Archive for Linux/Unix

“God Mode” Backdoor

Some x86 CPUs have hidden backdoors that let you seize root by sending a command to an undocumented RISC core that manages the main CPU, security researcher Christopher Domas told the Black Hat conference here Thursday (Aug. 9).

The command — “.byte 0x0f, 0x3f” in Linux — “isn’t supposed to exist, doesn’t have a name, and gives you root right away,” Domas said, adding that he calls it “God Mode.”

The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces (“userland”) run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas’ God Mode takes you from the outermost to the innermost ring in four bytes.

“We have direct ring 3 to ring 0 hardware privilege escalation,” Domas said. “This has never been done.”

That’s because of the hidden RISC chip, which lives so far down on the bare metal that Domas half-joked that it ought to be thought of as a new, deeper ring of privilege, following the theory that hypervisors and chip-management systems can be considered ring -1 or ring -2.

“This is really ring -4,” he said. “It’s a secret, co-located core buried alongside the x86 chip. It has unrestricted access to the x86.”

The good news is that, as far as Domas knows, this backdoor exists only on VIA C3 Nehemiah chips made in 2003 and used in embedded systems and thin clients. The bad news is that it’s entirely possible that such hidden backdoors exist on many other chipsets.

Full read here.

More fuzzing:

Breaking the x86 ISA

Fuzzing on Edison

Notes on Intel microcode

Securing a Linux Server

It is a rare to watch someone secure a freshly installed server right off the bat, yet the world we live in makes this a necessity. So why do so many people put it off until the end, if at all? I’ve done the exact same thing, and it often comes down to wanting to get right into the fun stuff. Hopefully this post will show that it is far easier than you think to secure a server, and can be quite entertaining to look down from your fortress, when the attacks begin to flow.

This post is written for Ubuntu 12.04.2 LTS, however you can do similar things on any other Linux distribution.

via Securing a Linux Server | Spenser Jones.

SGI and NASA ready most powerful Linux computer ever

Kinda old, but forgot to post it. Now this is a Linux machine I really drool over.

NASA has selected an SGI Altix supercomputer to help it meet future high-performance computing requirements. The new system will be the first supercomputer to operate 2,048 processor cores and 4TB of memory under control of one Linux kernel, creating the world’s largest single-kernel Linux system, NASA and SGI announced this week.

Driven by 1,024 Dual-Core Intel Itanium 2 processors, the new system will generate 13.1 TFLOPs (Teraflops, or trillions of calculations per second) of compute power. Based hundreds of computer “blades” that each sport a pair of dual-core processors, the system provides an extremely high density of compute power per square foot, enabling NASA to pack more computing power into its supercomputing center. NASA also acquired an ultra-dense 240TB SGI InfiniteStorage 10000 system to efficiently handle the massive data storage requirements.

SGI and NASA ready most powerful Linux computer ever

Community vs. Corporate Linux

The Coming Divide: this could get messy.

A clashe between the different versions of the GPL have already begun to show their roots , and luckily, thus far, has been pretty much transparent. What I want to know is how all of this is going to go down when it comes time for the enforcement of such things.

GPLv3 Enforcement: This Could Become a Bumpy Road. For Linux enthusiasts, the rules are simple and clear to interpret. But for Microsoft and its Linux partners, we will see plenty of them pointing to self-created loopholes, which will result in fierce debate, and perhaps even worse, blatant defiance.

As a collective community, we’d like to think that this whole issue will just blow over, but with the massive migration of so many Windows users and companies that wish to capitalize on this migration, defiance of the GPL will happen and more so than ever before.

The two companies that I have concerns about include both Novell and Linspire. Now, I would point out that I have no problem with either company. As a matter of fact, I have been fan of much of their efforts within the Linux world in the past. However, they will face challenges once they are caught in the middle of much of the Microsoft GPL feud and will likely pay a serious financial price.

:: Reviews : Community vs. Corporate Linux: The Coming Divide

Meet the New Linux Kernel: 2.6.21

It took longer than Linux creator Linus Torvalds would have liked, but the latest Linux kernel, version 2.6.21, has arrived. It brings many minor and major changes in how Linux handles process scheduling and time.

In his April 25th release note to the LKML (Linux Kernel Mailing List), Torvalds wrote, “If the goal for 2.6.20 was to be a stable release (and it was), the goal for 2.6.21 is to have just survived the big timer-related changes and some of the other surprises.”

Meet the New Linux Kernel: 2.6.21

Dell to Release Pre-installed Linux Machines

Dell to Release Pre-installed Linux Desktops, Laptops

Dell contacted on March 28 to let us know that the company will be releasing select desktop and notebook systems with pre-installed Linux as an option in the coming weeks.

Dell, however, is still playing its Linux cards close to its vest. For example, we do not know at this time which Linux distribution—or distributions—it will be supporting, or what Dell desktop and laptop machines will have pre-installed Linux as an option.

David Lord, a Dell spokesperson, did say, however, that Dell has been listening to its users and that the users want home and office desktops and laptops.

The new systems, Lord added, will be true pre-installed Linux systems—and not just a PC with a blank hard drive and a bootable CD or DVD. Software support is likely to come from the community, however, rather than from Dell. [article]

Build a Web spider on Linux

IBM: Build a Web spider on Linux

Web spiders are software agents that traverse the Internet gathering, filtering, and potentially aggregating information for a user. Using common scripting languages and their collection of Web modules, you can easily develop Web spiders. This article shows you how to build spiders and scrapers for Linux® to crawl a Web site and gather information, stock data, in this case

A spider is a program that crawls the Internet in a specific way for a specific purpose. The purpose could be to gather information or to understand the structure and validity of a Web site. Spiders are the basis for modern search engines, such as Google and AltaVista. These spiders automatically retrieve data from the Web and pass it on to other applications that index the contents of the Web site for the best set of search terms.

Similar to a spider, but with more interesting legal questions, is the Web scraper. A scraper is a type of spider that targets specific content from the Web, such as the cost of products or services. One use of the scraper is for competitive pricing, to identify the price of a given product to tailor your price or advertise it accordingly. A scraper can also aggregate data from a number of Web sources and provide that information to a user. [Read more]

Wii Will Have an Updatable Linux OS

From Slashdot : eldavojohn writes “There’s bits and pieces of information floating
around that revolve around ‘Iwata Asks’ interviews on Nintendo’s
website. What I found interesting was the tidbit about the updatable
operating system: ‘Wii is the first system from Nintendo that we can
continue to be involved in (via operating system updates) after the
customer buys it. This means that Wii will greatly expand and diversify
the ways in which people will enjoy games in the future.’ The Wii is
reported to operate on top of a proprietary form of the Linux kernel,
although there are already efforts to make a GNU/Linux for the
console. So, the answer to the age old question is that it already runs

See Slashdot link for original article, comments, and other links.

Slackware Release Announcement

The Slackware Linux Project: Slackware Release Announcement

The first Slackware release more than a year in the making, this edition of Slackware combines Slackware’s legendary simplicity, stability, and security with some of the latest advances in Linux technology. Expect no less than the best Slackware yet. Among the many program updates and distribution enhancements, you’ll find two of the most advanced desktop environments available today: Xfce, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 3.5.4, the latest version of the award-winning K Desktop Environment. Slackware uses the kernel bringing you advanced performance features such as the ReiserFS journaling filesystem, SCSI and ATA RAID volume support, SATA support, and kernel support for X DRI (the Direct Rendering Interface) that brings high-speed hardware accelerated 3D graphics to Linux. Additional kernels allow installing Slackware using any of the journaling filesystems available for Linux, including ext3, ReiserFS, IBM’s JFS, and SGI’s XFS. Slackware 11.0 also fully supports the 2.6 kernel series, with your choice of the well-tested kernel in /extra (including a version of this kernel that supports multiple processors, multi-core CPUs, HyperThreading, and about every other optimization available), or the recently released 2.6.18 kernel in /testing. This kernel also spent a long time in development and in our own testing has proven to be fast, stable, and reliable. [More..]

Linux Patches (9/21)

New patches from Mandriva:

xorg-x11 (multiple flaws)

mailman (multiple flaws)


New fixes from Debian:

alsaplayer (multiple buffer overflows)

bomberclone (multiple flaws)


New fixes for Ubuntu:

linux-restricted-modules-2.6.15 (updates to a previous fix)

GnuTLS (signature forge)

gzip (code execution)

Linux Incompatibility List – Linux Incompatibility List

The Linux Incompatibility List is an attempt to catalog and document hardware/peripherals of all kinds that do not work with the Linux operating system.

Fortunately, at this point in time, there is far, far more hardware that works without any problems with Linux, so this site aims to make Linux users aware of hardware to avoid (or if you want to be famous, hardware to write free drivers for). [Visit Site]

NASA tests Linux-based P.S.E. robots

NASA tests Linux-based planetary surface exploration robots

k-10The K-10 was created by the Intelligent Robotics Group (IRG) at NASA’s Ames Research Center, as part of a project to build exploration rovers for future robotic missions to the moon and to Mars. The K-10 is a lunar test-bed “used primarily for human robot interaction research,” according to NASA. It has four steerable wheels, and can travel at human walking speeds.

The K-10 uses commercial off-the-shelf parts where possible, in order to save cost and promote maintainability. The robot rover’s control and communications system is based on an IBM Thinkpad X31 with Intel Pentium M processor clocked at 1.4GHz.

The K-10’s control laptop attaches to various robotic subsystems via standard PC interfaces. NASA says that a fundamental architectural goal was to use only “highly scalable, expandable, and hot-pluggable” interfaces, such as USB, Ethernet, and Firewire, in order to reduce cables to the laptop and promote scalability, among other benefits.

The K-10 runs Red Hat Linux, which NASA says was chosen for its large user base and application compatibility. Additionally, NASA notes that, “Linux’s flexibility and scalability enable us to easily add, remove, and extend devices with minimal difficulty.”

The K-10 is controlled wirelessly, via a PCMCIA-based 802.11g interface connected to an 8db 2.4GHz antenna via an RF cable. The control application runs on the control laptop as a single, multi-threaded userspace application. Real-time performance is not required, NASA says, because real-time tasks such as fine-grained motor control are offloaded to a distributed network of microcontroller-powered control boards. [More here|pics]

Cedega and Linux: Let the Windows games begin | Cedega and Linux: Let the Windows games begin

If there’s one area where Linux distributions fall behind Windows, it’s games. Most PC games are built for Windows. Where does that leave Linux users? With Cedega, a melding of Wine and DirectX developed by TransGaming. Today, Cedega 5.2.3 officially supports about 50 games, though in reality it can run a lot more.

For a mere $5 a month (with a minimum subscription of three months) you can get the latest version of the software, support, and the right to vote on which games TransGaming should work on to improve Cedega.

Browsing the Games Database, you can spot blockbuster titles such as World of Warcraft, Civilization 4, Battlefield 2, Need for Speed Most Wanted, Half Life 2, Counter Strike, and Fifa 2006 — just to name a few of the officially supported titles. In addition, the database includes more than 1,300 games that are reported to work — more or less. Since Cedega is nothing more than a translation layer — it translates DirectX and Windows API calls to OpenGL, OSS/ALSA, and Linux APIs — not everything runs perfectly.

Installing Cedega is easy, but installing a game under Cedega isn’t always simple. [Read on]