Gentoo Weekly Newsletter: April 7th, 2003
Yes, it was a joke
Last week's issue, which was conveniently delayed a day so it could be released on April 1, contained a story about the adoption of the RPM format for package management. The results of this April Fools' Joke were far more successful than we had hoped for. (Some might argue it was too successful) Needless to say, it was a joke and the Gentoo development team has no plans to move away from the ebuild format as its standard means of package management.
Now please stop sending us hate mail.
Portage moves to a new, more secure format
As part of an overall effort to improve the security of Gentoo Linux, the Portage development team is starting to implement some new features in Portage which will allow for increased security in our package management and distribution systems. One of the first new features that users will notice is digests of every file involved in the merge process, including ebuilds, patches and source tarballs. In addition to offering increased security, these digests will help isolate and track down corrupt ebuilds or other files on our rsync and source mirrors.
The next step in the process will be signing these digest files with a GPG key to ensure non-repudiation. While there is still some discussion amongst the development team on the best way to achieve this, the current leading solution involves each developer signing ebuilds individually, and then one master Gentoo "uberkey" signing all of the developer keys to establish a Gentoo "web of trust". Developer keys will be made available through public keyservers, as well as on www.gentoo.org
The goal of what has come to be known as "Secure Portage" is to provide a robust package management system that offers end-to-end security in the emerge process. As yet, there is no confirmed timeline on when the entire system will become available, but the digesting portion is in testing now and the rest will soon follow.
The sendmail MTA has a stack overflow vulnerability in the way that it checks email addresses. This
vulnerability could be exploited remotely to execute a DoS attack, gain control of the sendmail server,
or potentially execute arbitrary code under the privileges of the server (typically root).
- Severity: Critical - Potential remote root compromise.
- Packages Affected: net-mail/sendmail versions prior to sendmail-8.12.9
- Rectification: Synchronize and emerge sendmail, emerge clean.
- GLSA Announcement
GLSA: krb5 and mit-krb5
Multiple vulnerabilities in the krb5 and mit-krb5 implementations of the Kerberos authentication protocol
have been identified. These include a buffer overrun that permits a DoS attack on he Kerberos administration
daemon, a chosen-plaintext attack that permits impersonation of other principals, and buffer overrun and underrun
problems that permit unusual names and hosts (which could be used in other attacks).
- Severity: Critical - Authentication compromise.
- Packages Affected: app-crypt/krb5 versions prior to krb5-1.2.7-r2 and
app-crypt/mit-krb5 versions prior to mit-krb5-1.2.7
- Rectification: Synchronize and emerge krb5 and/or mit-krb5, emerge clean.
- GLSA Announcement
A cryptographic weakness in Kerberos 4 permits a chosen-plaintext attack to impersonate other principals in the realm.
The openafs distributed file system uses Kerberos 4, and is consequently vulnerable to an impersonation attack.
- Severity: Critical - Authentication compromise.
- Packages Affected: net-fs/openafs versions prior to openafs-1.3.2-r1
- Rectification: Synchronize and emerge openafs, emerge clean.
- GLSA Announcement
The xdrmem_getbytes() function included in dietlibc contains an integer overflow vulnerability
that could be used by a remote attacker to execute an rpc call that permits an exploit on the
- Severity: High - Remote service exploit.
- Packages Affected: dev-libs/dietlibc versions prior to dietlibc-0.22-r1
- Rectification: Synchronize and emerge dietlibc, emerge clean.
- GLSA Announcement
New Security Bug Reports
There were no new security bugs this week that are still outstanding.
Marcus Martin posted an
idea about including "emerge security" functionality that would automatically update packages for which
a GLSA had been released. This prompted a fair bit of discussion, with the consensus being that it was a good
idea (albeit one that might not be trivially easy to implement) and had already been documented as
Chris Frey posted
a script for providing a set of md5sums on the master portage server to allow gentooers to check for trojaned ebuilds.
This was proposed as a stopgap measure while we wait for signed ebuilds. The post prompted some discussion, including
criticism that it might overburden servers and their administrators as well as potentially redirect developer resources
from a more robust final solution in portage. The discussion was brought to a conclusion by Nicholas Jones'
post which pointed out
that the problem was moot because we would begin to see a solution as early as portage-2.0.47.
Featured Developer of the Week
Figure 3.1: Seth Chandler, aka sethbc
Everyone likes to complain about how slow OpenOffice is, but it's still one of the most full-featured and MS Office-compatible suites out there. This week's featured developer, Seth Chandler, is in charge of the openoffice and openoffice-bin packages, and also maintains keychain, writes some docs, and is also one of the three PPC co-leads. His primary duty - fixing bugs that crop up with OpenOffice - takes up most of his time, but he also helps take up the slack when other developers go missing. Seth began using Gentoo about two years ago, and was invited to the Gentoo development team five months ago by Spanky, whom he knew from school, because they needed someone to be in charge of OpenOffice. Through his work with Gentoo, he has become a regular of IRC channels and mailing lists related to OpenOffice, and has been contributing to OpenOffice's IssueZilla because Gentoo's bleeding-edge nature means that problems are often noticed here before they are on other distributions.
During the day, Seth is a student at Worcester Polytechnic Institute, and will go to Cornell Law School once he graduates. His three computers (a Dual P3, a Dual Athlon MP 2100, and a 15.2-inch Powerbook) all run Gentoo, although the Mac dual boots with OS X. He runs Waimea-cvs and qmail on all of his boxen, and his favorite apps include gaim-cvs, xchat-2, kmail, aterm, and gkrellm. Both of his x86 machines run the latest sources, which at the time of the interview was 2.5.65-mm2, but when he's feeling spicy he'll run off a live BitKeeper repo.
Seth is a member of the Atlanta Braves ground crew and has been enjoying working down there for 15 years; his father is the team doctor. He says he goes to school in the offseason.
Heard In The Community
Slithering Along the Bleeding Edge
The development tree of the Linux kernel is advancing towards 2.6 rapidly, and several threads in the forums are making clear that Gentooists are pretty much following the development as closely as possible. Not without the occasional problem, apparently...
Best April Fool's Joke Ever
Check the first link in our list: The forums had actually predicted that this would happen... But the threat of Portage's disappearance hit a nerve in many faithful Gentoo users, and many went into shock for anything between a split-second to several hours. They shouted abuse at their screens or room mates, and threatened to start deleting their portage tree before it dawned on them: They'd been had... And amidst the outrage over Gentoo's alleged move to RPM, only a handful of Germans found the second false news in last week's GWN.
Gentoo Corporate Usage?
With over 60 responses so far, this week's busiest thread on gentoo-user asks about companies (preferably large ones) that are using Gentoo in a production environment. Many people responded indicating they didn't feel Gentoo was appropriate for a production environment, noting too many problems with their own personal systems. Others indicated that Gentoo ran quite happily in a production role, often serving upwards of 150,000 clients. The responses are obviously quite varied and, in many cases, off-topic, but the thread does contain quite a few interesting insights into the trials and tribulations of using Gentoo Linux in a production environment.
Package management for non-ebuild software
Jan Drugowitsch asked about managing software packages installed outside of Portage on a Gentoo Linux system. Responses were varied and helpful, pointing to several open source projects which might fit the bill.
Portage Programming Question
Robin H. Johnson
about the availability of some documentation on the Portage DB API and he received a nice surprise
when he was told to type python [RETURN] help() [RETURN] portage to get to
Python's interactive help.
Jani Monoses was
if there is a more simple solution to the use of the long ACCEPT_KEYWORDS="~arch" emerge package_name.
Thomas M. Beaudry
with the suggestion to use Bash aliases (see man bash). And another Thomas
with his alias definition alias expmerge='ACCEPT_KEYWORDS="~x86" emerge'.
A French Meta-Project for the Meta-Distribution
Gentoo France is re-emerging itself: After the establishment of gentoofr.org in July last year (and carefully maintaining their good relations with the older project), a new organisation founded by Baptiste Simon, Guillaume Morin and Mark Krauth called frgentoo.net is now gathering supporters and activists willing to help with a new initiative for French translations of Gentoo documentation and tutorials, organising IRC channels and mailing lists, and generally wanting to round up more than just the usual suspects. The new club wants to provide a whole range of services around Gentoo Linux in France, and is determined to do things right by the community from day one. frgentoo's first elections for all posts in the association are going to be held by the end of the month, candidate submissions for coordinator and project leader roles are possible until 11 April, with the elections to be held by electronic vote between 14 and 20 April.
International Event Calender
While the Köln-Bonn community is still publicly discussing the agenda for their first meeting, two events in the US have emerged at somewhat shorter notice:
USA: The University of Southern Mississippi in Hattiesburg is having a "Gentoo Saturday" on 12 April. Development kernel performance and general installation help will be at the center of the event, held on the University's campus in the Bobby Chain Technology Building, Room 202 starting from 10:00 to 14:00. Check the corresponding forum thread, further details are here.
USA: If you happen to live in places with names like Metuchen, Old Bridge or Hackensack, the first meeting of the New Jersey Gentoo Linux User Group may well be what you've been waiting for. The happy NJ-GLUG lot has agreed on the Cafe52 on Easton Avenue in New Brunswick as their venue for the initial get-together, on 16 April at 20:00. Coordination for this meeting is done via this forum thread.
Germany14 May is now the official date for Gentoo users in the Köln/Bonn region, and now they also have decided on a time (17:00) and a venue: Hellers Brauhaus, Roonstrasse. Tell the others about your intentions to come right here.
The following stable packages were added to portage this week
Updates to notable packages
- sys-apps/portage - portage-2.0.47-r13.ebuild;
- sys-kernel/* - gs-sources-2.4.21_pre6.ebuild; hardened-sources-2.4.20.ebuild; mm-sources-2.5.66-r2.ebuild; mm-sources-2.5.66-r3.ebuild; ppc-sources-2.4.20-r4.ebuild; selinux-sources-2.4.20-r3.ebuild; sparc-sources-2.4.20-r7.ebuild;
New USE variables
- debug - Tells configure and the makefiles to build for debugging. Effects vary accross packages, but generally it will at least add -g to CFLAGS. Remeber to set FEATURES+=nostrip too.
- emacs - Adds support for GNU Emacs
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
- 288 new bugs this week
- 751 bugs closed or resolved this week
- 3 previously closed bugs were reopened this week.
- 2386 total bugs currently marked 'new'
- 450 total bugs currently assigned to developers
There are currently 2895 bugs open in bugzilla. Of these: 63 are labeled 'blocker', 107 are labeled 'critical',
and 227 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs
this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Changing File Attributes
This week's tip explains how to use chattr to keep important system files secure. The "change attribute" command, or chattr, can be used to add or change existing file attributes for things such as synchronous updates, tighter file security, and more. However, this command is only available on ext2 or ext3 partitions.
A list of common attributes and their associated flags is listed below. For a more complete list see man chattr.
- (A) Don't update atime
- (S) synchronous updates
- (a) append only
- (d) no dump
- (i) immutable
- (j) data journalling
- (t) no tail-merging
The 'j' option can only be used with ext3.
The 'j', 'a' and 'i' options are only available to the superuser
First make sure that you have chattr installed by emerging e2fsprogs.
Code Listing 8.1: Installing Required Files
# emerge e2fsprogs
To set attributes on files, use the chattr command and to view attributes, use the lsattr command.
Code Listing 8.2: Examples of using chattr and lsattr
# chattr +i myfile
# lsattr myfile
# rm myfile
rm: cannot remove `myfile': Operation not permitted
# chattr +a myfile
# lsattr myfile
# echo testing > myfile
myfile: Operation not permitted
# echo testing >> myfile
Some instances where this may be useful is keeping important files safe from deletion. Remember that even root can't delete a file that is immutable or append-only without first explicitly removing that attribute. Using this flag on /etc/passwd or /etc/shadow files keeps them safe from an accidental rm -f and also ensures no new accounts can be added in the event of an exploit. Keeping other files append-only means once they are written, that data can't be changed. Logs are a good candidate for this to keep them from being tampered with. With chattr and lsattr, you now have a few new tools to keep your system secure.
Moves, Adds and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
- Makoto Yamakura (yakina) -- Japanese documentation
- Peter Bilitch (hsinhsin) -- Gentoo documentation
- John Mylchreest (johnm) -- Gentoo documentation
- Joe Kallar (blademan) -- Sparc documentation
- Ashton Mills (martigen) -- Gentoo documentation
- Thomas Pedley (shallax) -- Gentoo xbox
- Robin Johnson (robbat2) -- ufed, mysql, php
The following developers recently changed roles within the Gentoo Linux project.
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: