• do you have a fix ?

    From Maurice Kinal@1:153/7001 to Benny Pedersen on Wed Feb 7 23:16:23 2018
    Hey Benny!

    silent means no bugs ?

    Currently having issues getting libelf-0.170.so, glibc-2.27 and linux-4.15.1 to
    play nice with each other.

    Life is good,
    Maurice

    ... Don't cry for me I have vi.
    --- GNU bash, version 4.4.18(1)-release (x86_64-silvermont-linux-gnu)
    * Origin: Little Mikey's Brain - Ladysmith BC, Canada (1:153/7001)
  • From Benny Pedersen@2:230/0 to Maurice Kinal on Thu Feb 8 10:20:12 2018
    Hello Maurice!

    07 Feb 2018 23:16, Maurice Kinal wrote to Benny Pedersen:

    Currently having issues getting libelf-0.170.so, glibc-2.27 and linux-4.15.1 to play nice with each other.

    ----- gentoo-sources begins -----
    [I] sys-kernel/gentoo-sources
    Available versions:
    (4.1.43-r1) *4.1.43-r1^bs
    (4.1.48) ~*4.1.48^bs
    (4.4.87-r1) 4.4.87-r1^bs
    (4.4.104) ~4.4.104^bs
    (4.4.105) ~4.4.105^bs
    (4.4.106) ~4.4.106^bs
    (4.4.107) ~4.4.107^bs
    (4.4.108) ~4.4.108^bs
    (4.4.109) ~4.4.109^bs
    (4.4.110) ~4.4.110^bs
    (4.4.111) 4.4.111^bs
    (4.4.111-r1) 4.4.111-r1^bs
    (4.4.112) ~4.4.112^bs
    (4.4.113) ~4.4.113^bs
    (4.4.114) ~4.4.114^bs
    (4.4.115) ~4.4.115^bs
    (4.9.49-r1) 4.9.49-r1^bs
    (4.9.67) ~4.9.67^bs
    (4.9.68) ~4.9.68^bs
    (4.9.69) ~4.9.69^bs
    (4.9.70) ~4.9.70^bs
    (4.9.71) ~4.9.71^bs
    (4.9.72) 4.9.72^bs
    (4.9.73) ~4.9.73^bs
    (4.9.74) ~4.9.74^bs
    (4.9.75) ~4.9.75^bs
    (4.9.76) 4.9.76^bs
    (4.9.76-r1) 4.9.76-r1^bs
    (4.9.77) ~4.9.77^bs
    (4.9.78) ~4.9.78^bs
    (4.9.79) ~4.9.79^bs
    (4.9.80) ~4.9.80^bs
    (4.14.11-r1) ~4.14.11-r1^bs
    (4.14.11-r2) ~4.14.11-r2^bs
    (4.14.12) ~4.14.12^bs
    (4.14.13) ~4.14.13^bs
    (4.14.14) ~4.14.14^bs
    (4.14.15) ~4.14.15^bs
    (4.14.16) ~4.14.16^bs
    (4.14.17) ~4.14.17^bs
    (4.15.0) ~4.15.0^bs
    (4.15.1) ~4.15.1^bs
    {build experimental symlink}
    Installed versions: 4.9.76-r1(4.9.76-r1)^bs(08:12:06 18-01-2018)(symlink -build -experimental)
    Homepage: https://dev.gentoo.org/~mpagano/genpatches
    Description: Full sources including the Gentoo patchset for the 4.15 kernel tree

    ----- gentoo-sources ends -----

    ----- glibc begins -----
    [I] sys-libs/glibc
    Available versions: (2.2) [M]~2.18-r1^s [M]2.19-r1^s [M]2.20-r2^s [M]2.21-r2^s [M]2.22-r4^s [M]2.23-r4^s [M]~2.24-r4^s 2.25-r9^s ~2.25-r10^s ~2.26-r5^s **2.27-r1^s **9999^s
    {audit caps compile-locales debug doc gd hardened headers-only multilib nscd profile +rpc selinux suid systemtap vanilla}
    Installed versions: 2.25-r9(2.2)^s(23:54:31 11-01-2018)(rpc -audit -caps -debug -gd -hardened -headers-only -multilib -nscd -profile -selinux -suid -systemtap -vanilla)
    Homepage: https://www.gnu.org/software/libc/
    Description: GNU libc C library

    ----- glibc ends -----

    ----- libelf begins -----
    * dev-libs/libelf
    Available versions: 0.8.13-r2 {debug nls ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" ELIBC="FreeBSD"}
    Homepage: http://www.mr511.de/software/
    Description: A ELF object file access library

    [I] virtual/libelf
    Available versions: 2(0/0) 3(0/1) {ABI_MIPS="n32 n64 o32" ABI_PPC="32 64"
    ABI_S390="32 64" ABI_X86="32 64 x32"}
    Installed versions: 3(04:42:22 15-01-2018)(ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 -64 -x32")
    Description: Virtual for libelf.so.1 provider dev-libs/elfutils

    Found 2 matches
    ----- libelf ends -----

    note versions from me is the stable versions, hardened-sources is now unstable,
    so kernel.org is more or less unstable like hell atm


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.2.0 (Linux/4.9.76-gentoo-r1 (i686))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Maurice Kinal@1:153/7001 to Benny Pedersen on Thu Feb 8 14:47:01 2018
    Hey Benny!

    note versions from me is the stable versions, hardened-sources is
    now unstable, so kernel.org is more or less unstable like hell atm

    From my observations glibc-2.27 is the greater culprit. My current 'stable' system is booting a linux-4.15.1 kernel but with glibc-2.26 as shown below;

    ----- '<Esc>:read !uname -a' starts
    Linux mikey 4.15.1 #1 SMP Sun Feb 4 11:04:33 UTC 2018 x86_64 Intel(R) Atom(TM) CPU C2758 @ 2.40GHz GenuineIntel GNU/Linux
    ----- '<Esc>:read !uname -a' ends

    ----- '<Esc>:read !/lib/libc.so.6' starts
    GNU C Library (GNU libc) stable release version 2.26, by Roland McGrath et al. Copyright (C) 2017 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    Compiled by GNU CC version 7.3.0.
    Available extensions:
    crypt add-on version 2.1 by Michael Glad and others
    GNU Libidn by Simon Josefsson
    Native POSIX Threads Library by Ulrich Drepper et al
    BIND-8.2.3-T5B
    libc ABIs: UNIQUE IFUNC
    For bug reporting instructions, please see: <http://www.gnu.org/software/libc/bugs.html>.
    ----- '<Esc>:read !/lib/libc.so.6' ends

    Both of the above play nicely with libelf-0.170.so which is not the case with glibc-2.27 and linux-4.15.1. Also I noticed some linker issues with libjpeg since we last chatted. Bottomline is that I am obviously not ready for a glibc-2.27 'upgrade'.

    Life is good,
    Maurice

    ... Don't cry for me I have vi.
    --- GNU bash, version 4.4.18(1)-release (x86_64-silvermont-linux-gnu)
    * Origin: Little Mikey's Brain - Ladysmith BC, Canada (1:153/7001)
  • From Static@1:249/400 to Benny Pedersen on Thu Feb 8 17:01:50 2018
    On 02/08/18, Benny Pedersen said the following...

    note versions from me is the stable versions, hardened-sources is now unstable, so kernel.org is more or less unstable like hell atm

    I thought hardened-sources was over with entirely now that they can't get their hands on grsecurity patches anymore.

    --- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
    * Origin: Subcarrier BBS (1:249/400)
  • From Benny Pedersen@2:230/0 to Maurice Kinal on Thu Feb 8 23:29:20 2018
    Hello Maurice!

    08 Feb 2018 14:47, Maurice Kinal wrote to Benny Pedersen:

    From my observations glibc-2.27 is the greater culprit.

    gentoo devs agre with you

    My current
    'stable' system is booting a linux-4.15.1 kernel but with glibc-2.26
    as shown below;

    i have only 2.25, i dont think kernel changes userland problems, so here i just
    stay safe on kernel versions for a while, i have to make tarballs soon to get new harddisk installed, not fun

    ----- '<Esc>:read !uname -a' starts
    Linux mikey 4.15.1 #1 SMP Sun Feb 4 11:04:33 UTC 2018 x86_64 Intel(R) Atom(TM) CPU C2758 @ 2.40GHz GenuineIntel GNU/Linux
    ----- '<Esc>:read !uname -a' ends

    should i say wish it was mine ? :)

    ----- '<Esc>:read !/lib/libc.so.6' starts
    GNU C Library (GNU libc) stable release version 2.26, by Roland
    Compiled by GNU CC version 7.3.0.
    Available extensions:
    crypt add-on version 2.1 by Michael Glad and others
    GNU Libidn by Simon Josefsson
    Native POSIX Threads Library by Ulrich Drepper et al
    BIND-8.2.3-T5B

    bind8 still in use ?

    libc ABIs: UNIQUE IFUNC

    dont know much here

    ----- '<Esc>:read !/lib/libc.so.6' ends

    Both of the above play nicely with libelf-0.170.so which is not the
    case with glibc-2.27 and linux-4.15.1. Also I noticed some linker
    issues with libjpeg since we last chatted. Bottomline is that I am obviously not ready for a glibc-2.27 'upgrade'.

    do you like to try elfutils ?, that make libelf unneded on gentoo here


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.2.0 (Linux/4.9.76-gentoo-r1 (i686))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Maurice Kinal@1:153/7001 to Benny Pedersen on Thu Feb 8 23:09:23 2018
    Hey Benny!

    i have only 2.25,

    I noticed that. Most of the packages I use are up to date with 2.26 but I understand why many would avoid it at this point in time.

    i dont think kernel changes userland problems, so here i just
    stay safe on kernel versions for a while

    Understood. I still haven't checked out if the drm driver works again with linux-4.15 kernels but for sure linux-4.9 kernels did.

    BIND-8.2.3-T5B

    bind8 still in use ?

    I am guessing it is a compatibilty issue. What does /lib/libc.so.6 report on your system?

    do you like to try elfutils ?

    Only since linux-4.14 kernels. Also I know that it is a dependency for efi booting, not that I am currently using efi booting.

    Life is good,
    Maurice

    ... Don't cry for me I have vi.
    --- GNU bash, version 4.4.18(1)-release (x86_64-silvermont-linux-gnu)
    * Origin: Little Mikey's Brain - Ladysmith BC, Canada (1:153/7001)
  • From Benny Pedersen@2:230/0 to Static on Thu Feb 8 23:46:38 2018
    Hello Static!

    08 Feb 2018 17:01, Static wrote to Benny Pedersen:

    note versions from me is the stable versions, hardened-sources is now
    unstable, so kernel.org is more or less unstable like hell atm

    I thought hardened-sources was over with entirely now that they can't
    get their hands on grsecurity patches anymore.

    so code is now lost ?, or just unmaintained ?

    there is still selinux imho

    but i think linux could be hardedned in many other ways, make more secure permisions could be a start


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.2.0 (Linux/4.9.76-gentoo-r1 (i686))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Static@1:249/400 to Benny Pedersen on Fri Feb 9 00:08:29 2018
    On 02/08/18, Benny Pedersen said the following...

    so code is now lost ?, or just unmaintained ?

    Open Source Security (who develops Grsecurity) is a commercial interest and they only make their patch sets available to paying customers. Until recently they allowed beta test versions of their patches to be downloaded and used by the general public, and it was these that the hardened-sources maintainers adapted to their kernel package.

    Technically OSS can't actually stop anyone from releasing the patch sets because of the GPL but given that we're not seeing them widely available I imagine they must be pretty efficient at terminating leaky subscriptions.

    but i think linux could be hardedned in many other ways, make more secure permisions could be a start

    Sure, but the core of the hardened-sources package was the grsec patch set. Most other hardening methods are now incorporated into the 17.x profiles
    based around the gentoo default kernel package and activated by flags.

    --- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
    * Origin: Subcarrier BBS (1:249/400)