| View previous topic :: View next topic |
| Author |
Message |
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
 Posted: Sun Jan 16, 2005 1:25 am Post subject: 2.6.10-dark1 "dark.echo" |
 |
|
Yo folks, I figured I'd release my new patchset designed to be the 2.6 successor to -sk (http://www.dcaf-security.org/skpatch.php). I'v named my new patchset "dark sources" and the patchset has the goals of security, stablity and proformance all in one. Heres some details and a diff file for those of you that want to try it.
| Quote: | Current Patches:
16kb-stacks.diff | 16kb stacks for those that want it
2.6.10-capabilities_fix.diff | Some fixs to the LSM capabilities
2.6.10-mingoll.diff | Kernel Latency Improvements
2.6.10_to_staircase10.3.diff | Full Staircase scheduler
cfq-ts-20.diff | cfg I(O) Timeslice
deadline-signedness.diff | Deadline scheduler bugfix
defaultcfq.diff | Set the cfg I(O) scheduler as default
drm-i810.diff | drm i810 updates (bugs/security)
fix-ll-resume.diff | Bug/Security Fix
ipsec-nat-fixs.diff | lots of ipv4 fixs (bugs/security)
iptables-ecn.diff | Fix corruption bug in ipt_ecn
menuconfig-name.diff | Change make menuconfig to display the kernel name (2.6.10-dark1 "dark.echo")
moxa-int-overflow.diff | security update for the moxa driver
mwII.diff | Mapped Watermark II (less likely to swap)
nvidia_6111-6629_compat2.diff | Compatiblity fixs for the nvidia drivers
random-poolsize-int-overflow.diff | random.c security fix
realtime-lsm.diff | Provides configurable realtime privilages to users (LSM)
rlimit-memlock-dos.diff | Security fix
scsi-int-overflow-information-leak.diff | SCSI security fix
squashfs.diff | SquashFS
sunrpc-nfsacl.diff | sunrpc security/bug fix
1504_vmscan-writeback-pages.patch | vmscan writeback pages patch
2.6.10-mm1-brk-locked.patch | brk_locked local vuln fix
sk98lin_v8.12b1.patch | sk98lin updates
vm-pageout-throttling.patch | VM pageout throttling patch |
diff file: http://www.dcaf-security.org/patch-2.6.10-dark1.diff
Edit: Fixed a few typo's in the patchlist.
~predatorfreak
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up.
Last edited by predatorfreak on Sun Jan 16, 2005 8:14 am; edited 3 times in total |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Jan 16, 2005 1:38 am Post subject: |
|
|
And... you have tested this how thoroughly, and stress-tested it how many hours ?
Built and tested it on how many different hardware configurations ?
I swear, everybody and their canine pet is creating custom kernels these days 
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 1:41 am Post subject: |
|
|
haha, so true. I'm running it right now and i'v stress tested it under a few different loads. It hasn't started hating me yet  .
Edit: I can't test it on alot of different hardware configs as i only have one machine, but I'm hoping that people will be able to give some feedback on how it runs and help verify that it works well on other configs. Also, I'v spent 7 hours developing it and about 4-5 hours testing it.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Jan 16, 2005 1:49 am Post subject: |
|
|
Erm.. it wasn't actually meant as discourse, you know.
I have serious doubts about anyone who calls themselves a "*nix Expert" on their website.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 1:53 am Post subject: |
|
|
lol, I took that because my other team mates said that I was best suited to be our team *nix expert  . I personaly consider myself more of a OS Hacker/Tweaker, I enjoy tinkering with my system, but I don't like to kill it or break it. I do stuff that improves security, stablity or proformance and nothing more.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
luisfeser
Guru
Joined: 22 May 2004
Posts: 543
Location: /España/Toledo
|
| Posted: Sun Jan 16, 2005 1:56 am Post subject: |
|
|
| adaptr wrote: | And... you have tested this how thoroughly, and stress-tested it how many hours ?
Built and tested it on how many different hardware configurations ?
I swear, everybody and their canine pet is creating custom kernels these days |
It is bad to do a patchset for kernel???
When nitro or love or what ever began, everybody thought: "another kernel patchset, so shit..."?????
If you like this patchset, use it. If you don't like, don't use it, but don't talk if you have not try it 
_________________
AMD Athlon XP-M 2500+ @2200MhHz|1GB DDR @400MHz Dual-Chanel|NVIDIA GeForce4 MX 420|SB Live 5.1|ADSL 512/128 Arsys
gentoo ~x86 |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 1:59 am Post subject: |
|
|
| luisfeser wrote: | | adaptr wrote: | And... you have tested this how thoroughly, and stress-tested it how many hours ?
Built and tested it on how many different hardware configurations ?
I swear, everybody and their canine pet is creating custom kernels these days |
It is bad to do a patchset for kernel???
When nitro or love or what ever began, everybody thought: "another kernel patchset, so shit..."?????
If you like this patchset, use it. If you don't like, don't use it, but don't talk if you have not try it |
True, this patchset isn't designed to take over the world or anything, its just something i tough i'd let people get there hands on. Its more of a personal project like -sk is then anything else.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Jan 16, 2005 2:03 am Post subject: |
|
|
| predatorfreak wrote: | | lol, I took that because my other team mates said that I was best suited to be our team *nix expert . I personaly consider myself more of a OS Hacker/Tweaker, I enjoy tinkering with my system, but I don't like to kill it or break it. I do stuff that improves security, stablity or proformance and nothing more. |
Point taken.
Mind if I nmap your box, then ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 2:05 am Post subject: |
|
|
You'd hit a router . Also, it seems like you are bashing me for no apparent reason now.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Jan 16, 2005 2:20 am Post subject: |
|
|
Perhaps.
Unfair as it may appear to you (and I can fully understand how it would, believe me) there are one or two things that just stuck in my crow.
First, your high-school dropout command of the English language and its application, which are - to my mind - not optional.
And second, that - again, in my eyes- very arrogant moniker of *nix Expert - I've never met anyone who claimed that.
But bashing is a long time away, though - we're firmly in the informal banter stage now.
As to how all this applies to patching the kernel - I don't know Mr. Love personally, but I gather that he spends a not inconsiderable amount of his 24 hours a day on those love patchsets.
You throw in 2 dozen patches at once, and say: hey,it's good - I've tested it for a whole 5 hours!
Doubt, you know.
Didn't mean to go all Oz on you, but there it is.
EDIT: perhaps a short yet honest appraisal of who this patchset might conceivably be worth trying for... no 24/7 desktops, no network nodes, no Internet servers.. but then, most people running those things would know that already.
Okay, now it's bashing - I'm skulking away in embarrassment.
Enough already.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 2:28 am Post subject: |
|
|
Meh, whatever you wanna say and as I saided i don't claim to be a "*nix expert", I should proble update that to "Linux Researcher" or something to that sort. Also, if you look at my list of patchs it doesn't change everything within the kernel and uses patchs only known to work well. Also, Although my english might be bad, its still readable unlike some peoples english. If you truely think this patchset is horrible then try it and provide some proof before mindless bashing.
Edit: Also, this patchset is for the people that feel like trying it, if you don't like it, don't use it.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
luisfeser
Guru
Joined: 22 May 2004
Posts: 543
Location: /España/Toledo
|
| Posted: Sun Jan 16, 2005 2:44 am Post subject: |
|
|
My english is so bad too, but, if i understand you (adaptr), non english people can't do patchs or anything?
I think i understand bad....
_________________
AMD Athlon XP-M 2500+ @2200MhHz|1GB DDR @400MHz Dual-Chanel|NVIDIA GeForce4 MX 420|SB Live 5.1|ADSL 512/128 Arsys
gentoo ~x86 |
|
| Back to top |
|
|
lib3rtyfr34k
n00b
Joined: 16 Jan 2005
Posts: 3
|
| Posted: Sun Jan 16, 2005 2:44 am Post subject: |
|
|
What ever happened to constructive criticism? If you're going to tell someone that whatever they're making sucks, you might as well tell them WHY it sucks, and how they could make it better.
EDIT: Pointed at adaptr |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 6:50 am Post subject: |
|
|
bump
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
MrApples
Guru
Joined: 13 Dec 2002
Posts: 511
|
| Posted: Sun Jan 16, 2005 7:01 am Post subject: |
|
|
adaptr, i would really expect more from a forum veteran. your uncanny command of the english language does not license you to ridicule others for their use of it. in accordance with that, you should not judge a person by their grammar as it can be misleading. for instance, your diction is sophisticated but your content is childish.
predator, thanks for the patchset
_________________
http://www.whatsinyourbox.org -- Technology discussion, news, and more. |
|
| Back to top |
|
|
TheNull
n00b
Joined: 10 Aug 2004
Posts: 37
|
| Posted: Sun Jan 16, 2005 7:09 am Post subject: |
|
|
I must say that adaptr is the rudest person I've seen on gentoo forums so far. The only one so far to be precise.
Back on topic, I'd try out the kernel, but I am doing stuff on windows for a few weeks =/
_________________
Need programming help?
Visit CODEnet. |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 7:53 am Post subject: |
|
|
np guys, your welcome to request addisions and I'l get back to you on them and hope you enjoy my patchset as much as i do.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 9:11 am Post subject: |
|
|
Heres a look at what I'v got so far for -dark2, if theres anything anybody wants added/removed your welcome to ask.
| Quote: | Current Patchs:
16kb-stacks.diff | 16kb stacks for those that want it
2.6.10-capabilities_fix.diff | LSM capabilities security fix
2.6.10-mingoll.diff | Kernel latency improvments
2.6.10_to_staircase10.3.diff | Latest stable staircase scheduler
cflags-hack.diff | Gives users the ability to change CFLAGS
cfq-ts-20.diff | Latest cfg I(O) timeslice patch
chmp.diff | USB mouse pulling patch
config-nr-tty-dev.diff | Configure the number of tty devices
deadline-signedness.diff | Deadline scheduler fixes
defaultcfq.diff | Set the cfg I(O) scheduler as the default
drm-i810.diff | Fixes local DoS in i810 DRM drivers
fix-ll-resume.diff | acpi resume fixes
inotify-0.18.diff | Latest inotify patch
ip_conntrack-fix.diff | Fixes the RST packet ignore problem
ipsec-nat-fixs.diff | IPSec ipv4 fixes (bug/security)
iptables-ecn.diff | Fixes ecn corruption bug
menuconfig-name.diff | Display kernel name in menuconfig
moxa-int-overflow.diff | Fixes int overflows with the moxa driver
mwII.diff | Mapped Watermark II to reduce swapping
nvidia_6111-6629_compat2.diff | Allows vanilla nvidia drivers to compile
ppc-pegasos.diff | Fixes pegasos PCI hardware bugs on PPC
random-poolsize-int-overflow.diff | Fixes the random.c int overflow
realtime-lsm.diff | Allow users to set realtime priority in a safe way.
rlimit-memlock-dos.diff | Fixes the rlimit DoS vuln
scsi-int-overflow-information-leak.diff | Fixes the scsi init overflow
sparc-kconfig-driver-rework.diff | Fixes for kconfig on sparc
sparc-kconfig-rework.diff | Fixes for kconfig on sparc
sparc-obp64-naming.diff | Fixes OBP naming on some sparc boxes
sparc-stopa.diff | Display a more user friendly panic message
sparc-u1-hme.diff | Fixes hme lock ups
sparc-wli.diff | Sparc32 fixes that missed vanilla 2.6.10
squashfs.diff | SquashFS 2.1
sunrpc-nfsacl.diff | Fixes DoS vuln in sunrpc
1504_vmscan-writeback-pages.patch | Makes the VM throttle instead of OOM kill
2.6.10-mm1-brk-locked.patch | brk_locked vuln fixed
sk98lin_v8.12b1.patch | Updates to the sk98lin driver
vm-pageout-throttling.patch | More VM throttling stuff |
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 8:45 pm Post subject: |
|
|
I'v been testing -dark2 for a little while now and I'm gonna do some more tests before I release it, but its been stable so far. Refer to my last reply for the details on -dark2.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
krejler
Tux's lil' helper
Joined: 10 Nov 2003
Posts: 142
Location: Denmark
|
| Posted: Sun Jan 16, 2005 8:55 pm Post subject: |
|
|
| Which revision of chmp are you including? |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Jan 16, 2005 10:37 pm Post subject: |
|
|
| MrApples wrote: | adaptr, i would really expect more from a forum veteran. your uncanny command of the english language does not license you to ridicule others for their use of it. in accordance with that, you should not judge a person by their grammar as it can be misleading. for instance, your diction is sophisticated but your content is childish.
|
Well said.
My comments were in no way personal - they can't be, I don't personally know anybody here.
But I am indeed one of those forgettable pedants who cannot abide the absence of punctuation or capitalisation.
It is hard for me to judge that any other way than "lazy".
And no, I have no beef with non-native English writers - many of them write better English than the natives, and if they don't, I try to decypher it.
Rude ? For certain - my social skills wouldn't look good on a gorilla.
Not that I want to be, or try to be - there is no intent to be unsocial.
I do honestly post here to help others - but not by blindly answering questions that can be Googled with a minimum of effort, or drumming up the 234th pointer to blatantly obvious sources of information.
I post what I think, and sometimes my responses will be challenging, yes.
You think that's a bad thing ?
I'd abolish democracy soonest if I were you, then.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
predatorfreak
l33t
Joined: 13 Jan 2005
Posts: 708
Location: USA, Michigan.
|
| Posted: Sun Jan 16, 2005 11:15 pm Post subject: |
|
|
I am currently using the revision of chmp from -nitro4 as it seems to work quite well.
_________________
System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
| Back to top |
|
|
|
Unsupported Software
