OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Crispin Cowan (crispinwirex.com)
Date: Wed May 09 2001 - 12:07:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    "Matias C. Szmulewiez" wrote:

    > Ok tnx.. If some of you use vmware, would do you like test this patch to
    > confirme that it really works, and then send this to vmware.
    > Just to make sure that it won't cause any problems.... if it work I make
    > the .diff

    I use VMWare every day. I take the lazy approach. Rather than doing the
    work of patching the VMWare kernel module make files, I just switch RPMs from
    StackGuard to the standard GCC while doing the VMWare install. Works
    perfectly.

    To do this, you need to uninstall the stackguard versions of assorted gcc &
    related packages, and then install the non-stackguard versions as follows:

    sudo rpm -e --nodeps egcs-objc egcs-g77 egcs-c++ egcs cpp libstdc++

    sudo rpm -ivh cpp-1.1.2-30.i386.rpm egcs-c++-1.1.2-30.i386.rpm egcs-objc-1.1.2-30.i386.rpm egcs-1.1.2-30.i386.rpm egcs-g77-1.1.2-30.i386.rpm libstdc++-2.9.0-30.i386.rpm

    Note that to do this, you'll need to have non-StackGuard versions of these
    RPMs handy. The "nodeps" is needed in the first command, because otherwise
    RPM will complain that various packages need some of those libraries. It's
    ok to use --nodeps because you're going to replace the libraries immediately.

    Once you're done installing VMWare, put StackGuard back in place with these
    commands:

    sudo rpm -e --nodeps egcs-objc egcs-g77 egcs-c++ egcs cpp libstdc++

    sudo rpm -ivh egcs-objc-1.1.2-30_SG201_stout.i386.rpm egcs-g77-1.1.2-30_SG201_stout.i386.rpm egcs-c++-1.1.2-30_SG201_stout.i386.rpm cpp-1.1.2-30_SG201_stout.i386.rpm libstdc++-2.9.0-30_SG201_stout.i386.rpm egcs-1.1.2-30_SG201_stout.i386.rpm

    This method and the patched makefile method have the same semantic effect:
    the VMWare kernel modules are not StackGuarded. This is as it should be, as
    StackGuard protection inside the kernel is ineffective, and just breaks
    things. Its a matter of taste whether you find patching make files or
    rolling RPMs in and out to be more convenient.

    Crispin 

    --
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org

    _______________________________________________
Immunix-users mailing list
Immunix-usersmail.wirex.com
http://mail.wirex.com/mailman/listinfo/immunix-users