Gentoo Logo

Gentoo Weekly Newsletter: August 8th, 2005

Content:

1.  Gentoo News

First alpha release of the Gentoo Installer

Gentoo Installer Project lead Andrew Gaffney made an announcement this week about version 0.1 of GLI! This is a milestone in Gentoo's history as it was installer-free before and the user had to do every step manually with the help of the Gentoo Handbook.

There will be an x86 LiveCD with the installer included in the /experimental branch on the mirrors. More information is available on the Installer Project's website.

Tor network servers banned on the Forums

The Tor Network is an anonymous Internet communication system that uses a distributed network of servers to bounce communications around. People were able to use tor to browse the Gentoo Forums until some malicious users started abusing the forums. As you might have already guessed, using tor hides your IP address, so it works similarly to a kind of anonymous posting. The gentoo forums staff, due to this abusive use of tor servers, has decided to ban all tor servers that have an exit policy allowing connections to forums.gentoo.org on ports 80 (HTTP) and/or 443 (HTTPS). We are concerned that our users might want to preserve their anonymity, however there doesn't seem to be a good technical or legitimate reason to use tor on the Gentoo Forums.

In an effort to purge the abuse of the Tor Network generating the least problem to our users, only Tor servers with an exit to forums.gentoo.org on the ports above stated will be banned. If they have those exits removed, they'll automatically be unbanned. Please, notice that this process of retrieving the list of Tor servers is performed automatically and that it might take a while to have the ban-list synced.

2.  Developer of the week

”Gentoo is something you learn once and apply wherever you want… just port it there ;)“


Figure 2.1: Diego Pettenò

Fig. 1: Flameeyes

This week's developer special is Diego Pettenò, better known as Flameeyes. He is one of the Gentoo/FreeBSD hackers and a media-video and sound bugfixer, so he usually does ebuild maintenance, patches for media apps and of course Gentoo/FreeBSD things in general.

Diego lives somewhere near Venice, Italy, where he tries to study Computer Science at the Ca' Foscari university and does translations to pay for his studies. Before he got assimilated into the Gentoo collective he worked on a few small open-source projects, but as he said ”nothing that takes someone else“. Gentoo/BSD is the thing he is most proud of: ”When I joined in march it was an overlay over FreeBSD, now it can be considered a full distribution on its own, so it's the first time I can really see something actually usable where I worked on :)“

Obviously KDE is the best thing since sliced bread, so Diego uses it and only needs vim and ssh to be happy. The first thing that gets started is usually amaroK to wake up… but usually the computers just keep running 24/7.

Diego uses an Athlon64 3500+, an iBook (with Gentoo/OSX) and an old Athlon-tbird headless for Gentoo/FreeBSD. When not in front of his computers (unlikely as that may appear) he is usually reading fantasy books or doing bricolage.

Quote: ”I'd like to thank all the devs who allowed me to be here right now :)“

3.  Heard in the community

gentoo-dev

Food For Thought: Bugzilla Localization?

Chris White starts a discussion whether bugzilla should be localized. This would be a great asset for non-English Gentoo users, but it would complicate bug management to the point where it seems unreasonable to implement it. Especially duplicate bugs and translation issues can't be managed sanely.

4.  Gentoo International

Germany: Reminder for the national user meeting

Just a quick reminder for the national user meeting in Wissen (Westerwald) next weekend. If you like camping and want to meet some other Gentoo users, this is the perfect event for you.

5.  Gentoo in the press

Gentoo in Windows

This month's issue of the Redmondmag.com, ’The independent voice of the Microsoft IT community‘, features an article entitled ”Make Room for Linux Apps“. The author describes how a Windows user can run Linux application in Windows and describes his experiences with Gentoo in combination with coLinux.

6.  Tips and Tricks

ulimit and sysctl

The ulimit and sysctl programs allow to limit system-wide resource use. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.

Code Listing 6.1: ulimit example

# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 8191
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 8191
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
      

All these settings can be manipulated. A good example is this bash forkbomb that forks as many processes as possible and can crash systems where no user limits are set:

Warning: Do not run this in a shell! If no limits are set your system will either become unresponsive or might even crash.

Code Listing 6.2: A bash forkbomb

$ :(){ :|:& };:
      

Now this is not good - any user with shell access to your box could take it down. But if that user can only start 30 processes the damage will be minimal. So let's set a process limit:

Note: A too small number of processes can break the use of portage. So, don't be too strict.

Code Listing 6.3: Setting a process limit

# ulimit -u 30
# ulimit -a
…
max user processes              (-u) 30
…
      

If you try to run the forkbomb now it should run, but throw error messages "fork: resource temporarily unavailable". This means that your system has not allowed the forkbomb to start more processes. The other options of ulimit can help with similar problems, but you should be careful that you don't lock yourself out - setting data seg size too small will even prevent bash from starting!

sysctl is a similar tool: It allows to configure kernel parameters at runtime. If you wish to keep settings persistent across reboots you should edit /etc/sysctl.conf - be aware that wrong settings may break things in unforeseen ways.

Code Listing 6.4: Exploring sysctl variables

# sysctl -a
…
vm.swappiness = 60
…
      

The list of variables is quite long (367 lines on my system), but I picked out vm.swappiness here. It controls how aggressive swapping will be, the higher it is (with a maximum of 100) the more swap will be used. This can affect performance a lot on systems with little memory, depending on load and other factors.

Code Listing 6.5: Reducing swappiness

# sysctl vm.swappiness=0
vm.swappiness = 0
      

The effects of changing this setting are usually not felt instantly. But you can change many settings, especially network-related, this way. For servers this can offer a nice performance boost, but as with ulimit careless usage might cause your system to misbehave or slow down. If you don't know what a variable controls, you should not modify it!

7.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Benjamin Judas (beejay) (Gentoo/X86 Release manager)

Adds

The following developers recently joined the Gentoo Linux team:

  • New developer: Christian Heim (phreak) (vserver)
  • New forums staff: Jonathan Coome (Maedhros)
  • New forums staff: Anders Hellgren (Kallamej)
  • New forums staff: Robert Muchacki (Muchar)

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Mike Doty (kingtaco) (stepped back from Arch Tester lead)
  • Homer Parker (hparker) (New Arch Tester lead)

8.  Gentoo Security

Compress::Zlib: Buffer overflow

Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.

For more information, please see the GLSA Announcement

ProFTPD: Format string vulnerabilities

Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

nbSMTP: Format string vulnerability

nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Netpbm: Arbitrary code execution in pstopnm

The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Heartbeat: Insecure temporary file creation

Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

9.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 July 2005 and 06 August 2005, activity on the site has resulted in:

  • 725 new bugs during this period
  • 459 bugs closed or resolved during this period
  • 38 previously closed bugs were reopened this period

Of the 8042 currently open bugs: 107 are labeled 'blocker', 200 are labeled 'critical', and 539 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated August 8, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 8 August 2005.

Ulrich Plate
Editor

Patrick Lauer
Author

Ioannis Aslanidis
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.