Results tagged “bug” from Just Another Hacker

Graudit version 1.5 released

The latest version of graudit is out. Notable changes are;
        New features for server wide install
        Source distro file for package maintainers
        Signature bug fixes
        New php, python and perl signatures
        Deprecating the rough signature set
        Fixed graudit usage text
        Improved documentation
        Several color modes supported
You can obtain the latest version from the graudit download page.
The changes to package kit which allows non privileged users to install fedora signed packages without escalation privileges makes me glad I'm not a fedora user. There is just a crapton of potential for breakage and security abuse bundled in here and since I'm a reasonable fellow I will even supply some examples

Karmic annoyance

One of my pet hates about dist upgrades is the unknown that sits on the other side of the upgrade, especially when using binary drivers. To be honest, dist-upgrade is very usable these days. I usually only have to reconfigure x to use binary drivers after a dist-upgrade these days, whereas it did render the system inoperable in the past.

With my latest upgrade from jaunty jackalope to karmic koala (Ubuntu release names) I only experienced one VERY annoying issue. My speakers were constantly crackling, it was as if they were repeatedly initializing. Even when I plugged in headphones, both the speakers and the headphones were crackling. Adjusting the volume helped some as the crackling got muted, but did not stop the issue.

The solution as it turned out was to disable the power saver option for my sound card. I simply commented out the last line of /etc/modprobe.d/alsa-base.conf so it became;

# Power down HDA controllers after 10 idle seconds
#options snd-hda-intel power_save=8 power_save_controller=N

Benchmarking graudit

Benchmarking might not be the correct term as graudit does not have the capacity to determine if a signature match is in fact a vulnerability or not. It only highlights a potential problem area so you can pay closer attention to it. Like most signature based approaches it does stand a fairly good chance of catching low hanging fruit, but certain kind of vulnerabilities will remain impossible to detect. None-the-less I am aiming to improve the standard of the signature sets, so from now on graudit will be "benchmarked" on each release.

To avoid writing signatures for specific vulnerabilities I am using two vulnerable applications to benchmark graudit with;

* Multillidae
* Damn Vulnerable Web Application

My hope is to approximate 100% low and 75% medium detection rate by version 2.0. Now to find some non PHP equivalents for the other languages.
Honestly, I expected this to be somewhat gracefully handled;

justanotherhacker:~$ cat crash.php
justanotherhacker:~$ php crash.php
Segmentation fault

The backtrace is;
justanotherhacker:~$ gdb php
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(gdb) run crash.php
Starting program: /usr/bin/php crash.php
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
(no debugging symbols found)
(no debugging symbols found)
[New Thread 0xb780e6d0 (LWP 9508)]
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb780e6d0 (LWP 9508)]
0x082874fb in virtual_file_ex ()
(gdb) bt
#0 0x082874fb in virtual_file_ex ()
#1 0x0828fcff in expand_filepath ()
#2 0x082a686b in _php_stream_fopen ()
#3 0x082a6e63 in _php_stream_fopen_with_path ()
#4 0x082a6f83 in ?? ()
#5 0x09a007ec in ?? ()
#6 0x08357b15 in ?? ()
#7 0x08502620 in ?? ()
#8 0xbf09135c in ?? ()
#9 0x00000085 in ?? ()
#10 0x00000001 in ?? ()
#11 0x00000000 in ?? ()

It doesn't appear to be anything more then a potential dos condition to me, but I could be wrong.
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.