Yenya's World

Thu, 06 May 2010

Why I don't Like Ubuntu

I am not very fond of Ubuntu because of their leecher's attitude when giving back to upstream. That said, I have considered Greg Kroah-Hartmann's LPC 2008 keynote being a bit rude. Two years later, I have to admit Greg K-H was right:

In this bug report they discuss a kernel performance problem in their enterprise version (LTS). Ted Ts'o has recommended a temporary fix while suggesting to focus on building their own kernel dev team in order to be able to solve such a problem faster.

In response, they have opened a Fedora bug.

Source: Dave Airlie's blog.

Section: /computers (RSS feed) | Permanent link | 2 writebacks

Wed, 05 May 2010

Uncovering the Hidden (this time in elinks)

The problem with userland apps (like OpenOffice.org) is that the code is rarely reviewed by anybody outside the development team. From time to time it is possible to read frustrated reports written by people who try to make the system boot as fast as possible, or to preserve as much battery capacity as possible. Those people actually look at what the applications are doing, and are often very surprised. Confining apps under SELinux is a similar kind of frustrating job. I have almost finished confining OO.org, and I have tried to confine elinks for HTML-to-text conversion. The gems found so far are:

• elinks -no-references -dump local-file.html still reads the CA certificates bundle, even though it is not expected to make any HTTPS connection at all.
• It creates a new TCP socket, sets it to non-blocking mode, calls getpeername(2) on it (it obviously fails as the socket has not been connected anywhere yet), and then does completely nothing with it:

  socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 7
  fcntl(7, F_GETFL)                 = 0x2 (flags O_RDWR)
  fcntl(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
  brk(0x2121000)                    = 0x2121000
  getpeername(7, 0x7fff0afb51f0, [112]) = -1 ENOTCONN
  

  I have tried to dontaudit the socket creation, but elinks segfaults then.
• It tries to stat(2) and then open(2) directories for temporary files: /tmp, /var/tmp, and even /usr/tmp(!). It reads them but does nothing else with them. Dontaudit here works as expected.
• Of course, seeing open(2) after stat(2) cries "possible race condition security hole ahead" quite loudly. Why not open(2) directly, and—if necessary—fstat(2) later?

I did not have time to look at the source code, so I refrain from filling a bug report or sending a patch for now.

Section: /computers (RSS feed) | Permanent link | 0 writebacks

Tue, 04 May 2010

Confining OpenOffice.org

I don't use OpenOffice.org except for occasionally reading a .doc file people send to me instead of writing in plain text. I don't know anything about its internals, and I only have a general feeling that OO.org is a huge bloated mess[1]. Today I have attempted to confine OO.org under SELinux in order to be able to convert untrusted documents to PDF or HTML. I am still not done, but my experience so far has brought the term "huge bloated mess" to a completely new level.

Here are few examples:

• OO.org is a spaghetti-like set of scripts, binaries and libraries calling each other, sometimes even via shell. So confining OO.org would mean to allow the shell to be executed under the domain which I want to confine it under. Talk about tightly specified rules.
• OO.org components communicate with each other over several different transports: sometimes it uses an unnamed pipe, there are socketpairs, and there is even a named socket under /tmp.
• Even though OO.org has configuration option for specifying the directory under which temporary files are created, some of those files are created directly under user's home directory, and some of them under /tmp no matter what.
• OO.org even attempts to execute some of its temporary files!
• Even in batch mode, it still tries to read the /media directory.

On a positive side, OO.org with the -headless option now finally can run without actually requiring a connection to the X server (I have discovered it only after spending several hours writing a policy for confining Xvfb. Oh well).

I wonder how many security holes in OO.org are waiting to be discovered, because I can't imagine at all how such a code base can be audited for security problems.

[1] Things like mixing Java, C, and their own scripting language for extensions, dialog windows which keep popping up no matter how many times I attempt to close them, their document recovery dialog, and other minor and major surprises.

Section: /computers (RSS feed) | Permanent link | 2 writebacks

About:

Yenya's World: Linux and beyond - Yenya's blog.

Links:

RSS feed

Jan "Yenya" Kasprzak

The main page of this blog

Categories:

• All (448)
  • anime (11)
  • computers (308)
    • desktops (25)
  • czech (2)
  • personal (99)
  • world (28)

Archive:

• May 2016 (1)
• March 2016 (1)
• December 2015 (1)
• November 2015 (1)
• September 2015 (2)
• August 2015 (1)
• July 2015 (3)
• June 2015 (1)
• May 2015 (2)
• March 2015 (2)
• December 2014 (6)
• July 2014 (1)
• June 2014 (3)
• May 2014 (4)
• April 2014 (3)
• December 2013 (3)
• November 2013 (2)
• September 2013 (1)
• July 2013 (1)
• May 2013 (5)
• April 2013 (3)
• March 2013 (1)
• January 2013 (3)
• November 2012 (7)
• October 2012 (4)
• September 2012 (2)
• August 2012 (1)
• July 2012 (1)
• April 2012 (1)
• November 2011 (1)
• October 2011 (1)
• July 2011 (1)
• June 2011 (2)
• May 2011 (4)
• April 2011 (1)
• March 2011 (4)
• January 2011 (3)
• December 2010 (2)
• November 2010 (3)
• September 2010 (2)
• August 2010 (1)
• July 2010 (1)
• June 2010 (1)
• May 2010 (3)
• April 2010 (2)
• March 2010 (2)
• February 2010 (5)
• January 2010 (3)
• November 2009 (4)
• October 2009 (2)
• September 2009 (1)
• June 2009 (3)
• May 2009 (1)
• April 2009 (3)
• March 2009 (5)
• February 2009 (2)
• January 2009 (4)
• December 2008 (3)
• November 2008 (4)
• October 2008 (5)
• September 2008 (3)
• August 2008 (6)
• July 2008 (4)
• June 2008 (3)
• May 2008 (2)
• April 2008 (5)
• March 2008 (7)
• February 2008 (5)
• January 2008 (6)
• December 2007 (6)
• November 2007 (2)
• October 2007 (9)
• September 2007 (6)
• August 2007 (6)
• July 2007 (4)
• June 2007 (6)
• May 2007 (4)
• April 2007 (2)
• March 2007 (7)
• February 2007 (8)
• January 2007 (9)
• December 2006 (2)
• November 2006 (15)
• October 2006 (7)
• September 2006 (4)
• August 2006 (13)
• July 2006 (10)
• June 2006 (7)
• May 2006 (9)
• April 2006 (9)
• March 2006 (11)
• February 2006 (16)
• January 2006 (8)
• December 2005 (16)
• November 2005 (16)
• October 2005 (16)
• September 2005 (16)
• August 2005 (17)

Blog roll:

alphabetically :-)

• Jiří Zlatuška
• Kernel Planet
• PDM
• Ulrich Drepper
• Wenca

Jan "Yenya" Kasprzak, written in Blosxom.