From owner-freebsd-emulation Mon Mar 11 11:26:22 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from ophelia.dogcow.org (ophelia.dogcow.org [216.162.195.122]) by hub.freebsd.org (Postfix) with ESMTP id DBE8137B400 for ; Mon, 11 Mar 2002 11:26:16 -0800 (PST) Received: from desdemona.sharding.net (localhost [127.0.0.1]) by ophelia.dogcow.org (8.12.2/8.12.2) with ESMTP id g2BJS42t014245 for ; Mon, 11 Mar 2002 11:28:04 -0800 (PST) Received: (from sharding@localhost) by desdemona.sharding.net (8.12.2/8.12.2/Submit) id g2BJS4Lf014244 for freebsd-emulation@freebsd.org; Mon, 11 Mar 2002 11:28:04 -0800 (PST) Date: Mon, 11 Mar 2002 11:28:04 -0800 From: Sean Harding To: freebsd-emulation@freebsd.org Subject: Possible bug with mkdir() in linux emulation? Message-ID: <20020311192804.GE7788@dogcow.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've recently run into a problem in running Mozilla Linux binaries on my FreeBSD system. This problem is documented in Mozilla bugs 125489 and 126113 (http://bugzilla.mozilla.org/show_bug.cgi?id=125489 and http://bugzilla.mozilla.org/show_bug.cgi?id=126113). What this seems to boil down to is that in Linux binaries on FreeBSD, mkdir() on an existing directory to whose parent I don't have write permission, errno is set to EACCES (13) instead of EEXIST (17). When the same binary is run on a real Linux system, errno is set to EEXIST. And when the same code is compiled natively on FreeBSD, it does the same. My sample code: int main(){ int result; result = mkdir("/home",(mode_t)0755); printf("Result is %d, errno is %d.\n",result,errno); return 0; } The output from a Linux binary on Linux: Result is -1, errno is 17. The output from the same binary on FreeBSD (4.5-STABLE and 4.5-RELEASE): Result is -1, errno is 13. The output from the code compiled natively on FreeBSD and run on the same machine: Result is -1, errno is 17. This doesn't seem right. Could someone shed some light on why this is happening? Thanks. sean -- Sean Harding sharding@dogcow.org | "I didn't sell out, I bought in. http://www.dogcow.org/sean/ | Remember that." | --Father, 'SLC Punk' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Mon Mar 11 16:15:47 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from utility.clubscholarship.com (utility.clubscholarship.com [198.78.70.175]) by hub.freebsd.org (Postfix) with ESMTP id CB1BC37B42B; Mon, 11 Mar 2002 16:15:29 -0800 (PST) Received: from localhost (root@localhost) by utility.clubscholarship.com (8.11.6/8.11.6) with ESMTP id g2C0DG569744; Mon, 11 Mar 2002 16:13:16 -0800 (PST) (envelope-from root@utility.clubscholarship.com) Date: Mon, 11 Mar 2002 16:13:16 -0800 (PST) From: Patrick Thomas To: Cc: Subject: cryptography implications (privacy) of FreeBSD jail ? Message-ID: <20020311161036.B69654-100000@utility.clubscholarship.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Let's say I am running in a jail, and say 5 other people are running in other, seperate jails on the same machine. Now lets say I start up pgp, and generate my keys, and generally use pgp through the command line in my jail. Or, instead of pgp I do other crypto related sensitive activities... what is my risk here ? Can someone either on the host machine or in one of the other jails watch memory on the machine and discern things like my keys or passphrases or have very easy access to the data I am decrypting ? Please feel free to expand on the topic as well, in case there are related questions that I am _not_ asking, but should be... --pt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Tue Mar 12 0: 4:26 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 338CC37B400; Tue, 12 Mar 2002 00:04:23 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020312080417.DGYJ2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Tue, 12 Mar 2002 08:04:17 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2C84Hu31718; Tue, 12 Mar 2002 00:04:17 -0800 (PST) (envelope-from cjc) Date: Tue, 12 Mar 2002 00:04:17 -0800 From: "Crist J. Clark" To: Patrick Thomas Cc: freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG Subject: Re: cryptography implications (privacy) of FreeBSD jail ? Message-ID: <20020312000417.F29705@blossom.cjclark.org> References: <20020311161036.B69654-100000@utility.clubscholarship.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020311161036.B69654-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Mon, Mar 11, 2002 at 04:13:16PM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote: > > Let's say I am running in a jail, and say 5 other people are running in > other, seperate jails on the same machine. > > Now lets say I start up pgp, and generate my keys, and generally use pgp > through the command line in my jail. Or, instead of pgp I do other crypto > related sensitive activities... > > what is my risk here ? Can someone either on the host machine or in one > of the other jails watch memory on the machine and discern things like my > keys or passphrases or have very easy access to the data I am decrypting ? As always, root on the host ownz you. root in your jail probably does too. If the jails are set up "promiscuously," I can think of ways users in other jails could get information, but if they are set up well, I don't see any straightforward attacks. But I haven't done exhaustive research. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Tue Mar 12 0:34:21 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by hub.freebsd.org (Postfix) with ESMTP id E5F9937B404; Tue, 12 Mar 2002 00:34:14 -0800 (PST) Received: from pool0052.cvx40-bradley.dialup.earthlink.net ([216.244.42.52] helo=mindspring.com) by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16khja-00044u-00; Tue, 12 Mar 2002 00:34:14 -0800 Message-ID: <3C8DBD5E.7055B080@mindspring.com> Date: Tue, 12 Mar 2002 00:33:34 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Crist J. Clark" Cc: Patrick Thomas , freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG Subject: Re: cryptography implications (privacy) of FreeBSD jail ? References: <20020311161036.B69654-100000@utility.clubscholarship.com> <20020312000417.F29705@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" wrote: > On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote: > > Let's say I am running in a jail, and say 5 other people are running in > > other, seperate jails on the same machine. > > > > Now lets say I start up pgp, and generate my keys, and generally use pgp > > through the command line in my jail. Or, instead of pgp I do other crypto > > related sensitive activities... > > > > what is my risk here ? Can someone either on the host machine or in one > > of the other jails watch memory on the machine and discern things like my > > keys or passphrases or have very easy access to the data I am decrypting ? > > As always, root on the host ownz you. root in your jail probably does > too. If the jails are set up "promiscuously," I can think of ways > users in other jails could get information, but if they are set up > well, I don't see any straightforward attacks. But I haven't done > exhaustive research. Enable devfs. Disable direct use of specfs, so that user created device nodes are no good. Mount the devfs in the jail, which will create a local instance from the template. Now delete /dev/io, /dev/mem, /dev/kmem out of the devfs. Voila'... it's now as safe as it's possible to be, and the reading of memory other than that mapped into your process address space is not possible, since you can't use /dec/mem or /dev/kmem to map the memory, and you can't use /dev/io to hack the bits on the disk, the hard (and dangerous) way. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Tue Mar 12 10:35:57 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by hub.freebsd.org (Postfix) with ESMTP id C76BB37B421; Tue, 12 Mar 2002 10:35:21 -0800 (PST) Received: (from babolo@localhost) by aaz.links.ru (8.9.3/8.9.3) id VAA24405; Tue, 12 Mar 2002 21:42:44 +0300 (MSK) Message-Id: <200203121842.VAA24405@aaz.links.ru> Subject: Re: cryptography implications (privacy) of FreeBSD jail ? In-Reply-To: <3C8DBD5E.7055B080@mindspring.com> from "Terry Lambert" at "Mar 12, 2 00:33:34 am" To: tlambert2@mindspring.com (Terry Lambert) Date: Tue, 12 Mar 2002 21:42:44 +0300 (MSK) Cc: cjc@FreeBSD.ORG, root@utility.clubscholarship.com, freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG From: "."@babolo.ru MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Terry Lambert writes: > "Crist J. Clark" wrote: > > On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote: > > > Let's say I am running in a jail, and say 5 other people are running in > > > other, seperate jails on the same machine. > > > > > > Now lets say I start up pgp, and generate my keys, and generally use pgp > > > through the command line in my jail. Or, instead of pgp I do other crypto > > > related sensitive activities... > > > > > > what is my risk here ? Can someone either on the host machine or in one > > > of the other jails watch memory on the machine and discern things like my > > > keys or passphrases or have very easy access to the data I am decrypting ? > > > > As always, root on the host ownz you. root in your jail probably does > > too. If the jails are set up "promiscuously," I can think of ways > > users in other jails could get information, but if they are set up > > well, I don't see any straightforward attacks. But I haven't done > > exhaustive research. > > Enable devfs. Disable direct use of specfs, so that user > created device nodes are no good. Mount the devfs in the > jail, which will create a local instance from the template. Last time I try devfs on CURRENT it was buggy. Now I use this trik: /dev/ad2s1f /jail ufs rw,nodev 2 2 /full /jail/xf3/dev null ro,noexec 0 0 /null /jail/qmail/o/dev null ro,noexec 0 0 /null /jail/qmail/i/dev null ro,noexec 0 0 /null /jail/pop/ck/dev null ro,noexec 0 0 /null /jail/pop/in/dev null ro,noexec 0 0 .... where /full and /null have some restricted sets of devices. > Now delete /dev/io, /dev/mem, /dev/kmem out of the devfs. > > Voila'... it's now as safe as it's possible to be, and the > reading of memory other than that mapped into your process > address space is not possible, since you can't use /dec/mem > or /dev/kmem to map the memory, and you can't use /dev/io to > hack the bits on the disk, the hard (and dangerous) way. > > -- Terry > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Wed Mar 13 7:19:53 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id E3B4537B404 for ; Wed, 13 Mar 2002 07:19:50 -0800 (PST) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA23121; Wed, 13 Mar 2002 10:19:50 -0500 (EST) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g2DFJKv31690; Wed, 13 Mar 2002 10:19:20 -0500 (EST) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15503.28152.181832.704801@grasshopper.cs.duke.edu> Date: Wed, 13 Mar 2002 10:19:20 -0500 (EST) To: Sean Harding Cc: freebsd-emulation@freebsd.org Subject: Re: Possible bug with mkdir() in linux emulation? In-Reply-To: <20020311192804.GE7788@dogcow.org> References: <20020311192804.GE7788@dogcow.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sean Harding writes: > What this seems to boil down to is that in Linux binaries on FreeBSD, > mkdir() on an existing directory to whose parent I don't have write > permission, errno is set to EACCES (13) instead of EEXIST (17). When the > same binary is run on a real Linux system, errno is set to EEXIST. And > when the same code is compiled natively on FreeBSD, it does the same. Here's what's actually happening (from ktrace/linux_kdump): 31680 mkdir.linux NAMI "/compat/linux" 31680 mkdir.linux NAMI "/compat/linux/home" 31680 mkdir.linux RET getppid -1 errno -13 Unknown error: -13 The key is that the linux abi prepends the default location of the linux environment to all filename accesses. This is primarily done so as to be able to find linux shared libs & config files. So your program is trying to make /compat/linux/home, which doesn't exist & which you do not have permission to create. Cheers, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Wed Mar 13 23:27:59 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from ophelia.dogcow.org (ophelia.dogcow.org [216.162.195.122]) by hub.freebsd.org (Postfix) with ESMTP id 7BD0A37B405 for ; Wed, 13 Mar 2002 23:27:54 -0800 (PST) Received: from desdemona.sharding.net (localhost [127.0.0.1]) by ophelia.dogcow.org (8.12.2/8.12.2) with ESMTP id g2E7Ta2t024631; Wed, 13 Mar 2002 23:29:36 -0800 (PST) Received: (from sharding@localhost) by desdemona.sharding.net (8.12.2/8.12.2/Submit) id g2E7TYh2024630; Wed, 13 Mar 2002 23:29:34 -0800 (PST) Date: Wed, 13 Mar 2002 23:29:33 -0800 From: Sean Harding To: Andrew Gallatin Cc: freebsd-emulation@FreeBSD.ORG Subject: Re: Possible bug with mkdir() in linux emulation? Message-ID: <20020314072933.GJ19578@dogcow.org> References: <20020311192804.GE7788@dogcow.org> <15503.28152.181832.704801@grasshopper.cs.duke.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <15503.28152.181832.704801@grasshopper.cs.duke.edu> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed Mar 13 at 10:19:20 AM, Andrew Gallatin wrote: > as to be able to find linux shared libs & config files. So your > program is trying to make /compat/linux/home, which doesn't exist & > which you do not have permission to create. Ahhh! Indeed. A symlink from /home to /compat/linux/home made it work. So, I guess my question is whether this is a bug or a feature. Obviously, it's necessary in order for some things to work (shared libraries, etc.). However, as the Mozilla bug demonstrates, it also breaks some things that assume that /home is /home is /home. Does $HOME get /compat/linux prepended to it when Linux binaries try to get my home directory? sean -- Sean Harding sharding@dogcow.org | "Never before and never since, I promise, http://www.dogcow.org/sean/ | will the whole world be warm as this." | -- 10,000 Maniacs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Thu Mar 14 4:17:19 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 0BE2637B402 for ; Thu, 14 Mar 2002 04:17:17 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id BC1725346; Thu, 14 Mar 2002 13:17:14 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Sean Harding Cc: Andrew Gallatin , freebsd-emulation@FreeBSD.ORG Subject: Re: Possible bug with mkdir() in linux emulation? References: <20020311192804.GE7788@dogcow.org> <15503.28152.181832.704801@grasshopper.cs.duke.edu> <20020314072933.GJ19578@dogcow.org> From: Dag-Erling Smorgrav Date: 14 Mar 2002 13:17:13 +0100 In-Reply-To: <20020314072933.GJ19578@dogcow.org> Message-ID: Lines: 14 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sean Harding writes: > So, I guess my question is whether this is a bug or a feature. It's a bug. > Obviously, it's necessary in order for some things to work (shared > libraries, etc.). Sure, but it should (and could) be implemented in such a way that /home did not present a problem. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message From owner-freebsd-emulation Thu Mar 14 18:43:52 2002 Delivered-To: freebsd-emulation@freebsd.org Received: from eudoramail.com (netturbo3.cscoms.com [202.183.214.4]) by hub.freebsd.org (Postfix) with SMTP id 9C0E837B4EF for ; Thu, 14 Mar 2002 18:41:05 -0800 (PST) From: "Moissanite" To: Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Fri, 15 Mar 2002 09:44:55 +0700 Reply-To: "Moissanite" Content-Transfer-Encoding: 8bit Message-Id: <20020315024105.9C0E837B4EF@hub.freebsd.org> Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Moissanite: More Fire and Brilliance
The Truth About Moissanite
 
Fact - Moissanite delivers more fire, brilliance and luster than any other hard jewel on Earth.
This unretouched photograph supports the adage that "a picture is worth a thousand words". Here, a light source over a similar sized moissanite and diamond placed in shallow water clearly shows the superior fire and brilliance of this unique new jewel. And the picture is supported by measurable facts: the GIA publishes the dispersion (fire) of created moissanite at 0.104, refractive index (brilliance) at 2.65 to 2.69, and luster at 20.4%. No other hard jewel measures up, not even a fine diamond. And only moissanite and diamond are over 9 on the Mohs hardness scale. Moissanite jewels created by Charles & Colvard are available in all popular shapes and sizes. 

www.moissanitesource.com is the place to buy moissanite jewelry on the internet. Buy with confidence at the best prices in the world. 
 
Moissanite Created By Charles & Colvard
 

Moissanite created by Charles & Colvard is a unique jewel, not a synthetic diamond.

Moissanite Source is an authorized distributor of Moissanite.

 

If you wish to stop receiving these occasional mailings, simply reply to this email with the word "REMOVE" in
the subject line and we will remove your name and email address from our database.
To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message