From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/692
Path: main.gmane.org!not-for-mail
From: Vincent Danen <vdanen@annvix.org>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: runit running under linux 2.4 with openwall patches
Date: Sat, 5 Feb 2005 16:14:53 -0700
Message-ID: <86f55940a26d28d7a6a3a131c9947f5b@annvix.org>
References: <AD0A7182-6B30-11D9-9341-000A9598BFB2@annvix.org> <20050121193151.5581.qmail@f99cf6af5269a6.315fe32.mid.smarden.org> <BC8ECD7B-6E8C-11D9-9341-000A9598BFB2@annvix.org> <1106650731.41f6266bcbe61@www.wolfpuppy.org.uk> <84B8E07C-6F29-11D9-9341-000A9598BFB2@annvix.org> <20050126004448.GI10265@digitus> <31302029-6F53-11D9-9341-000A9598BFB2@annvix.org> <20050205212555.GI20427@digitus>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-71-489074982"
Content-Transfer-Encoding: 7bit
X-Trace: sea.gmane.org 1107645253 11907 80.91.229.2 (5 Feb 2005 23:14:13 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Sat, 5 Feb 2005 23:14:13 +0000 (UTC)
Cc: <supervision@list.skarnet.org><supervision@list.skarnet.org> <supervision@list.skarnet.org>
Original-X-From: supervision-return-931-gcsg-supervision=m.gmane.org@list.skarnet.org Sun Feb 06 00:14:13 2005
Original-Received: from antah.skarnet.org ([212.85.147.14] ident=qmailr)
	by ciao.gmane.org with smtp (Exim 4.43)
	id 1CxZ7p-000670-SF
	for gcsg-supervision@gmane.org; Sun, 06 Feb 2005 00:14:01 +0100
Original-Received: (qmail 10243 invoked by uid 76); 5 Feb 2005 23:15:20 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 10237 invoked from network); 5 Feb 2005 23:15:20 -0000
In-Reply-To: <20050205212555.GI20427@digitus>
Original-To: =?ISO-8859-1?Q?Csillag_Tam=E1s?= <cstamas@digitus.itk.ppke.hu>
X-Pgp-Agent: GPGMail 1.0.2
X-Mailer: Apple Mail (2.619.2)
X-SA-Exim-Connect-IP: 68.149.32.61
X-SA-Exim-Mail-From: vdanen@annvix.org
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on hades.annvix.org
X-Spam-Level: 
X-Spam-Status: No, hits=-2.7 required=6.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.64
X-SA-Exim-Version: 4.1 (built Fri, 21 Jan 2005 07:43:05 -0700)
X-SA-Exim-Scanned: Yes (on hades.annvix.org)
X-MailScanner-To: gcsg-supervision@gmane.org
Xref: main.gmane.org gmane.comp.sysutils.supervision.general:692
X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:692


--Apple-Mail-71-489074982
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=ISO-8859-1; format=flowed


On Feb 05, 2005, at 14:25, Csillag Tam=E1s wrote:

>> Hmmm... spoke too soon.  None of the services requiring tcpsvd were
>> installed, so I tried with rsync and if I start supervise on those
>> services, nothing happens.  But if "sh -x run" myself, I can see the
>> services are starting.  Not sure if recompiling ipsvd without =
dietlibc
>> will help, but it's something I'll have to try.
>>
>>> In grsec I use the chpax utility to bypass this security checks on
>>> these
>>> (and only these) programs.
>>
>> Ouch.  Not a good solution.
>>
>>> Maybe it is worth asking the author of dietlibc..
>>> http://www.fefe.de/dietlibc/
>>
>> I have... and am in the middle of a conversation with him.  He's very
>> interested in seeing this resolved.
>
> Can you tell me what is the result?
> Felix released 0.28 recently, it contains the fixes for that or not?
> (I was unable to figure out from the CHANGES file)

I meant to email the list earlier, but didn't get a chance.  I did=20
build dietlibc 0.28 and recompiled runit under it and it seems to work=20=

ok.  At least the kernel doesn't kill or stall runit anymore.  But I=20
had to build without WANT_STACKGAP due to my gcc+SSP compiler (I don't=20=

know if this will make any difference to runit itself because I can't=20
compiled dietlibc 0.28 with gcc+SSP with WANT_STACKGAP enabled).

So far it seems good although I want to keep an eye on it more before I=20=

put it into production.

--=20
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}

--Apple-Mail-71-489074982
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFCBVNtLrxeMv7jCtQRAqE7AJ4sInRE/mTuN3JdxiJRuD7QmQZw7wCghWlo
XvAWUa7bO7ka461XpUseHFs=
=+RSD
-----END PGP SIGNATURE-----

--Apple-Mail-71-489074982--