• Home
  • Help
  • Search
  • Login
  • Register
  Show Posts
Pages: [1]
1  General Category / Success stories / Plug as Router+Firewall+MailServer on: January 03, 2012, 01:25:50 PM
I've created a Wiki to share my experience in putting together a home router+firewall+Postfix Mail system+Webserver. This Wiki is hosted on my Sheeva Plug at http://rgopal.com. I've tried to make it very detailed and my hope is that it will be a useful HOWTO for extending the functionality of the plug. If you have a comment or a suggestion, please write it up on my site (click on "Your Comments"). If you want login access to the wiki, please send me e-mail to gopal@rgopal.com
2  Linux Stuff / Kernel / Non-root user cannot login (Linux kernel version !!! SOLVED !!! on: February 08, 2011, 04:10:20 PM
I noticed the problem first when I tried to test cgi-bin using mini-httpd on my Sheeva Plug. The server would not produce any output. I then cross compiled mini-httpd
and added logging. It would fork-execve the cgi script but get a SIGCHLD and no HTML output would be produced. Turns out that /etc/mini-httpd.conf wants to run
as user "nobody". When I changed this to "root" cgi-bin started working. I tried user "gopal" and this did not work. I checked permissions and things seemed
fine for non-root users. Yet the problem. I was intrigued.

I then tried logging in as user "gopal" using ssh. Sshd authenticates me fine, prints the 'motd' and then the shell gets killed. User "root" had no problems. I
thought it was sshd related and cross-compiled telnetd. Ran telnetd both as standalone and under inetd. Same result  - when it did execve of the shell
it would get killed.

I decided to run telnetd under gdb. I cross-compiled gdb, installed gdbserver on the ARM box. I got rid of the fork() in telnetd. I saw that telnetd would go all
the way (open pty, authenticate user, setuid/setgid to user) and when it did execve() of "/bin/bash" it would just die. I ran telnetd under strace and noticed
that the last syscall was execve() and then it would print "killed". No shell.

I then decided to login as "gopal" from console. No luck. I googled this issue and things such as PAM related misconfiguration, /etc/nologins file, /etc/securetty
file etc. popped up. I decided to cross-compile the /bin/login program and make sure there was nothing wrong with credentials. Again my login program went all the
way up to execve of the shell and then would get a signal and terminate.

Suspecting bash, I even tried tcsh. That had the same problem too. It occured to me that root was able to do execve but non-root was not. So I decided to change the
login program to remain root until it did the execve but then do the setuid/setgid calls in the bash shell. To do this, I cross-compiled my own bash and added the
above calls to hardcode userid "gopal" in bash. Lo and behold my bash was spawned and it successfully changed it's UID/GID to "gopal". But bash was crippled. It could
not run any commands. Basically, once the process was non-root it was hosed.

I then decided to put printks in the do_execve() function in the kernel. I wrote a hello_world program, downloaded it into the box, and ran it as
"sudo -u gopal /tmp/hello". When I saw the printk's getting hit and the return value of do_execve() was -EPERM (-1), I knew that the end was in sight. It was just a matter
of finding out why the EPERM was happenning. Followed inside search_binary_handler() which interprets binary formats such as AOUT and ELF. elf_map() calls do_mmap() that
calls security_file_mmap(). Because I had not enabled CONFIG_SECURITY it called cap_file_mmap(). cap_file_mmap() checks if the address being mapped is below the
'dac_mmap_min_addr'. It does not allow non-root to mmap at this address. The kernel config CONFIG_DEFAULT_MMAP_MIN_ADDR was set to 4096. My printk showed that the
address being mapped was 32786. So why was I having trouble ? Turns out that the value of dac_mmap_min_addr can be set by sysctl "/proc/sys/vm/mmap_min_addr". Doing a
cat of this file showed it was set to 65536 ! Bingo ! I then did

# sysctl -w vm.mmap_min_addr=32768

Then did ssh to the box and Voila ! I was logged in as user "gopal" !!!

So who was changing the default setting from 4096 to 65536 ? A quick grep showed /etc/sysctl.d/10-process-security.conf was the culprit ! Changed it from 65536 to
32768. Rebooted the box and login for "gopal" was still working ! I've attached the contents of the sysctl file below so you can look at the comments:

# cat /etc/sysctl.d/10-process-security.conf

# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 32768

I think the Posix Discretionary Access Controls (DAC) were added in 2.6.23. I'm using Did the helpful folks at Ubuntu who created the distribution check
this on different architectures and make sure it was compatible with the kernel config variable ? I'm running an Ubuntu jaunty Root FS that came with the box.

In any case, this was a great journey of discovery ! The thing with Linux is that it makes this process rewarding and enjoyable. I'd gladly miss work to debug this (which
I did). Thanks to this, I've validated my cross-compilation tools, gdb, and seen the insides of /bin/login, telnetd, and to some extent bash.
3  Linux Stuff / Kernel / Re: Ethernet does not work for kernel that I compiled on: January 28, 2011, 12:02:49 PM
Thanks for the tip ! It solved my problem. I got from www.kernel.org. I did not apply any patches since I didn't think they were relavant. The uImage I build allowed me to set 'arcNumber' to 2097. The eth0 works great ! What's more, I attached a Trendnet TU2-ET100 USB EThernet adaptor to the USB port, loaded the 'asix' module (uses cdc-ether and usbnet modules) and it gave me a 2nd Ethernet port 'eth1'. I plan to make this my Internet gateway

Thanks again for your help !!!
4  Linux Stuff / Kernel / Ethernet does not work for kernel that I compiled on: January 27, 2011, 01:15:20 PM
I have a Sheevaplug from Globalscale and I compiled after running ‘make ARCH=arm kirkwood_defconfig’. I’m TFTPbooting the uImage. If I do ’setenv arcNumber 2097′ U-Boot complains that its not supported. So I set it to 1682 based on the list that it prints. Linux boots up OK (I have to disable SATA in menuconfig otherwise it hangs)  but Ethernet does not work. If I revert to the image on the flash, Ethernet works fine. One difference I noticed is that the working Ethernet negotiates 100Mbps correctly whereas my compiled kernel claims 1000Mbps. There are other differences in the bootup messages related to Ethernet. I have pasted the console output below for the non-working case. Am I wrong in setting the arcNumber to 1682 ? If I have to set it to 2097 (which is the right value for the Sheevaplug) do I need to flash a new U-boot ?

## Booting image at 02000000 ...
   Image Name:   Linux-
   Created:      2011-01-27  17:13:13 UTC
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    2040884 Bytes =  1.9 MB
   Load Address: 00008000
   Entry Point:  00008000
   Verifying Checksum ... OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
Linux version (gopal@fc11-dell) (gcc version 4.2.1) #8 PREEMPT Thu Jan 27 09:12:22 PST 2011
CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: Marvell RD-88F6281 Reference Board
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 130048
Kernel command line: rootfstype=jffs2 console=ttyS0,115200 mtdparts=orion_nand:0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs) rw root=/dev/mtdblock1 rw ip=
PID hash table entries: 2048 (order: 11, 8192 bytes)
Console: colour dummy device 80x30
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Memory: 256MB 256MB = 512MB total
Memory: 514560KB available (3748K code, 922K data, 112K init, 0K highmem)
SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Calibrating delay loop... 1192.75 BogoMIPS (lpj=5963776)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
net_namespace: 520 bytes
NET: Registered protocol family 16
Kirkwood: MV88F6281-A0, TCLK=200000000.
Feroceon L2: Enabling L2
Feroceon L2: Cache support initialised.
PCI: bus0: Fast back to back transfers disabled
bio: create slab <bio-0> at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
cfg80211: Using static regulatory domain info
cfg80211: Regulatory domain: US
   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
   (2402000 KHz - 2472000 KHz @ 40000 KHz), (600 mBi, 2700 mBm)
   (5170000 KHz - 5190000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
   (5190000 KHz - 5210000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
   (5210000 KHz - 5230000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
   (5230000 KHz - 5330000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
   (5735000 KHz - 5835000 KHz @ 40000 KHz), (600 mBi, 3000 mBm)
cfg80211: Calling CRDA for country: US
NET: Registered protocol family 2
IP route cache hash table entries: 16384 (order: 4, 65536 bytes)
TCP established hash table entries: 65536 (order: 7, 524288 bytes)
TCP bind hash table entries: 65536 (order: 6, 262144 bytes)
TCP: Hash tables configured (established 65536 bind 65536)
TCP reno registered
NET: Registered protocol family 1
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
msgmni has been set to 1005
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
console [ttyS0] enabled
loop: module loaded
Driver 'sd' needs updating - please use bus_type methods
MV-643xx 10/100/1000 ethernet driver version 1.4
mv643xx_eth smi: probed
net eth0: port 0 with MAC address 00:50:43:01:c1:ea
net eth1: port 0 with MAC address 00:00:00:00:00:00
libertas_sdio: Libertas SDIO driver
libertas_sdio: Copyright Pierre Ossman
NAND device: Manufacturer ID: 0xad, Chip ID: 0xdc (Hynix NAND 512MiB 3,3V 8-bit)
Scanning device for bad blocks
Bad eraseblock 16 at 0x000000200000
Bad eraseblock 769 at 0x000006020000
Bad eraseblock 777 at 0x000006120000
Bad eraseblock 785 at 0x000006220000
Bad eraseblock 792 at 0x000006300000
Bad eraseblock 793 at 0x000006320000
Bad eraseblock 801 at 0x000006420000
Bad eraseblock 809 at 0x000006520000
Bad eraseblock 817 at 0x000006620000
Bad eraseblock 825 at 0x000006720000
Bad eraseblock 924 at 0x000007380000
Bad eraseblock 1643 at 0x00000cd60000
Bad eraseblock 2263 at 0x000011ae0000
Bad eraseblock 2817 at 0x000016020000
Bad eraseblock 2825 at 0x000016120000
Bad eraseblock 2833 at 0x000016220000
Bad eraseblock 2841 at 0x000016320000
Bad eraseblock 2849 at 0x000016420000
Bad eraseblock 2857 at 0x000016520000
Bad eraseblock 2865 at 0x000016620000
Bad eraseblock 2873 at 0x000016720000
2 cmdlinepart partitions found on MTD device orion_nand
Creating 2 MTD partitions on "orion_nand":
0x000000100000-0x000000500000 : "uImage"
0x000000500000-0x000020000000 : "rootfs"
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
orion-ehci orion-ehci.0: Marvell Orion EHCI
orion-ehci orion-ehci.0: new USB bus registered, assigned bus number 1
orion-ehci orion-ehci.0: irq 19, io mem 0xf1050000
orion-ehci orion-ehci.0: USB 2.0 started, EHCI 1.00
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
mice: PS/2 mouse device common for all mice
rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0
i2c /dev entries driver
mmc0: mvsdio driver initialized, using GPIO 28 for card detection
mv_xor_shared mv_xor_shared.0: Marvell shared XOR driver
mv_xor_shared mv_xor_shared.1: Marvell shared XOR driver
mv_xor mv_xor.0: Marvell XOR: ( xor cpy )
mv_xor mv_xor.1: Marvell XOR: ( xor fill cpy )
mv_xor mv_xor.2: Marvell XOR: ( xor cpy )
mv_xor mv_xor.3: Marvell XOR: ( xor fill cpy )
usbcore: registered new interface driver usbhid
usbhid: v2.6:USB HID core driver
oprofile: using timer interrupt.
TCP cubic registered
NET: Registered protocol family 17
Distributed Switch Architecture driver version 0.1
eth0[0]: could not detect attached switch
eth0[0]: couldn't create dsa switch instance (error -22)
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
lib80211: common routines for IEEE802.11 drivers
rtc-mv rtc-mv: setting system clock to 2082-06-16 00:36:28 UTC (3548795788)
eth0: link up, 1000 Mb/s, full duplex, flow control disabled
IP-Config: Complete:
     device=eth0, addr=, mask=, gw=,
     host=rgksheeva, domain=, nis-domain=(none),
     bootserver=, rootserver=, rootpath=
VFS: Mounted root (jffs2 filesystem) on device 31:1.
Freeing init memory: 112K
Pages: [1]