Hello, Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ? Eric

-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

maybe i am missing something here but i have nothing like /usr/src/linux Kenneth

On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:

...

Eric Romang wrote:

...

Nobody has answer ?

Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.

To get you started though, consider these steps:

1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected

Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)

Hope this gets you started.

Erwin

---

...

...

-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Hello,

I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?

Thanks for your help.

Eric

[.....]

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

Hello, Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ... When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more... But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users... Regards. Eric

-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: 15 November 2001 07:44 To: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Ok, this is really the last answer to this thread - I promise ;-)

Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period.

Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need.

Again: kernel RPM =! kernel source RPM

Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-)

Erwin

--- Eric Romang wrote:

...

Hello,

Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?

Eric

...

-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

maybe i am missing something here but i have nothing like /usr/src/linux Kenneth

On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:

...

Eric Romang wrote:

...

Nobody has answer ?

Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.

To get you started though, consider these steps:

1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected

Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)

Hope this gets you started.

Erwin

---

...

...

-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Hello,

I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?

Thanks for your help.

Eric

[.....]

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

* Erwin Zierler - stubainet.at wrote on Thu, Nov 15, 2001 at 10:17 +0100:

...

When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this

I cannot verify this but if I remember right I always had to build my own kernel to enable quota support

Are you sure? SuSE scripts honor quotas, so I would wonder why...

...

update, SuSE say's nothing about consequence ..., I loose all my configuration,

What kind of configuration?

...

and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...

Yes, in short I wish SuSE would be more careful in such issues. It may happen that you get an update package with different build options, sometime that is the reason for the update, but sometimes you get even new depencies or so. After all, it looks that SuSE has no well defined compile farm / build hosts, and by this every build can change the system behavoir a little. But of course it's really impossible to have a RPM for each lib combination :)

...

a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers

Do you mean SuSE or really Linux?

...

if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...

Or Linus? I'm sure he never build no SuSE RPM at all :) [... cut a large part I totally agree with ...] oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.

* Roman Drahtmueller wrote on Thu, Nov 15, 2001 at 12:34 +0100:

...

Are you sure? SuSE scripts honor quotas, so I would wonder why...

Well, it worked on my systems, flawlessly... Strange.

There is nothing like the SuSE build farm on this planet, promised. Each single package that we publish, be it on the CDs or in the update tree, is being built in an own mini installation where dependencies between packages are resolved automatically.

That means, the filesystem is in a defined, orgininal state before _each_ package build? Then I wonder why depencies changed in a few packages.

In fact, this system enables us to basically build a 6.4 distribution in about 17 hours, from scratch/source, with all updated packages, and 6 CDs in your hands, at the very same configuration.

Off Topic, but very interesting :) How do you do that? It remebers to "make world" :) I would expect that some configure would use some lib which is not a default or similar. But shouldn't be a problem since RPM is smart :)

kernels do not depend on any library.

Was meant as example for any packet. Kernel depends on modules (insmod i.e.) and on /usr/src/linux/Documentation/Changes: - Binutils 2.8.1.0.23 - Linux libc6 C Library 2.0.7pre6 - Net-tools 1.52 and others. Not only for build, for operation, too.

In fact, they do not depend on anything, the kernel binary rpm can run standalone without anything else (while it may not make sense in most cases). By consequence, you are able to use a 2.4 kernel RPM built on a SuSE-5.3 distribution and install it on a 7.3, and it should work out of the box.

I would expect the first problem when trying to load a network driver or problems with /dev/tty or with ioctrls or with any other things. I have somewhere a server with 5.1 I think, maybe I'll try a 2.4.x kernel :) Just for fun :)

...

...

...

if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...

Or Linus? I'm sure he never build no SuSE RPM at all :)

At least he uses SuSE systems, while he doesn't make a fuss about that... Building an rpm is really easy once you found the basics.

I really like RPMs. And I really like that SuSE use it too, in contrast they could decided to make an SPM or so. RPM is not that bad, really.

The SuSE spec files are very clear to read, they all look the same, and in their comments you can find the packages that are required to be installed for the package to build.

Yes, I know, I patched a few packages... The onliest detail: RPMs are not backward-compatible. rpm --rebuild package-7.3.src.rpm won't work out of the box on a 7.1 or so, but this is not an real issue :)

Get some source rpm and do rpm --rebuild source.rpm. Funny things happen. :-)

I already spent some nights on "fixing" SPEC files for various RPMs. I know what you're talking about :) And by this I know that RPM building is a real complex task. And SuSE has soem hunderts to build. Ohh, I'm lucky, I have only a very few :) :) List, I'm sorry for this OT mail but a part of security concepts is to know about the processes of the supplied components as you know... Well, so it's not really OT :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.

Hello, Here are the shell lines off my server. server:~ # quotacheck -auvg -F vfsv0 Cannot get exact used space... Results might be inaccurate. quotacheck: Going to check user quota file of /home quotacheck: Checking quotafile info... quotacheck: Headers of file /home/aquota.user checked. Going to load data... quotacheck: Not found any corrupted blocks. Congratulations. quotacheck: Cannot remount filesystem mounted on /home read-only so counted valu es might not be right. Please stop all programs writing to filesystem or use -m flag to force checking. server:~ # repquota -av repquota: Quotafile format detected differs from the specified one (or the one k ernel uses on the file). Ok the aquota.user work fine. But the format is different since I have install the new RPM... Regards. Eric

-----Original Message----- From: Bob Vickers [mailto:bobv@cs.rhul.ac.uk] Sent: 15 November 2001 15:24 To: Eric Romang Cc: suse-security@suse.com Subject: RE: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Contrary to what many people have suggested, both the vanilla and the fixed SuSE 7.2 kernels do have quotas enabled. You can verify this by typing gunzip -c /proc/config.gz | grep -i quota

HOWEVER, I have been unable to get quotas to work, and this problem was reported by another user on the suse-linux-e list (see http://lists2.suse.com/archive/suse-linux-e/2001-Jul/1934.html )

Also when I tried it quotas were not supported on reiserfs.

I haven't repeated my tests with the new kernel.

I think your best bet is to ignore all the advice about building kernels and re-ask the question on suse-linux-e.

Bob

On Thu, 15 Nov 2001, Eric Romang wrote:

...

Hello,

Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ...

When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...

But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...

Regards.

Eric

...

-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: 15 November 2001 07:44 To: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Ok, this is really the last answer to this thread - I promise ;-)

Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period.

Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need.

Again: kernel RPM =! kernel source RPM

Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-)

Erwin

--- Eric Romang wrote:

...

Hello,

Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?

Eric

...

-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

maybe i am missing something here but i have nothing like /usr/src/linux Kenneth

On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:

...

Eric Romang wrote:

> Nobody has answer ? >

Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.

To get you started though, consider these steps:

1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected

Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)

Hope this gets you started.

Erwin

---

>>-----Original Message----- >>From: Eric Romang [mailto:eric.romang@synapse.lu] >>Sent: 09 November 2001 16:16 >>To: suse-security@suse.com >>Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel >>(update) (SuSE-SA:2001:039) >> >> >>Hello, >> >>I have installed the new kernel as in >>the SuSE directive. But yet all my users >>quota are away ... How can I recompile the kernel >>to have quota activated ? >> >>Thanks for your help. >> >>Eric >> >> >> [.....]

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

Hello, Thxs for your help, I have find some informations on SuSE Sdb : ====================================================================== http://sdb.suse.de/en/sdb/html/rschmid_quota.html Symptom: After installation, setup of quota and reboot it fails with something similar like: beaulieu:~ # quotaon -a quotaon: using /home/aquota.group on /dev/sda1 [/home]: Invalid argument quotaon: using /home/aquota.user on /dev/sda1 [/home]: Invalid argument Cause: Our Paket on the CD has an error. Solution: make Yast Online Update (YOU) of package quota and run: convertquota -e Please keep in mind that all existing quotas will be erased by doing this. ====================================================================== Is this the solution to loose all my existing quotas ???? Also, I have search the command converquota, how should be in /usr/sbin/convertquota but nothing there. The quotatools are installed and a convertquota man page exist. Where is located this tool ? Thxs for all. Eric

-----Original Message----- From: Lenz Grimmer [mailto:grimmer@suse.de] Sent: 15 November 2001 18:55 To: suse-security@suse.com Subject: RE: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

On Thu, 15 Nov 2001, Eric Romang wrote:

...

Here are the shell lines off my server.

server:~ # quotacheck -auvg -F vfsv0 Cannot get exact used space... Results might be inaccurate. quotacheck: Going to check user quota file of /home quotacheck: Checking quotafile info... quotacheck: Headers of file /home/aquota.user checked. Going to load data... quotacheck: Not found any corrupted blocks. Congratulations. quotacheck: Cannot remount filesystem mounted on /home read-only so counted valu es might not be right. Please stop all programs writing to filesystem or use -m flag to force checking.

server:~ # repquota -av repquota: Quotafile format detected differs from the specified one (or the one k ernel uses on the file).

Ok the aquota.user work fine. But the format is different since I have install the new RPM...

Yes, due to an endianness compilation problem, the quota files have to be converted. You can use "convertquota -e" to convert the old files.

Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany You tell 'em Piano, you're upright and square.

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

From SuSE 5.3 to 7.2 I always had a link /usr/src/linux to a dir /usr/src/linux-2.x.xx after installing kernel sources. An this is what you need if you want to compile your own kernel. That was my last message about this topic since it's rather OT. Erwin --- test@cyclops.eahd.or.ug wrote:

maybe i am missing something here but i have nothing like /usr/src/linux Kenneth

On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:

...

Eric Romang wrote:

...

Nobody has answer ?

Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.

To get you started though, consider these steps:

1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected

Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)

Hope this gets you started.

Erwin

---

...

...

-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)

Hello,

I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?

Thanks for your help.

Eric

[.....]