FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Nobody has answer ?
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
-----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: 07 November 2001 13:30 To: Thomas Michael Wanka Cc: suse-security@suse.com Subject: Re: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
--schnipp-- While we're talking about it: We are preparing the updates for the kernel packages. If you want to test the new kernels, go to ftp://ftp.suse.com/pub/people/mantel/next/ and chose your kernel rpm. The one for 2.2.19 is currently missing. :-( Anyway, Hubert Mantel has included all currently available fixes for both 2.2 and 2.4 series kernels. The announcement follows by the second half of this week. --schnapp--
Are these kernel (2.4.12) vulnerable?
As far as I know, they are not. But I did not look at it, I can't really say.
mike
Thanks, Roman. -- - - | Roman Drahtmüller
// "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though. To get you started though, consider these steps: 1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.) Hope this gets you started. Erwin ---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....] -- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hello, Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ? Eric
-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Ok, this is really the last answer to this thread - I promise ;-) Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period. Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need. Again: kernel RPM =! kernel source RPM Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-) Erwin --- Eric Romang wrote:
Hello,
Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?
Eric
-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
Hello, Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ... When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more... But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users... Regards. Eric
-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: 15 November 2001 07:44 To: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Ok, this is really the last answer to this thread - I promise ;-)
Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period.
Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need.
Again: kernel RPM =! kernel source RPM
Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-)
Erwin
--- Eric Romang wrote:
Hello,
Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?
Eric
-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi Eric.... Eric Romang wrote:
Hello,
Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ...
So far it definitely is security related.
When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this
I cannot verify this but if I remember right I always had to build my own kernel to enable quota support - so I have a feeling that the default kernels shipped with SuSE never had quota support compiled i in by default. Maybe this has changed withthe 2.4.* series, anyone verify? I am not using 2.4.* kernels in production systems yet so sorry for my ignorance.
update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...
There are numerous HOWTOs and READMEs about kernel installation, kernel compilation and lilo configuration. Alot of people put alot of effort into explaining every little detail about these processes. As a system administrator you MUST read this information or you will not be able to accomplish the necessary tasks to keep a machine up to date AND secure. Accusing the SuSE staff of opening security holes on your machine by announcing a kernel vulnerabilityx is - mildly spoken - ignorant. If you had read some necessary information about the process of upgrading kernels you would know that it is no mystery at all to keep an old kernel as a backup and configure lilo accordingly to be able to boot any out of 2 or more kernels. This way you can test a new kernel without any risk. Yes, developers have actually thought about this! And they have documented it. And SuSE documents it too! But I am sorry, you cannot expect from SuSE to explain the whole process of how to install, configure and employ a new kernel with every security announcement - since (again) this is not the proper forum for such things.
But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install
If you have the old kernel still around I see no problem with it. But dont expect me to explain the process ( because I do not want to quote another HOWTO ).
a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
*grin* Fortunatly Linux is not a company and has no reason to be afraid of loosing customers. If you mean SuSE as a company selling a Linux based distribution - now that's a different story. I am sure (and SuSE has proven it over time) that they care about their customers. If you compare SuSE's effort (website, mailinglists, support service, installation support, etc......) being not a multi billion dollar corporation with the effort of a company like Microsoft you will soon realize that SuSE actually DOES care about their customers. Of course not everything is perfect and people make mistakes. We all do. But at SuSE I can recoginze their intention to do as good a job as possible given the available resources. One last word about the term 'end user': in my opinion an end user should not have to worry at all about an operation system - he should be busy doing his/her work and the OS should provide a stable base for this task. If the 'end user' happens to be a 'system administrator' he/she is expected to have some technical understanding of the involved techology (which can be time consuming - right) and just for this reason SuSE IMHO is NOT supposed to explain every detail of very COMMON tasks when they issue a security announcement. In fact, I am happy they only stick to the absolutely necessary information. We all dont want to piles of useless info - like this rant ;-)
Regards.
Eric
Regards, Erwin [... previous quotes deleted ....]
* Erwin Zierler - stubainet.at wrote on Thu, Nov 15, 2001 at 10:17 +0100:
When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this
I cannot verify this but if I remember right I always had to build my own kernel to enable quota support
Are you sure? SuSE scripts honor quotas, so I would wonder why...
update, SuSE say's nothing about consequence ..., I loose all my configuration,
What kind of configuration?
and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...
Yes, in short I wish SuSE would be more careful in such issues. It may happen that you get an update package with different build options, sometime that is the reason for the update, but sometimes you get even new depencies or so. After all, it looks that SuSE has no well defined compile farm / build hosts, and by this every build can change the system behavoir a little. But of course it's really impossible to have a RPM for each lib combination :)
a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers
Do you mean SuSE or really Linux?
if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
Or Linus? I'm sure he never build no SuSE RPM at all :) [... cut a large part I totally agree with ...] oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Are you sure? SuSE scripts honor quotas, so I would wonder why...
Well, it worked on my systems, flawlessly... Strange.
Yes, in short I wish SuSE would be more careful in such issues. It may happen that you get an update package with different build options, sometime that is the reason for the update, but sometimes you get even new depencies or so. After all, it looks that SuSE has no well defined compile farm / build hosts, and by this every build can change the system behavoir a little. But of
What?? Sorry... :-) There is nothing like the SuSE build farm on this planet, promised. Each single package that we publish, be it on the CDs or in the update tree, is being built in an own mini installation where dependencies between packages are resolved automatically. If something is not compatible any more, it may happen that the whole distribution does not build any more. In fact, this system enables us to basically build a 6.4 distribution in about 17 hours, from scratch/source, with all updated packages, and 6 CDs in your hands, at the very same configuration.
course it's really impossible to have a RPM for each lib combination :)
kernels do not depend on any library. In fact, they do not depend on anything, the kernel binary rpm can run standalone without anything else (while it may not make sense in most cases). By consequence, you are able to use a 2.4 kernel RPM built on a SuSE-5.3 distribution and install it on a 7.3, and it should work out of the box. It's just that a 5.3 was not built for a 2.4 kernel, in fact it can't build one because of missing compiler features/bugs. The only problem that you face here are missing names/symbols in the kernel RPMs, which might force you to run rpm with the "--force --nodeps" options. The situation of the kernel RPM packages has changed within the last two years: They are widely compatible by now, and in future SuSE versions we will have it even easier with kernel updates because the kernel rpm will be just another rpm in the system, just like for example the bzip2 package.
a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers
Do you mean SuSE or really Linux?
if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
Or Linus? I'm sure he never build no SuSE RPM at all :)
At least he uses SuSE systems, while he doesn't make a fuss about that... Building an rpm is really easy once you found the basics. The SuSE spec files are very clear to read, they all look the same, and in their comments you can find the packages that are required to be installed for the package to build. Get some source rpm and do rpm --rebuild source.rpm. Funny things happen. :-)
[... cut a large part I totally agree with ...]
oki,
Steffen
Thanks,
Roman.
--
- -
| Roman Drahtmüller
* Roman Drahtmueller wrote on Thu, Nov 15, 2001 at 12:34 +0100:
Are you sure? SuSE scripts honor quotas, so I would wonder why...
Well, it worked on my systems, flawlessly... Strange.
There is nothing like the SuSE build farm on this planet, promised. Each single package that we publish, be it on the CDs or in the update tree, is being built in an own mini installation where dependencies between packages are resolved automatically.
That means, the filesystem is in a defined, orgininal state before _each_ package build? Then I wonder why depencies changed in a few packages.
In fact, this system enables us to basically build a 6.4 distribution in about 17 hours, from scratch/source, with all updated packages, and 6 CDs in your hands, at the very same configuration.
Off Topic, but very interesting :) How do you do that? It remebers to "make world" :) I would expect that some configure would use some lib which is not a default or similar. But shouldn't be a problem since RPM is smart :)
kernels do not depend on any library.
Was meant as example for any packet. Kernel depends on modules (insmod i.e.) and on /usr/src/linux/Documentation/Changes: - Binutils 2.8.1.0.23 - Linux libc6 C Library 2.0.7pre6 - Net-tools 1.52 and others. Not only for build, for operation, too.
In fact, they do not depend on anything, the kernel binary rpm can run standalone without anything else (while it may not make sense in most cases). By consequence, you are able to use a 2.4 kernel RPM built on a SuSE-5.3 distribution and install it on a 7.3, and it should work out of the box.
I would expect the first problem when trying to load a network driver or problems with /dev/tty or with ioctrls or with any other things. I have somewhere a server with 5.1 I think, maybe I'll try a 2.4.x kernel :) Just for fun :)
if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
Or Linus? I'm sure he never build no SuSE RPM at all :)
At least he uses SuSE systems, while he doesn't make a fuss about that... Building an rpm is really easy once you found the basics.
I really like RPMs. And I really like that SuSE use it too, in contrast they could decided to make an SPM or so. RPM is not that bad, really.
The SuSE spec files are very clear to read, they all look the same, and in their comments you can find the packages that are required to be installed for the package to build.
Yes, I know, I patched a few packages... The onliest detail: RPMs are not backward-compatible. rpm --rebuild package-7.3.src.rpm won't work out of the box on a 7.1 or so, but this is not an real issue :)
Get some source rpm and do rpm --rebuild source.rpm. Funny things happen. :-)
I already spent some nights on "fixing" SPEC files for various RPMs. I know what you're talking about :) And by this I know that RPM building is a real complex task. And SuSE has soem hunderts to build. Ohh, I'm lucky, I have only a very few :) :) List, I'm sorry for this OT mail but a part of security concepts is to know about the processes of the supplied components as you know... Well, so it's not really OT :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Contrary to what many people have suggested, both the vanilla and the fixed SuSE 7.2 kernels do have quotas enabled. You can verify this by typing gunzip -c /proc/config.gz | grep -i quota HOWEVER, I have been unable to get quotas to work, and this problem was reported by another user on the suse-linux-e list (see http://lists2.suse.com/archive/suse-linux-e/2001-Jul/1934.html ) Also when I tried it quotas were not supported on reiserfs. I haven't repeated my tests with the new kernel. I think your best bet is to ignore all the advice about building kernels and re-ask the question on suse-linux-e. Bob On Thu, 15 Nov 2001, Eric Romang wrote:
Hello,
Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ...
When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...
But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
Regards.
Eric
-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: 15 November 2001 07:44 To: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Ok, this is really the last answer to this thread - I promise ;-)
Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period.
Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need.
Again: kernel RPM =! kernel source RPM
Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-)
Erwin
--- Eric Romang wrote:
Hello,
Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?
Eric
-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
>-----Original Message----- >From: Eric Romang [mailto:eric.romang@synapse.lu] >Sent: 09 November 2001 16:16 >To: suse-security@suse.com >Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel >(update) (SuSE-SA:2001:039) > > >Hello, > >I have installed the new kernel as in >the SuSE directive. But yet all my users >quota are away ... How can I recompile the kernel >to have quota activated ? > >Thanks for your help. > >Eric > > > [.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Hello, Here are the shell lines off my server. server:~ # quotacheck -auvg -F vfsv0 Cannot get exact used space... Results might be inaccurate. quotacheck: Going to check user quota file of /home quotacheck: Checking quotafile info... quotacheck: Headers of file /home/aquota.user checked. Going to load data... quotacheck: Not found any corrupted blocks. Congratulations. quotacheck: Cannot remount filesystem mounted on /home read-only so counted valu es might not be right. Please stop all programs writing to filesystem or use -m flag to force checking. server:~ # repquota -av repquota: Quotafile format detected differs from the specified one (or the one k ernel uses on the file). Ok the aquota.user work fine. But the format is different since I have install the new RPM... Regards. Eric
-----Original Message----- From: Bob Vickers [mailto:bobv@cs.rhul.ac.uk] Sent: 15 November 2001 15:24 To: Eric Romang Cc: suse-security@suse.com Subject: RE: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Contrary to what many people have suggested, both the vanilla and the fixed SuSE 7.2 kernels do have quotas enabled. You can verify this by typing gunzip -c /proc/config.gz | grep -i quota
HOWEVER, I have been unable to get quotas to work, and this problem was reported by another user on the suse-linux-e list (see http://lists2.suse.com/archive/suse-linux-e/2001-Jul/1934.html )
Also when I tried it quotas were not supported on reiserfs.
I haven't repeated my tests with the new kernel.
I think your best bet is to ignore all the advice about building kernels and re-ask the question on suse-linux-e.
Bob
On Thu, 15 Nov 2001, Eric Romang wrote:
Hello,
Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ...
When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...
But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
Regards.
Eric
-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: 15 November 2001 07:44 To: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Ok, this is really the last answer to this thread - I promise ;-)
Let me first answer your question: you cannot 'modify' the options of a kernel - all you can do is load/unload modules. If a feature is not available as a module (such as quota support) you are stuck and all you can du is build your own kernel. Period.
Please understand that there is a difference between a "kernel" and the "kernel source". A kernel that was compiled by SuSE or any other distributer and packed into a kernel RPM usually contains just that: the kernel and modules. It is designed to boot just about any hardware. quota support is NOT compiled by default afaik so if you need it (or any other feature which cannot be loaded as a module) you are out of luck with the kernel RPM. Now you need to build your own kernel (see my original answer on how to do this) and during the configuration process you need to make sure to include all the features you need.
Again: kernel RPM =! kernel source RPM
Read up on the topic and please stop posting about this here since it really isn't security related - thanks :-)
Erwin
--- Eric Romang wrote:
Hello,
Yes what is the way to modify the options of the RPM Kernel 2.4.7, without to install a new one ?
Eric
-----Original Message----- From: test@cyclops.eahd.or.ug [mailto:test@cyclops.eahd.or.ug] Sent: 13 November 2001 16:41 To: Erwin Zierler - stubainet.at Cc: suse-security@suse.com Subject: Re: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
> Nobody has answer ? >
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
>>-----Original Message----- >>From: Eric Romang [mailto:eric.romang@synapse.lu] >>Sent: 09 November 2001 16:16 >>To: suse-security@suse.com >>Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel >>(update) (SuSE-SA:2001:039) >> >> >>Hello, >> >>I have installed the new kernel as in >>the SuSE directive. But yet all my users >>quota are away ... How can I recompile the kernel >>to have quota activated ? >> >>Thanks for your help. >> >>Eric >> >> >> [.....]
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Thu, 15 Nov 2001, Eric Romang wrote:
Here are the shell lines off my server.
server:~ # quotacheck -auvg -F vfsv0 Cannot get exact used space... Results might be inaccurate. quotacheck: Going to check user quota file of /home quotacheck: Checking quotafile info... quotacheck: Headers of file /home/aquota.user checked. Going to load data... quotacheck: Not found any corrupted blocks. Congratulations. quotacheck: Cannot remount filesystem mounted on /home read-only so counted valu es might not be right. Please stop all programs writing to filesystem or use -m flag to force checking.
server:~ # repquota -av repquota: Quotafile format detected differs from the specified one (or the one k ernel uses on the file).
Ok the aquota.user work fine. But the format is different since I have install the new RPM...
Yes, due to an endianness compilation problem, the quota files have to be converted. You can use "convertquota -e" to convert the old files. Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany You tell 'em Piano, you're upright and square.
Hello, Thxs for your help, I have find some informations on SuSE Sdb : ====================================================================== http://sdb.suse.de/en/sdb/html/rschmid_quota.html Symptom: After installation, setup of quota and reboot it fails with something similar like: beaulieu:~ # quotaon -a quotaon: using /home/aquota.group on /dev/sda1 [/home]: Invalid argument quotaon: using /home/aquota.user on /dev/sda1 [/home]: Invalid argument Cause: Our Paket on the CD has an error. Solution: make Yast Online Update (YOU) of package quota and run: convertquota -e Please keep in mind that all existing quotas will be erased by doing this. ====================================================================== Is this the solution to loose all my existing quotas ???? Also, I have search the command converquota, how should be in /usr/sbin/convertquota but nothing there. The quotatools are installed and a convertquota man page exist. Where is located this tool ? Thxs for all. Eric
-----Original Message----- From: Lenz Grimmer [mailto:grimmer@suse.de] Sent: 15 November 2001 18:55 To: suse-security@suse.com Subject: RE: FW: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
On Thu, 15 Nov 2001, Eric Romang wrote:
Here are the shell lines off my server.
server:~ # quotacheck -auvg -F vfsv0 Cannot get exact used space... Results might be inaccurate. quotacheck: Going to check user quota file of /home quotacheck: Checking quotafile info... quotacheck: Headers of file /home/aquota.user checked. Going to load data... quotacheck: Not found any corrupted blocks. Congratulations. quotacheck: Cannot remount filesystem mounted on /home read-only so counted valu es might not be right. Please stop all programs writing to filesystem or use -m flag to force checking.
server:~ # repquota -av repquota: Quotafile format detected differs from the specified one (or the one k ernel uses on the file).
Ok the aquota.user work fine. But the format is different since I have install the new RPM...
Yes, due to an endianness compilation problem, the quota files have to be converted. You can use "convertquota -e" to convert the old files.
Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany You tell 'em Piano, you're upright and square.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Eric Romang wrote:
Hello,
[...]
Solution: make Yast Online Update (YOU) of package quota and run: convertquota -e Please keep in mind that all existing quotas will be erased by doing this. ====================================================================== Is this the solution to loose all my existing quotas ???? Hmmm, man convertquota says: convertquota converts old quota files quota.user and quota.group to files aquota.user and aquota.group in new format currently used by 2.4.0-ac? and newer or by Red Hat Linux 2.4 kernels on filesystem. So I guess the old quotafiles are converted and no old versions (i.e. backup copies) are left on the system. That's what the sentence above probably wants to tell us. If you want to make sure you can convert back just make a backup copy of your old quota files before you run convertquota.
Also, I have search the command converquota, how should be in /usr/sbin/convertquota but nothing there. The quotatools are installed and a convertquota man page exist. Where is located this tool ?
Thxs for all.
Eric
How to find a program on your system if you know the name already: 1. find / -name 'convertquota' -print 2. locate convertquota If that doesn't yield any results then I would guess it doesn't exist on your system or is very well hidden. On a SuSE 7.2 system I set up a few weeks ago I could not find convertquota either, all I find with locate is: /usr/share/man/allman/man8/convertquota.8.gz /usr/share/man/man8/convertquota.8.gz Maybe jack@suse.cz is the person to contact, he is the author according to the manpage - so dont be shy and ask :-) HTH Erwin
From SuSE 5.3 to 7.2 I always had a link /usr/src/linux to a dir /usr/src/linux-2.x.xx after installing kernel sources. An this is what you need if you want to compile your own kernel. That was my last message about this topic since it's rather OT. Erwin --- test@cyclops.eahd.or.ug wrote:
maybe i am missing something here but i have nothing like /usr/src/linux Kenneth
On Mon, 12 Nov 2001, Erwin Zierler - stubainet.at wrote:
Eric Romang wrote:
Nobody has answer ?
Well, seems you have to recompile a kernel with quota support. I am pretty sure that this list is NOT the right place to ask about help with kernel compilation problems though.
To get you started though, consider these steps:
1. install the kernel sources (you have done that) 2. cd /usr/src/linux 3. su - 4. make config (i.e. make menuconfig, make xconfig) 5. go through all the options and select what you need (help is there) 6. make dep; make bzlilo; make modules; make modules_install 7. check /etc/lilo.conf to make usre you can access and boot your old kernel in case you messed up the new one 8. reboot and see if the new kernel works as expected
Make sure you compile things that are needed for booting are compiled into the kernel and not loaded as modules (i.e. root fs on reiserfs, low level scsi driver, etc.)
Hope this gets you started.
Erwin
---
-----Original Message----- From: Eric Romang [mailto:eric.romang@synapse.lu] Sent: 09 November 2001 16:16 To: suse-security@suse.com Subject: RE: [suse-security] Re: SuSE Security Announcement: kernel (update) (SuSE-SA:2001:039)
Hello,
I have installed the new kernel as in the SuSE directive. But yet all my users quota are away ... How can I recompile the kernel to have quota activated ?
Thanks for your help.
Eric
[.....]
participants (7)
-
Bob Vickers
-
Eric Romang
-
Erwin Zierler - stubainet.at
-
Lenz Grimmer
-
Roman Drahtmueller
-
Steffen Dettmer
-
test@cyclops.eahd.or.ug