Date: Thu, 10 Mar 2011 00:20:22 +0100 From: Piotr Meyer <aniou@...tek.pl> To: owl-dev@...ts.openwall.com Subject: Re: VLANs in Owl way? On Wed, Mar 09, 2011 at 11:43:16PM +0300, Vasiliy Kulikov wrote: > On Mon, Mar 07, 2011 at 09:18 +0100, Piotr Meyer wrote: > > only 'is_available' needs some > > work (can we rely on sysfs on /sys presence?). > > That's an open issue :-) There is some danger in mounting /sys by > default. Permissions of some sysfs files were too restricted not long > ago: That version was taken from Fedora 14. Older implementations (RHEL4 and 5) don't relies on sysfs: http://pastebin.com/DYBU9KXB (RHEL4.4) http://pastebin.com/BcFAujTy (RHEL5.5) BTW about is_available() function: from my point of view this function does too much: not only checks availability of device, but also loads firmware/modules for physical devices and renames them, if necessary. IMVHO is_available() should be limited to lines 1-17 (and, maybe 22-28 but without renaming) of RHEL5 version. Mixing "checking" and "doing" in one place isn't good and admin should create necessary devices without "magic" scripts. > One little problem with the script is that it uses "ip link add type > vlan", it is not supported by our old iproute ;) This isn't necessary, I hope: older version uses simply vconfig to creating vlans: http://pastebin.com/GGJR8W30 (from RHEL5.5). > We're planning to > upgrade iproute after toolchain upgrade. With gcc4? I played a little in NetBSD with things like ASLR or gcc stack smashing protections and I'm curious what Owl can do with this. Yes, I'm aware about performance drop but there are many "fast" distros and I want secure one. PS: Handy table for current RHEL's features: http://www.awe.com/mark/blog/20101130.html -- Piotr 'aniou' Meyer
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.