 
3.0.9 VServer kernel and it allow any unprivileged user on the host 
system but also on guests to gain root privilege ; for more infos about 
it : http://blog.zx2c4.com/749

I patched a VServer patched base.c with the Linus patch

(http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc#patch1) 
from the 3.0.17 sources (from the linux-source-3.0.17-vs2.3.2.1-beng 
package), i had to manually patch the chunck #1 which was rejected at 
first but the others didnt make any complaint.

Here is the patched base.c file : http://jbboin.phpnet.org/base.c

I am now compiling a kernel package with this patch, will share the 
package as soon as it finished compiling (and if it seems to work).

Regards.

Re: [SPAM? 2.802] AW: Re: [vserver] Centos6 Template

Am 19.11.2011 16:32, schrieb Roman Pretory:
>
> Have little trouble by starting, seems to be a litte work 
>
> and so have to wait , until I have a littele more time.
>
>
Solved this yet?

--

-- 
greez,

Guenther Fuchs

Re: [Openqrm-user] linux vserver still supported?

Too bad...

----- Forwarded message from Matt Rechenburg <m.rechenburg <at> t-online.de> -----

From: Matt Rechenburg <m.rechenburg <at> t-online.de>
Date: Sun, 15 Jan 2012 17:42:16 +0100
To: openqrm-user <at> lists.sourceforge.net
Subject: Re: [Openqrm-user] linux vserver still supported?
Organization: openQRM Project
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7
Reply-To: m.rechenburg <at> t-online.de

Hi Eugen,

On 01/07/2012 02:14 PM, Eugen Leitl wrote:
> Hi,
>
> I'd like to use OpenQRM in a cloud hosting context. A few days
> ago I've heard that the VServer plugin support has been dropped
> despite still being listed in the documentation.
>
> Is that correct or a baseless rumor?

yes, we have dropped the support for linux-vserver (for now) but have
added "lxc" and "openvz" which may be fitting alternatives for
linux-vserver. The main reason for deprecating it in openQRM is because
the network layer abstraction in linux-vserver is kind of "tricky",
anyway a great project.

Building on CentOS 6.2