Gentoo Archives: gentoo-hardened

From: Bill Campbell <bill@×××××××××××.com>
To: solar@g.o, Michael Atighetchi <matighet@×××.com>
Cc: gentoo-hardened@l.g.o, gentoo-security@l.g.o
Subject: RE: [gentoo-hardened] hardened-sources-2.6.x results.
Date: Wed, 17 Mar 2004 20:30:59
Message-Id: 32603AEF45A92C4CBBC3EF36E2BB24622AF2@carrier.circuitguys.com
1 My guess is that the system logger that is in use is metalog and it is being used as the main flow control agent for the stdout. There is a way to turn it off so that you get it flushing to a file as it happens and not be cached. You may have to look up metalog to find out how to do it if this is indeed the case. I don't use metalog anymore so I don't remember how to do it.
2
3 ________________________________
4
5 From: Ned Ludd [mailto:solar@g.o]
6 Sent: Wed 3/17/2004 13:05
7 To: Michael Atighetchi
8 Cc: gentoo-hardened@l.g.o; gentoo-security@l.g.o
9 Subject: Re: [gentoo-hardened] hardened-sources-2.6.x results.
10
11
12
13 On Wed, 2004-03-17 at 13:44, Michael Atighetchi wrote:
14 > On Wed, Mar 17, 2004 at 01:08:56PM -0500, Ned Ludd wrote:
15 > > On Wed, 2004-03-17 at 12:46, Michael Atighetchi wrote:
16 > > > On Mon, Mar 15, 2004 at 08:20:31PM -0500, Ned Ludd wrote:
17 > > > > hardened-dev-sources-2.6 is available for "testing"
18 > > > >
19 > > >
20 > > > <snip>
21 > > >
22 > > > > Oh wait one more thing.. If you really care about security you probably
23 > > > > should stick with 2.4.x
24 > > > >
25 > > >
26 > > > Could you explain more why you think 2.6 is "less" secure thatn 2.4 ?
27 > >
28 > > I'm not saying that 2.6.x is less secure in anyway. 2.6.x has been out
29 > > all of what a few months? And the security patches even less time. So
30 > > without proper security regression tests done for 2.6.x yet I'll stick
31 > > with recommending that it not be used for production environments yet.
32 > > 2.4.x on the other hand has been audited by many sets of eyes where
33 > > 2.6.x has probably been reviewed by a few.
34 > >
35 > > Auditing and regression testing is welcome.
36 > >
37 > I see. We starting using a 2.4 gentoo linux distribution a couple of
38 > months ago, and had good luck with it. However, we ran into install
39 > difficulties with the 2.6 live cd, which were painfull but we worked
40 > around them.
41 >
42 > However, we currently face an issue with stdout redirection. We start
43 > our java processes via a .sh script and redirect stdout/stderr to a file via
44 > > file.txt 2>&1 . By changing from 2.4 to 2.6 we noticed that
45 > file.txt gets created when the .sh script starts up, up it does not
46 > get any content for a while (about 6 minutes and about 100k of
47 > log), after which the whole file shows up. It looks like a buffering
48 > problem of sort.
49 >
50 > We are using
51 > Linux dcaf 2.6.4-rc2-mm1 #2 Mon Mar 15 17:33:02 EST 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
52 > with the following fs
53 > /dev/hda3 on / type ext3 (rw,noatime)
54 >
55 > Any clues ?
56
57 nope I sure don't..
58 Anybody else with a cluestick have an idea?
59
60 >
61 > Michael
62 >
63 >
64 > > -peace
65 > >
66 > > >
67 > > > Michael
68 > > >
69 > > >
70 > > > > -peace
71 > > > >
72 --
73 Ned Ludd <solar@g.o>
74 Gentoo Linux Developer