Gentoo Logo

Gentoo Weekly Newsletter: June 9th, 2003

Content:

1.  Gentoo News

Summary

Announcing Gentoo on MacOS X

We're pleased to announce that the Gentoo platform will soon be available for MacOS X. This means that users will be able to enjoy the the power and simplicity of the Gentoo platform and Portage where they happen to be, on the operating system they are currently using -- even if that operating system isn't GNU/Linux. We want to give our users more choices than anyone else, including the ability to use non-GNU operating systems and non-Linux kernels if they have that particular requirement or desire.

We are currently getting our infrastructure ready (mailing lists, project page, etc.) for this project and integrating Portage for MacOS X into our mainline Portage sources. News about further developments will be posted on the Gentoo news page as well as in future editions of the GWN.

Hardened Gentoo demonstrates SELinux

Hardened Gentoo is proud to announce that we have made available a machine to demonstrate some of our technology. The machine is available via ssh to illustrate SELinux, an advanced mandatory access control system. The reason we are providing this to everyone is to show everyone the significance of the work we are doing.

What this machine is:

  • A Gentoo installation secured with SELinux, running several daemons for testing in a production environment.

What this machine is not:

  • A chrooted installation
  • A uml installation
  • A userland restricted shell (ie: rbash)
  • A honeypot/honeynet
  • A completely useless and stripped down machine
  • Impervious to DoS attacks (don't DoS or forkbomb, it doesn't do anything except annoy people and stop others from enjoying the machine)
  • A workstation; the main focus is on servers, running selinux on desktops is possible, but not currently supported

Note: root is a real user with UID=0, nothing in addition to SELinux has been used to secure this machine so that we can demonstrate how SELinux works. Feel free to try and obtain higher access on the machine, and take a look at dmesg to see the denials when they occur.

Without further ado, please visit http://selinux.dev.gentoo.org for root login information.

Anyone who is interested in this, and would like to know when it's ready for most users and after it's been tested in production environments should subscribe to the gentoo-hardened@gentoo.org mailing list and come to #gentoo-hardened on irc.freenode.net. Our project page at http://www.gentoo.org/proj/en/hardened will also be updated when status changes occur.

Open positions in the Gentoo Linux project

The following Portage packages are currently in need of a maintainer. If you are interested in taking one of these positions, please send an e-mail to recruiters@gentoo.org with your full name, location, Linux (and especially Gentoo) experience, areas of expertise, and level of experience with the particular application in question.

If you're unsure about what level of experience any of these tasks require, try searching http://bugs.gentoo.org for open bugs on the package name to get a feeling for the type of experience and skill necessary for that particular package.

Note: We will make every effort to respond to each email personally. However, due to the sheer volume of email that we receive, please accept our thanks in advance in case we're not able to respond to your email

  • XFree86
  • Scheme
  • Emacs/XEmacs
  • courier
  • Wine/Winex
  • OpenOffice
  • Keychain

2.  Gentoo Security

Summary

GLSA: tomcat

The tomcat servlet creates the /opt/tomcat directory with privileges that permit local users to read files that contain passwords.

  • Severity: High - Local password compromise.
  • Packages Affected: net-www/tomcat prior to tomcat-4.1.24-r1
  • Rectification 1: Synchronize and emerge tomcat, emerge clean.
  • Rectification 2: /etc/init.d/tomcat stop ; chmod -R 750 /opt/topcat/ ; /etc/init.d/tomcat start
  • GLSA Announcement

GLSA: uw-imapd

The UW-imapd IMAP daemon can also be used as a client. By default, any authenticated user is permitted to connect to the server, even in restricted operating modes. Exploiting this vulnerability could be used to gain access to the system as the logged-in user.

  • Severity: High - Remote authentication compromise.
  • Packages Affected: net-mail/uw-imapd prior to uw-imapd-2002d
  • Rectification: Synchronize and emerge uw-imapd, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: maelstrom

The game maelstrom has a buffer overflow that could permit a local user to execute arbitrary code.

  • Severity: Moderate - Arbitrary code execution, limited to users with local access.
  • Packages Affected: app-games/maelstrom prior to maelstrom-3.0.6
  • Rectification: Synchronize and emerge maelstrom, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: apache-2.x

Apache 2.0 servers are subject to a remote Denial-of-Service attack through the mod_dav (and possibly other) mechanism. This vulnerability is a result of a configuration bug that causes the server to be thread-unsafe in certain configurations.

  • Severity: Moderate - Remote DoS.
  • Packages Affected: net-www/apache-2.x prior to apache-2.0.46
  • Rectification: Synchronize and emerge apache, emerge clean.
  • GLSA Announcement
  • Advisory
  • Advisory

New Security Bug Reports

The following new security bugs were posted this week:

3.  User stories

The guys behind breakmygentoo.net


Figure 3.1: The team of breakmygentoo.net

Fig. 1: Matthew Schick aka lin_mat (left) and Karl Abbott aka karl11

This week we feature the people who took care of all the CVS ebuilds left homeless by the "Great Portage CVS Purge '03", Matthew Schick (lin_matt) and Karl Abbott (karl11).

So who are these guys who so desperately try to break your Gentoo? Karl is currently a Computer Science undergraduate at the University of Southern Mississippi (USM) and 21 years old. He uses Linux as his operating system of choice since September 2001. Matthew Schick, 27, works as systems administrator at USM's computer science department. A Linux user since 1998 he tried various distributions including Red Hat, Caldera, Mandrake and Debian before deciding to go with Gentoo Linux in May 2002. He recently switched the department's main server successfully from Red Hat 7.2 to Gentoo Linux, and is currently looking into the viability of migrating all the lab's machines (around 100) sometime during this summer as well.

Once upon a time in Gentoo land...

breakmygentoo.net originated from a site called "Ebuild Central". The purpose of this site was to have a place to share "home-grown" ebuilds among Gentoo users locally as well as having a place to link to from the forums. The quicktime enabled MPlayer ebuilds were hot at that time and after exceeding the bandwith of Karl's site both of them knew they had to find another solution.

Unexpected success

So Matt talked to one of his clients in Los Angeles and obtained some much needed space and bandwidth for the site in December of 2002. After a little while of going only with an IP address, Matt and Karl decided that a domain would be necessary, and thus breakmygentoo.net was born in February 2003. The name was decided on as both a warning and a tongue-in-cheek joke for anyone hitting the site. Even during those times they simply expected the project to be a way of sharing ebuilds amongst themselves and a few people who might be interested in the same types of software. For the first few months, the site was simply a listing of the ebuilds in the directory. But it soon became obvious that there was a high demand, and just a few weeks ago, Karl created a frontend for the site and then announced the launch of the new site. With that launch comes the project's own bugzilla, giving brave Gentooists the ability to submit ebuilds and bug reports that they encounter with all the CVS ebuilds out there.

With the release of GNOME 2.3.2 has come some of the highest usage the site has ever experienced. The fans of breakmygentoo.net have also helped identify several potential bugs, both on the Gentoo side as well as in some of the GNOME software. This gives Gentoo users an opportunity to play with what many people regard as the most exciting release of GNOME so far.

Some stats

In January Matthew and Karl started to keep track of the site's stats using Webalizer. At this time they had a daily average of 117 and a monthly total of 3650 hits, whereas in May they experienced an average of 927 hits a day which amounted to a total of 28,748 page hits at the end of the month. The first two days of June already saw more than 10,000 hits which makes one think about all the people out there trying to break their Gentoos... ;-)

Final words

Here's what they have to say:

Matt: "breakmygentoo.net has become an unlikely resource for folks that enjoy bug hunting (or just playing) in the realm of unstable software. Hopefully some of the information that's gained through the usage of the ebuilds on the site will contribute to the overall quality of the stable releases."

Karl: "breakmygentoo.net came out of the necessity for a shared space for development ebuilds. I never could have imagined it becoming as widely used as it is today."

Also both of them would like to express their thanks to everyone who has contributed to the site!

4.  Featured Developer of the Week

Joshua Brindle, aka Method


Figure 4.1: Joshua Brindle, aka Method

Fig. 1: Joshua Brindle, aka Method

Joshua Brindle is in charge of several security-related Gentoo projects, acting as liaison between the teams and Gentoo proper in addition to participating and getting his hands dirty. The biggest one is Hardened Gentoo, which Joshua himself started a few months ago and now boasts five active developers and the official SELinux play machine mentioned earlier in the newsletter. Joshua is also working on the integration of Propolice stack smashing protection into Gentoo; he and his team are very close to getting it into the default profiles. With all this security work he hasn't been able to participate in SPARC development (when Joshua joined first the team in November 2002 it was as a SPARC developer), he's really proud of how far he and his teams have come in such a short time and hopes to continue to progress and show the world what Gentoo is really made of.

An undergraduate studying for a BS in System Network Management, and working as UNIX administrator at Southern Nazarene University, Joshua's favorite applications are actually mostly servers: Apache, PHP, exim, MySQL, and openSSH. While he usually runs Linux on servers, on the rare occasions when he runs it on a desktop he uses KDE, Konqueror, and Evolution, as well as VMWare (which he wishes were open). His hobbies include watching the Simpsons, drinking Dr. Pepper, partying, clubbing, and playing Warcraft III. Joshua lives in Oklahoma but is from Texas! (he says that people who live or have lived in Texas would understand). When he graduates next semester and starts hunting for a job, he says he'll be sure to put in an application at the NSA.

5.  Heard In The Community

Web Forums

Much Ado About Macintosh

Drobbins' announcement of Gentoo/Mac OS X and the new LiveCDs for the PowerPC architecture have rippled the waves quite considerably last week. A few people are discussing the virtues of Portage vs. Fink or Darwinports, others suddenly express revived interest in Macintosh emulators on x86 for Linux, and the lead dev for PPC dropped by to ask for hardware loans of oldworld Macs and PReP machines (i.e. IBM RS/6000 etc.) that he could use for testing the LiveCD:

Ximian Desktop 2 Port

Not many of the Gentoo developers are also forum regulars, since most of them prefer the mailing lists or the IRC channels. But when link suddenly announced that he was starting work on a port of Ximian's Desktop 2, due out in the market this week starting 9 June 2003, the devs came flocking in to offer advice and help and wish him luck:

gentoo-user

Laptops and Gentoo

In the beginning, only the most devout hackers with a basement full of luck were able to get Linux running properly on their laptops. The quirky hardware, screens and suspend modes boggled driver developers, leaving many features disabled or abandoned. Fortunately the increasing demand has fueled the maturation of laptop-centric drivers, and installing Linux on a laptop is now considered childs play. The good news is that the whole community feels that all distibutions considered, Gentoo Linux is an excellent choice for laptops. One reason for this is Gentoo's tendency to stay on the cutting edge of latest stable software. Armed with the ACPI patches of the 1.4rc4 LiveCD, Gentoo'ers should experience a smooth ride while running a base system on their laptop. Heat was mentioned as an important issue due to Gentoo's propensity to stress the CPU while compiling for extended periods on sometimes indadaquately cooled laptops. Finne Boonen solved this by placing the laptop on bricks. Another issue was that of sound dying after returning from safe mode. Jason Nielson let us know his solution here. In a seperate thread Cedric Veilleux asked which vendor of laptop should be purchased. Many great recommendations were given, including Chris Meidinger's submission of linux-on-laptops.com. All in all, Gentoo Linux is recommended as a viable solution for laptops, and that you are encouraged to try it out.

gentoo-dev

This week has seen many smaller threads, however interesting. And one of them in particular:

(FS) Attributes for Ebuilds?

Using the file system as a sort of extra database functionality for portage. So as to allow for, maybe faster searches or expanded categorization.

This idea came as a followup, by Michael Kohl, to the earlier discussion about categories in portage.

6.  Gentoo International

Italian Gentoo Propaganda Machines Roundup

Enrico Morelli, initiator of Gentoo Linux Italia, has recently closed the unofficial forum he maintained on a university server in favour of inviting everyone to join the official Italian forum. His excellent website continues to be around, of course. And now there's yet another unofficial Gentoo website in Italy: Joe and Stefano Lucidi have concocted a PHP-driven website based on Postnuke, and included a broad range of Gentoo-centric information with news directly off the frontpage, a user forum and a few other gimmicks including AvantGo PDA-formatted infos. The Italian mailing list the duo established is also quite successful.

Journée des Gentooistes

As reported earlier, the French Gentooists are discussing the date and venue for a Gentoo user meeting in France. The preliminary verdict seems to point in the direction of a meeting in Paris, sometime after the infamous rentrée when millions of French head back to town from their summer vacation. A web forum set aside exclusively for coordinating the details is waiting for people to express their opinions.

7.  Portage Watch

The following notable packages were updated or added to portage this week

The following stable packages were updated or added to portage this week

Total categories: 82

Total packages: 4564 (86 packages added since last week)

8.  Bugzilla

Summary

Statistics

Note: Due to server problems last week, this week's statistics are based on the 14 day period between 23 May 2003 and 5 Jun 2003

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 14 days, activity on the site has resulted in:

  • 471 new bugs during this period
  • 326 bugs closed during this period
  • 10 previously closed bugs were reopened this period

Of the 3259 currently open bugs: 54 are labeled 'blocker', 133 are labeled 'critical', and 253 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs this week are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs this week are:

9.  Tips and Tricks

Combining Commands with For

This week's tip shows you how to run similar commands in a loop to avoid typing in the same command over and over again. For example, untarring several tar.gz files. Or perhaps renaming files with similar extensions.

Code Listing 9.1: for and tar

# for n in *.tar.gz; do tar -zxvf $n; done

This next instance demonstrates removing the .dist extension of several files.

Code Listing 9.2: for and mv

# for n in *.dist; do mv $n `basename $n .dist`; done

If necessary, you could combine it with find to rename all .phtml files in /home/httpd/htdocs to .php

Code Listing 9.3: for and find

  # cd /home/httpd/htdocs
  # for n in `find -type f -name '*.phtml'`;  \
      do mv $n `basename $n .phtml`.php; done 

10.  Quote/Signature of the week

This week's featured .sig was seen on gentoo-dev in a message from Pascal Bourguignon: "Do not adjust your mind, there is a fault in reality." Or maybe it's just a fault in the matrix? ;-)

11.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Abhishek Amit ("andrd") -- LDAP
  • Brad Laue (brad) -- phoenix/firebird

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • none this week

12.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

13.  GWN Feedback

Please send us your feedback and help make GWN better.

14.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

15.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 09 June 2003

Summary: This is the Gentoo Weekly Newsletter for the week of June 9th, 2003.

Kurt Lieber
Editor

AJ Armstrong
Contributor

Brice Burgess
Contributor

Michael Kohl
Contributor

Yuji Carlos Kosugi
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

Ulrich Plate
Contributor

Peter Sharp
Contributor

Kim Tingkaer
Contributor

Mathy Vanvoorden
Dutch Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Thomas Raschbacher
German Translation

Klaus-J. Wolf
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Christian Apolloni
Italian Translation

Yoshiaki Hagihara
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Takashi Ota
Japanese Translation

Jaroslaw Swierad
Polish Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

Ricardo Jorge Louro
Portuguese (Portugal) Translation

Ricardo Nogueira
Portuguese (Brazil) Translation

Sergey Kuleshov
Russian Translator

Dmitry Suzdalev
Russian Translator

Anton Vorovatov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.