Scott Dowdle's blog

Just so you are aware... two days ago a bug was announced in Linux kernels 2.6.17 and above... that will give a local user root access. Here's info with the exploit code:

http://www.securityfocus.com/bid/27704/info

I have verified that the exploit compiles and works. I was able to get root on stock Fedora, RHEL and CentOS machines running the 2.6.18 or above kernels. Supposedly all distros running a 2.6.17 or later kernel are affected... even those running with the grsecurity patches.

I was unable to get root on an OpenVZ patched kernel but the exploit did cause a kernel panic that locked the machine I tried it on. I didn't want to crash any more machines so I didn't try any more. I've heard (but have not verified) that Linux-Vserver is affected on both the host node and inside of containers although exploits done within containers only get root of the container and are still trapped inside of it. Your milage may vary. Kernels prior to 2.6.17 are not affected. I hope vendors have fixes for this RSN... although I have heard that the current fix is not complete.

Update: The bug got fixed upstream late Sunday... and has found its way into a number of distro updates including Debian, rPath, Fedora, and PCLinuxOS. Red Hat, after the QA process, just released this morning (Tuesday). It seems that distros or kernel releases based on distro release updates will take a bit longer... CentOS and OpenVZ for example.

Update: 02/13/08 CentOS has released updated kernel packages.

Wow, great meeting this evening. Jeffrey Sharkey and Justin Krohn gave a presentation on MythTV and the HDHomeRun networked HD tuner. Ten people turned out for the meeting.

First Jeff gave us the history of MythTV, a feature overview, and then he compared it to other DVR software packages that are available. He explained the frontend software and the backend software... and how they didn't have to be on the same machine. He also discussed the TV listing providers.

Justin showed MythTV in operation (both the fancy GUI frontend and the web-based version) and shared some of his recent recordings made using his HDHomeRun network tuner. He mainly uses his setup with broadcast HD and reviewed all of the sources of HD content available in the Bozeman area. I was surprised at the number and high quality of the broadcast channels available although it was pointed out that one needs a good antenna.

Justin gave a complete overview of the HDHomeRun device, how well it works with MythTV and other software and said that he was very happy with the device.

Justin gave a good overview of all of the related signal types and showed that broadcast HD includes a lot of information embedded within the signal. He had to wonder around the building with his laptop and the HDHomeRun device before he was able to find a good broadcast signal... as the EPS building is pretty good at blocking them. He was able to demonstrate broadcast HDTV on his laptop with VLC and it looked fantastic.

Fantastic job guys! Thanks!

Did you hear? A while back SWsoft decided to change its name to that of its partner company, Parallels. Parallels makes a commercial product very similar to VMware Server... but it seems to be most popular on the Mac. With SWsoft's Virtuozzo and their sponsoring of the OpenVZ project, is it any wonder that there would be a hybrid product that tries to compete with VMware ESX?

I haven't had a chance to watch the full video yet, and although it is mostly of a commercial nature, it advances discussion about Virtualization so I'm sharing it. They had it as a Windows Media file on their site and I've converted it to Flash so Linux users will have an easier viewing time.

Update: Donnie was able to update the DNS, has taken over DNS hosting... and even set up a mailing list for us. I'm waiting for the DNS to propagate before I add everyone to the mailing list.

Donnie Lunder has made some progress in getting the bozemanlug.org domain out of Ken's name and into a manageable state again... but it isn't completely done. Feel free to do a whois and see what I mean. The primary and secondary DNS still point to that of the hosting provider that Ken was using. Once Donnie has the ability to change the DNS references I believe he will be hosting some new zone records... and then we can make bozemanlug.org point wherever we want.

I made a copy of Ken's bozemanlug.org site and will keep it around for reference. Ken's hosting provider has suspended the account so the site is dead as is the discuss@bozemanlug.org mailing list... which is the main reason for this post.

I'm not sure we need a replacement mailing list... if people will start using this site... but I am open to suggestions. Feel free to comment or email me. My email address and full contact info are in the footer of every page on this site.

I've seen every episode of the 30 Days series. While it has 2 seasons, each season was only 6 episodes. I thought that FX had decided to go for a 3rd season but I can't find any info on it.

This episode is for my brother-in-law and a friend in Great Falls... and anyone else who cares.

I recently attended a Linux Installfest and the primary distribution recommended by those heading up the event was Ubuntu. That's all well and good but during their Linux dog-and-pony-show a statement was made regarding Red Hat that struck me. I don't recall the exact wording that was used but it was something along the lines of... Red Hat used to be very popular but not anymore. I wasn't really offended by the statement nor do I completely disagree with it... but a lot remains to be said about the importance of Red Hat within the Linux community. Red Hat is certainly king in the "Enterprise" space with Novell a respectable second... but many still seem to be unaware just how much Red Hat contributes to the development of many projects and the rapid progress of Linux.

Whenever I see any articles about Red Hat on any of the Linux community sites (think Slashdot), the comments will invariably mention a few things that I consider to be myths about Red Hat. They include:

1. Red Hat is the "Microsoft of Linux"
2. Red Hat abandoned the desktop/home user market
3. Red Hat costs a fortune
4. Red Hat created "rpm hell" and rpm based distributions suck

I do not want to even attempt to address each individual myth but I do want to make a few points about Red Hat in an effort to educate people to the fact that Red Hat does a lot for the Linux community and is a major (if not THE major) contributor.

Zimbra Collaboration Suite 5.0 GA came out today or was it yesterday / last year? After reading the release notes(PDF) and doing a complete backup, I upgraded both my work and personal Zimbra servers. I have been using Zimbra for as my work and personal email server for... oh... something close to two years now. Over that time there have been a number of upgrades and they have always gone smoothly.

What's new with Zimbra 5.0?

Well, you could read the release notes to see, but I'll give a brief summary of some of the things that stand out in my mind:

• Briefcase - A file storage area with a nice file manager
• Tasks - Create to-do lists and manage tasks through to completion
• Instant Messaging - Beta - User to user chat
• More sharing - Mail folders can be shared, new HTTP calendar sharing, share Briefcase files
• Documents - Now out of beta... online text and spreadsheet documents
• Faster login - They split up the javascript into functional pieces so you don't have to load everything at login time
• Little touches - folder summaries, public or private calendar entries, updated help system, email priorities, enhanced tagging, and automatic http to https redirection

There's some new service named hulu that seems to be backed by the bigwigs in Hollywood or something. Oddly enough, they are allowing for embedding of full episodes on user's websites and this is a test.

I've seen the entire Firefly series (part of a first season that was cut short by cancellation) and it is quite good. Enjoy this first episode.

Found this on the Red Hat Magazine site and wanted to help it get wider distribution so here it is. You know who Alan Cox is, right?

Bob Young was one of the original founders of Red Hat... but he left Red Hat some time ago to establish lulu.com. Anyway, Bob gave a speech back in Oct. 2007 from which I took this little clip... where he discusses our hero Richard Stallman. Enjoy.