kernel data inpage error
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 6944
Kernel-Machine Library 0.1
Kernel-Machine Library is a C++ library to implement kernel machines. more>>
The Kernel-Machine Library is a freely available (released under the GPL) C++ library to promote the use and progress of kernel machines. It is both for academic use and for developing real world applications.
The Kernel-Machine Library draws heavily from features of modern C++ such as template meta-programming to achieve high performance while at the same time offering a comfortable interface.
It enables compile-time selection of specialised algorithms on the basis of data types: for example, the specific case of a SVM in combination with a linear kernel can be computed by a specialised efficient algorithm.
The Kernel-Machine Library has implementations for the following kernel machines and their cited algorithms:
- Support Vector Machine [1, 2, 3]
- Relevance Vector Machine [4]
- Kernel Recursive Least Squares [5]
- Adaptive Sparseness using Jeffreys Prior [6]
- Smooth Relevance Vector Machine [7]
Up till now, the focus has been on regression. The handling of classification and ranking problems is being added.
<<lessThe Kernel-Machine Library draws heavily from features of modern C++ such as template meta-programming to achieve high performance while at the same time offering a comfortable interface.
It enables compile-time selection of specialised algorithms on the basis of data types: for example, the specific case of a SVM in combination with a linear kernel can be computed by a specialised efficient algorithm.
The Kernel-Machine Library has implementations for the following kernel machines and their cited algorithms:
- Support Vector Machine [1, 2, 3]
- Relevance Vector Machine [4]
- Kernel Recursive Least Squares [5]
- Adaptive Sparseness using Jeffreys Prior [6]
- Smooth Relevance Vector Machine [7]
Up till now, the focus has been on regression. The handling of classification and ranking problems is being added.
Download (0.050MB)
Added: 2005-10-08 License: GPL (GNU General Public License) Price:
1478 downloads
Kernel Configuration Comparison 0.2
Kernel Configuration Comparison (kccmp) provides a GUI for comparing two Linux kernel .config files. more>>
Kernel Configuration Comparison (kccmp) provides a GUI for comparing two Linux kernel ".config" files.
It shows configuration variables with different values in a tabular format. It also shows configuration variables found in only one of the input configuration files.
Building:
kccmp by default requires Qt 3.x. However, by changing one line in kccmp.pro you can build against Qt 4.x. Note that the Qt 4.x build requilres libboost_regex as well.
The standard build is as easy as:
example:
% qmake
% make
Usage
% kccmp /path/to/first/.config path/to/second/.config
example:
% kccmp /usr/src/linux/.config /usr/src/linux/.config.old
Enhancements:
- This release was ported to Qt 3.x.
- The requirement for libboost_regex was removed.
- Building with either Qt 4.x or Qt 3.x is now supported.
<<lessIt shows configuration variables with different values in a tabular format. It also shows configuration variables found in only one of the input configuration files.
Building:
kccmp by default requires Qt 3.x. However, by changing one line in kccmp.pro you can build against Qt 4.x. Note that the Qt 4.x build requilres libboost_regex as well.
The standard build is as easy as:
example:
% qmake
% make
Usage
% kccmp /path/to/first/.config path/to/second/.config
example:
% kccmp /usr/src/linux/.config /usr/src/linux/.config.old
Enhancements:
- This release was ported to Qt 3.x.
- The requirement for libboost_regex was removed.
- Building with either Qt 4.x or Qt 3.x is now supported.
Download (0.012MB)
Added: 2005-10-03 License: GPL (GNU General Public License) Price:
1482 downloads
gnome-kernel-manager 0.0.1
gnome-kernel-manager is a tool for managing kernel modules and more. more>>
gnome-kernel-manager is a tool for managing kernel modules and more.
gnome-kernel-manager is a gui for managing the kernel modules, .... Only Linux kernel is supported.
Main features:
- Shows the list of loaded modules.
- Shows the list of all installed modules.
- Shows information about modules.
- Supports (un)loading modules.
<<lessgnome-kernel-manager is a gui for managing the kernel modules, .... Only Linux kernel is supported.
Main features:
- Shows the list of loaded modules.
- Shows the list of all installed modules.
- Shows information about modules.
- Supports (un)loading modules.
Download (0.27MB)
Added: 2007-07-26 License: GPL (GNU General Public License) Price:
824 downloads
Kernel Version Monitor 0.5
Kernel Version Monitor is a Superkaramba theme that creates a widget displaying the current version information of the kernel. more>>
Kernel Version Monitor is a Superkaramba theme that creates a widget displaying the current version information of the Linux kernel as put forth by the kernel.org RSS feed here: http://kernel.org/kdist/rss.xml . Kernel Version Monitor uses the Tux icon from the nuoveXT icon theme found at http://nuovext.pwsp.net
Kudos and thanks to Richard "Ricardo" Szlachta for his advice on refining the aesthetics of this theme.
This is my first Superkaramba theme and a work in progress. I would love to hear comments, opinions and suggestions in order to improve this theme.
<<lessKudos and thanks to Richard "Ricardo" Szlachta for his advice on refining the aesthetics of this theme.
This is my first Superkaramba theme and a work in progress. I would love to hear comments, opinions and suggestions in order to improve this theme.
Download (0.025MB)
Added: 2006-06-29 License: GPL (GNU General Public License) Price:
1213 downloads
xlike Kernel Patchset 0.20f
xlike Kernel Patchset is a patch collection for the Linux vanilla kernel. more>>
xlike Kernel Patchset is a patch collection for the Linux vanilla kernel. The project includes as many stable enhancements for the Linux kernel as possible.
These include code from Kernel Mode Linux, Rule Set Based Access Control, Novell AppArmor, Openswan, grsecurity, Linux VServer, Ndiswrapper, web100, Nefilters, Suspend2, Speakup, Amiga Smart File System, Cdemu, SquashFS, fbsplash, QuadDSP, and more. It also contains many drivers and fixes.
Enhancements:
- This version was updated to patch against Linux 2.6.20.
- User Mode Linux with Linux-PHC, LinuxIMQ, Web100, WANPIPE, WRR, ReiserFS4, SquashFS, UnionFS, Bootsplash, and Kernel Color Output were added.
<<lessThese include code from Kernel Mode Linux, Rule Set Based Access Control, Novell AppArmor, Openswan, grsecurity, Linux VServer, Ndiswrapper, web100, Nefilters, Suspend2, Speakup, Amiga Smart File System, Cdemu, SquashFS, fbsplash, QuadDSP, and more. It also contains many drivers and fixes.
Enhancements:
- This version was updated to patch against Linux 2.6.20.
- User Mode Linux with Linux-PHC, LinuxIMQ, Web100, WANPIPE, WRR, ReiserFS4, SquashFS, UnionFS, Bootsplash, and Kernel Color Output were added.
Download (0.45MB)
Added: 2007-08-22 License: GPL (GNU General Public License) Price:
793 downloads
Pattern Classification Program 2.2
Pattern Classification Program is a machine learning program for pattern classification. more>>
Pattern Classification Program is an open-source machine learning program for supervised and unsupervised classification of patterns (vectors of measurements). Pattern Classification Program implements the following algorithms and methods:
- k-means clustering
- Fishers linear discriminant
- dimension reduction using Singular Value Decomposition
- Principal Component Analysis
- feature subset selection
- Bayes error estimation
- parametric classifiers (linear and quadratic)
- least-squares (pseudo-inverse) linear discriminant
- k-Nearest Neighbor
- neural networks (Multi-Layer Perceptron)
- Support Vector Machine algorithm
- cross-validation
- bagging (committee) classification
The program supports interactive and batch processing. Commands are issued through a keyboard-driven menu system in the interactive mode, or in a batch file in the batch mode. It is a binary executable and does not need any special run-time environment. PCP uses tab-delimited text files for input data. The results are displayed on the screen and saved in text files.
PCP runs under Linux and Windows operating systems (under Cygwin environment), on i386 architecture CPUs such as Intel Pentium or AMD Athlon. PCP has been developed and tested on RedHat Linux 9.0 distribution. It has also been tested on SUSE Linux 9.1 and Fedora Core 2 and verified to run on Knoppix 3.7 and Windows XP.
Enhancements:
- This release supports model selection for the linear SVM kernel and an option to build SVD transforms using training and test datasets (as opposed to just training data).
- P-errors are now reported in SVM model selection.
- The build process was simplified.
<<less- k-means clustering
- Fishers linear discriminant
- dimension reduction using Singular Value Decomposition
- Principal Component Analysis
- feature subset selection
- Bayes error estimation
- parametric classifiers (linear and quadratic)
- least-squares (pseudo-inverse) linear discriminant
- k-Nearest Neighbor
- neural networks (Multi-Layer Perceptron)
- Support Vector Machine algorithm
- cross-validation
- bagging (committee) classification
The program supports interactive and batch processing. Commands are issued through a keyboard-driven menu system in the interactive mode, or in a batch file in the batch mode. It is a binary executable and does not need any special run-time environment. PCP uses tab-delimited text files for input data. The results are displayed on the screen and saved in text files.
PCP runs under Linux and Windows operating systems (under Cygwin environment), on i386 architecture CPUs such as Intel Pentium or AMD Athlon. PCP has been developed and tested on RedHat Linux 9.0 distribution. It has also been tested on SUSE Linux 9.1 and Fedora Core 2 and verified to run on Knoppix 3.7 and Windows XP.
Enhancements:
- This release supports model selection for the linear SVM kernel and an option to build SVD transforms using training and test datasets (as opposed to just training data).
- P-errors are now reported in SVM model selection.
- The build process was simplified.
Download (4.3MB)
Added: 2006-05-25 License: BSD License Price:
1253 downloads
libgpg-error 1.4
libgpg-error package contains common error codes and error handling functions used by GnuPG, Libgcrypt, GPGME and more packages. more>>
libgpg-error package contains common error codes and error handling functions used by GnuPG, Libgcrypt, GPGME and more packages.
Installation:
Please read the file INSTALL!
Here is a quick summary:
1) Check that you have unmodified sources. You can find instructions how to verify the sources below. Dont skip this - it is an important step!
2) Unpack the archive. With GNU tar you can do it this way:
"tar xzvf libgpg-error-x.y.tar.gz"
3) "cd libgpg-error-x.y"
4) "./configure"
5) "make"
6) "make install"
<<lessInstallation:
Please read the file INSTALL!
Here is a quick summary:
1) Check that you have unmodified sources. You can find instructions how to verify the sources below. Dont skip this - it is an important step!
2) Unpack the archive. With GNU tar you can do it this way:
"tar xzvf libgpg-error-x.y.tar.gz"
3) "cd libgpg-error-x.y"
4) "./configure"
5) "make"
6) "make install"
Download (0.60MB)
Added: 2006-09-26 License: GPL (GNU General Public License) Price:
1128 downloads
Linux Kernel Spinlock Metering 1.4.11
Linux Kernel Spinlock Metering is a kernel patch that allows you to build an i386, ia64, Alpha, Sparc64, or mips64 kernel... more>>
The Linux SMP kernel uses spinlocks to protect data structures from concurrent, potentially conflicting accesses. Linux Kernel Spinlock Metering is a kernel patch that allows you to build an i386, ia64, Alpha, Sparc64, or mips64 kernel that can perform simple "metering" (record-keeping) of spinlock usage. Also available is source for an associated new command, lockstat, that is used to instruct the kernel to turn this lock metering on or off, and to retrieve the metering data from the kernel and display it in a human-readable format.
Data displayed includes the number of lock attempts, per-spinlock per-caller, the number of those attempts that were immediately successful vs. those that required the attempting locker to wait for the current lock-holder to release; the mean and max hold-time, and the mean, max, and cumulative wait-time. Whenever possible, the locking caller and the spinlocks are identified by their symbolic names, not by their virtual addresses.
Various patch sets are available. Version 1.1.4 patches the 2.2.14 kernel and reflects a relatively old flavor of Lockmeter. Version 1.4.11 patches the 2.4.16, 2.4.17, 2.5.3, and 2.5.5 kernels, and the previous release v1.4.9 patches various other releases of the 2.4.x kernel. This version 1.4 supports i386, alpha, ia64, mips64, and sparc64. The most recent version 1.5 is available as a patch against the 2.4.18 and various 2.5.x kernels, and it additionally supports mips (32-bit mips). Each is approximately 22 KB in gziped size. (Patches against a few older kernel versions are also available in the old subdirectory.) After applying the appropriate patch, make oldconfig presents a new Kernel lock metering option in the Kernel hacking subsection -- although only if CONFIG_SMP (Symmetric multi-processing support) has been enabled. The spinlock metering code is compiled into the kernel only when this new option is turned on.
Compiling the spinlock metering code into the kernel does not materially affect the kernel size because the additional code is roughly compensated for by the shrinking effect of the normally in-line locking routines now becoming procedure calls. A metering-capable kernel (i.e., with the patch applied, but data collection turned off) is negligibly slower than a non-metering-capable kernel, though a metering-capable kernel does slow when the metering data collection is turned on using the lockstat command (typically 8% for a systime==25% workload). Care has been taken to minimize performance degradation, and further improvements are in progress.
The lockstat command must also be downloaded, compiled, and installed. lockstat is a privileged command that requires root access. It reads and writes to the node /proc/lockmeter to control the kernels metering as follows:
lockstat on enables the kernels metering data collection,
lockstat options displays the collected data, and
lockstat off disables the metering data collection.
Run lockstat with no arguments to see a verbose description of the command arguments and options.
When metering is enabled, count and time data is collected in malloced arrays that are private to each CPU, thereby avoiding costly cacheblock coherency operations that would otherwise be required if all CPUs updated the same count and time fields. The lockstat command accumulates and sorts the per-cpu data at display time.
Lockmetering attempts to provide both "cause" and "effect" information about spinlock usage. The "hold time" metering exposes which spinlocks are being held and for how long, identified by where they are held inside the kernel. The "wait-time" metering exposes the effects of these hold-times when multiple CPUs concurrently contend for the same lock.
<<lessData displayed includes the number of lock attempts, per-spinlock per-caller, the number of those attempts that were immediately successful vs. those that required the attempting locker to wait for the current lock-holder to release; the mean and max hold-time, and the mean, max, and cumulative wait-time. Whenever possible, the locking caller and the spinlocks are identified by their symbolic names, not by their virtual addresses.
Various patch sets are available. Version 1.1.4 patches the 2.2.14 kernel and reflects a relatively old flavor of Lockmeter. Version 1.4.11 patches the 2.4.16, 2.4.17, 2.5.3, and 2.5.5 kernels, and the previous release v1.4.9 patches various other releases of the 2.4.x kernel. This version 1.4 supports i386, alpha, ia64, mips64, and sparc64. The most recent version 1.5 is available as a patch against the 2.4.18 and various 2.5.x kernels, and it additionally supports mips (32-bit mips). Each is approximately 22 KB in gziped size. (Patches against a few older kernel versions are also available in the old subdirectory.) After applying the appropriate patch, make oldconfig presents a new Kernel lock metering option in the Kernel hacking subsection -- although only if CONFIG_SMP (Symmetric multi-processing support) has been enabled. The spinlock metering code is compiled into the kernel only when this new option is turned on.
Compiling the spinlock metering code into the kernel does not materially affect the kernel size because the additional code is roughly compensated for by the shrinking effect of the normally in-line locking routines now becoming procedure calls. A metering-capable kernel (i.e., with the patch applied, but data collection turned off) is negligibly slower than a non-metering-capable kernel, though a metering-capable kernel does slow when the metering data collection is turned on using the lockstat command (typically 8% for a systime==25% workload). Care has been taken to minimize performance degradation, and further improvements are in progress.
The lockstat command must also be downloaded, compiled, and installed. lockstat is a privileged command that requires root access. It reads and writes to the node /proc/lockmeter to control the kernels metering as follows:
lockstat on enables the kernels metering data collection,
lockstat options displays the collected data, and
lockstat off disables the metering data collection.
Run lockstat with no arguments to see a verbose description of the command arguments and options.
When metering is enabled, count and time data is collected in malloced arrays that are private to each CPU, thereby avoiding costly cacheblock coherency operations that would otherwise be required if all CPUs updated the same count and time fields. The lockstat command accumulates and sorts the per-cpu data at display time.
Lockmetering attempts to provide both "cause" and "effect" information about spinlock usage. The "hold time" metering exposes which spinlocks are being held and for how long, identified by where they are held inside the kernel. The "wait-time" metering exposes the effects of these hold-times when multiple CPUs concurrently contend for the same lock.
Download (MB)
Added: 2007-07-03 License: GPL (GNU General Public License) Price:
845 downloads
Kernel Mode Linux 2.6.19_001
Kernel Mode Linux is a technology which enables the execution of user programs in a kernel mode. more>>
Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. In Kernel Mode Linux, user programs can be executed as user processes that have the privilege level of kernel mode.
The benefit of executing user programs in kernel mode is that the user programs can access a kernel address space directly. So, for example, user programs can invoke system calls very fast because it is unnecessary to switch between a kernel mode and a user mode by using costly software interruptions or context switches.
Unlike kernel modules, user programs are executed as ordinary processes (except for their privilege level), so scheduling and paging are performed as usual.
Although it seems dangerous to let user programs access a kernel directly, safety of the kernel can be ensured, for example, by static type checking, software fault isolation, and so forth.
For proof of concept, we are developing a system which is based on the combination of Kernel Mode Linux and Typed Assembly Language, TAL. (TAL can ensure safety of programs through its type checking and the type checking can be done at machine binary level.
Version restrictions:
- User processes executed in kernel mode should obey the following limitations. Otherwise, your system will be in an undefined state. In the worst-case scenario, your system will crash.
- On IA-32, programs executed in kernel mode shouldnt modify their CS, DS, FS and SS registers.
- On AMD64, programs executed in kernel mode shouldnt modify their CS register.
- In addition, on AMD64, IA-32 binaries cannot be executed in kernel mode.
Enhancements:
- This release has been merged with the 2.6.19 Linux kernel.
<<lessThe benefit of executing user programs in kernel mode is that the user programs can access a kernel address space directly. So, for example, user programs can invoke system calls very fast because it is unnecessary to switch between a kernel mode and a user mode by using costly software interruptions or context switches.
Unlike kernel modules, user programs are executed as ordinary processes (except for their privilege level), so scheduling and paging are performed as usual.
Although it seems dangerous to let user programs access a kernel directly, safety of the kernel can be ensured, for example, by static type checking, software fault isolation, and so forth.
For proof of concept, we are developing a system which is based on the combination of Kernel Mode Linux and Typed Assembly Language, TAL. (TAL can ensure safety of programs through its type checking and the type checking can be done at machine binary level.
Version restrictions:
- User processes executed in kernel mode should obey the following limitations. Otherwise, your system will be in an undefined state. In the worst-case scenario, your system will crash.
- On IA-32, programs executed in kernel mode shouldnt modify their CS, DS, FS and SS registers.
- On AMD64, programs executed in kernel mode shouldnt modify their CS register.
- In addition, on AMD64, IA-32 binaries cannot be executed in kernel mode.
Enhancements:
- This release has been merged with the 2.6.19 Linux kernel.
Download (0.032MB)
Added: 2006-12-11 License: GPL (GNU General Public License) Price:
1047 downloads
Linux Kernel Monitor 0.3 Alpha
Linux Kernel Monitor is a tool for monitoring and managing linuxs kernel. more>>
Linux Kernel Monitor is a tool for monitoring and managing linuxs kernel. It has been developed for GNOME, using Glib and Gtk libraries in C language.
lkmonitor tries to offer detailed information of the characteristics of the system, as type of cpu, state of the memory or the file system registered in kernel.
lkmonitor is an open source project with information about the source code and software architecture to make easy the development of new characteristics.
Enhancements:
- IO information, kernel information, networking info, processes specific information, filesystems, modules, etc.
<<lesslkmonitor tries to offer detailed information of the characteristics of the system, as type of cpu, state of the memory or the file system registered in kernel.
lkmonitor is an open source project with information about the source code and software architecture to make easy the development of new characteristics.
Enhancements:
- IO information, kernel information, networking info, processes specific information, filesystems, modules, etc.
Download (0.084MB)
Added: 2007-07-30 License: GPL (GNU General Public License) Price:
816 downloads
Unicode Error Detector 1.0
Unicode Error Detector is a product for Plone used to pinpoint errors in your application leading to UnicodeDecodeErrors. more>>
Unicode Error Detector is a product for Plone used to pinpoint errors in your application leading to UnicodeDecodeErrors.
Do not use this product unless you are actively debugging a Unicode Error. Never use this product in production sites.
UnicodeDecodeErrors typically occur when you try to add a Unicode string to a non-ascii string. This product patches StringIO used by page templates to check if the appended string is a Unicode string, and if it is, it replaces the string with an error marker.
As there is some overhead associated with inspecting the strings instead of just appending to the output, this product is meant for debugging purposes only.
Usage
Put the product in your Products directory and restart Zope. Load the template causing the UnicodeDecodeError, and this tool will indicate the location by printing THIS IS WHERE THE ERROR IS in the rendered template.
You can then inspect the template and/or code more closely to figure out where the decode error happens.
<<lessDo not use this product unless you are actively debugging a Unicode Error. Never use this product in production sites.
UnicodeDecodeErrors typically occur when you try to add a Unicode string to a non-ascii string. This product patches StringIO used by page templates to check if the appended string is a Unicode string, and if it is, it replaces the string with an error marker.
As there is some overhead associated with inspecting the strings instead of just appending to the output, this product is meant for debugging purposes only.
Usage
Put the product in your Products directory and restart Zope. Load the template causing the UnicodeDecodeError, and this tool will indicate the location by printing THIS IS WHERE THE ERROR IS in the rendered template.
You can then inspect the template and/or code more closely to figure out where the decode error happens.
Download (0.001MB)
Added: 2007-03-28 License: GPL (GNU General Public License) Price:
942 downloads
Kernelcookies 9
Kernelcookies project consists of fortune cookies from the Linux Kernel. more>>
Kernelcookies project consists of fortune cookies from the Linux Kernel.
Kernelcookies is a datafile for fortune that contains some of the funnier or more obscure kernel messages.
One of the most famous messages ("lp1 on fire") was part of the linuxcookies data file (and got me started on this compilation).
NOTE: Some of the cookies may contain offensive language. As I dont really want to decide on what someone might find offensive or not and create two seperate files, I only put this warning here. If you dont want offensive fortunes, youll have to weed this file out yourself.
Enhancements:
- 25 new cookies from Linux 2.6.19 were added.
<<lessKernelcookies is a datafile for fortune that contains some of the funnier or more obscure kernel messages.
One of the most famous messages ("lp1 on fire") was part of the linuxcookies data file (and got me started on this compilation).
NOTE: Some of the cookies may contain offensive language. As I dont really want to decide on what someone might find offensive or not and create two seperate files, I only put this warning here. If you dont want offensive fortunes, youll have to weed this file out yourself.
Enhancements:
- 25 new cookies from Linux 2.6.19 were added.
Download (0.007MB)
Added: 2007-02-07 License: GPL (GNU General Public License) Price:
989 downloads
Openwall Linux kernel patch 2.4.35-ow2
Openwall Linux kernel patch is a collection of security-related features for the Linux kernel. more>>
Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various security fixes.
The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
Non-executable user stack area.
Most buffer overflow exploits are based on overwriting a functions return address on the stack to point to some arbitrary code, which is also put onto the stack. If the stack area is non-executable, buffer overflow vulnerabilities become harder to exploit.
Another way to exploit a buffer overflow is to point the return address to a function in libc, usually system(). This patch also changes the default address that shared libraries are mmap()ed at to make it always contain a zero byte. This makes it impossible to specify any more data (parameters to the function, or more copies of the return address when filling with a pattern), -- in many exploits that have to do with ASCIIZ strings.
However, note that this patch is by no means a complete solution, it just adds an extra layer of security. Many buffer overflow vulnerabilities will remain exploitable a more complicated way, and some will even remain unaffected by the patch. The reason for using such a patch is to protect against some of the buffer overflow vulnerabilities that are yet unknown.
Also, note that some buffer overflows can be used for denial of service attacks (usually in non-respawning daemons and network clients). A patch like this cannot do anything against that.
It is important that you fix vulnerabilities as soon as they become known, even if youre using the patch. The same applies to other features of the patch (discussed below) and their corresponding vulnerabilities.
Restricted links in /tmp.
Ive also added a link-in-+t restriction, originally for Linux 2.0 only, by Andrew Tridgell. Ive updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they dont own, unless they could read and write the file (due to group permissions). This is usually the desired behavior anyway, since otherwise users couldnt remove such links theyve just created in a +t directory (unfortunately, this is still possible for group-writable files) and because of disk quotas.
Unfortunately, this may break existing applications.
Restricted FIFOs in /tmp.
In addition to restricting links, you might also want to restrict writes into untrusted FIFOs (named pipes), to make data spoofing attacks harder. Enabling this option disallows writing into FIFOs not owned by the user in +t directories, unless the owner is the same as that of the directory or the FIFO is opened without the O_CREAT flag.
Restricted /proc.
This was originally a patch by route that only changed the permissions on some directories in /proc, so you had to be root to access them. Then there were similar patches by others. I found them all quite unusable for my purposes, on a system where I wanted several admins to be able to see all the processes, etc, without having to su root (or use sudo) each time. So I had to create my own patch that I include here.
This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless theyre in a special group. This groups id is specified via the gid= mount option, and is 0 by default. (Note: if youre using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having to reboot).
When using this part of the patch, most programs (ps, top, who) work as desired -- they only show the processes of this user (unless root or in the special group, or running with the relevant capabilities on 2.2+), and dont complain they cant access others. However, theres a known problem with w(1) in recent versions of procps, so you should apply the included patch to procps if this applies to you.
Enhancements:
- This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel.
- It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).
<<lessThe number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
Non-executable user stack area.
Most buffer overflow exploits are based on overwriting a functions return address on the stack to point to some arbitrary code, which is also put onto the stack. If the stack area is non-executable, buffer overflow vulnerabilities become harder to exploit.
Another way to exploit a buffer overflow is to point the return address to a function in libc, usually system(). This patch also changes the default address that shared libraries are mmap()ed at to make it always contain a zero byte. This makes it impossible to specify any more data (parameters to the function, or more copies of the return address when filling with a pattern), -- in many exploits that have to do with ASCIIZ strings.
However, note that this patch is by no means a complete solution, it just adds an extra layer of security. Many buffer overflow vulnerabilities will remain exploitable a more complicated way, and some will even remain unaffected by the patch. The reason for using such a patch is to protect against some of the buffer overflow vulnerabilities that are yet unknown.
Also, note that some buffer overflows can be used for denial of service attacks (usually in non-respawning daemons and network clients). A patch like this cannot do anything against that.
It is important that you fix vulnerabilities as soon as they become known, even if youre using the patch. The same applies to other features of the patch (discussed below) and their corresponding vulnerabilities.
Restricted links in /tmp.
Ive also added a link-in-+t restriction, originally for Linux 2.0 only, by Andrew Tridgell. Ive updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they dont own, unless they could read and write the file (due to group permissions). This is usually the desired behavior anyway, since otherwise users couldnt remove such links theyve just created in a +t directory (unfortunately, this is still possible for group-writable files) and because of disk quotas.
Unfortunately, this may break existing applications.
Restricted FIFOs in /tmp.
In addition to restricting links, you might also want to restrict writes into untrusted FIFOs (named pipes), to make data spoofing attacks harder. Enabling this option disallows writing into FIFOs not owned by the user in +t directories, unless the owner is the same as that of the directory or the FIFO is opened without the O_CREAT flag.
Restricted /proc.
This was originally a patch by route that only changed the permissions on some directories in /proc, so you had to be root to access them. Then there were similar patches by others. I found them all quite unusable for my purposes, on a system where I wanted several admins to be able to see all the processes, etc, without having to su root (or use sudo) each time. So I had to create my own patch that I include here.
This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless theyre in a special group. This groups id is specified via the gid= mount option, and is 0 by default. (Note: if youre using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having to reboot).
When using this part of the patch, most programs (ps, top, who) work as desired -- they only show the processes of this user (unless root or in the special group, or running with the relevant capabilities on 2.2+), and dont complain they cant access others. However, theres a known problem with w(1) in recent versions of procps, so you should apply the included patch to procps if this applies to you.
Enhancements:
- This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel.
- It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).
Download (0.034MB)
Added: 2007-08-15 License: GPL (GNU General Public License) Price:
800 downloads
Data::Password::Manager 0.02
Data::Password::Manager is a Perl module to generate, check, manage crypt - des passwords. more>>
Data::Password::Manager is a Perl module to generate, check, manage crypt - des passwords.
SYNOPSIS
use Data::Password::Manager qw(
pw_gen
pw_valid
pw_obscure
pw_clean
pw_get
);
$password = pw_gen($cleartext);
$ok = pw_valid($cleartxt,$password);
$clean_text = pw_clean($dirty_text);
($code,$text) = $pw_obscure($newpass,$oldpass,$min_len);
$passwd = pw_get($user,$passwd_file,$error);
$password = pw_gen($cleartext);
Generate a 13 character DES password string from clear text
input: string<<less
SYNOPSIS
use Data::Password::Manager qw(
pw_gen
pw_valid
pw_obscure
pw_clean
pw_get
);
$password = pw_gen($cleartext);
$ok = pw_valid($cleartxt,$password);
$clean_text = pw_clean($dirty_text);
($code,$text) = $pw_obscure($newpass,$oldpass,$min_len);
$passwd = pw_get($user,$passwd_file,$error);
$password = pw_gen($cleartext);
Generate a 13 character DES password string from clear text
input: string<<less
Download (0.013MB)
Added: 2007-02-20 License: Perl Artistic License Price:
978 downloads
Kernel Mode Linux 2.4.35.1_001 (For Linux 2.4)
Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. more>>
Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. In Kernel Mode Linux, user programs can be executed as user processes that have the privilege level of kernel mode.
The benefit of executing user programs in kernel mode is that the user programs can access a kernel address space directly. So, for example, user programs can invoke system calls very fast because it is unnecessary to switch between a kernel mode and a user mode by using costly software interruptions or context switches. Unlike kernel modules, user programs are executed as ordinary processes (except for their privilege level), so scheduling and paging are performed as usual.
Although it seems dangerous to let user programs access a kernel directly, safety of the kernel can be ensured, for example, by static type checking, software fault isolation, and so forth. For proof of concept, we are developing a system which is based on the combination of Kernel Mode Linux and Typed Assembly Language, TAL.
Version restrictions:
- On IA-32, programs executed in kernel mode shouldnt modify their CS, DS, FS and SS registers.
- On AMD64, programs executed in kernel mode shouldnt modify their CS register.
Enhancements:
- This version was merged with the 2.4.35.1 Linux kernel.
<<lessThe benefit of executing user programs in kernel mode is that the user programs can access a kernel address space directly. So, for example, user programs can invoke system calls very fast because it is unnecessary to switch between a kernel mode and a user mode by using costly software interruptions or context switches. Unlike kernel modules, user programs are executed as ordinary processes (except for their privilege level), so scheduling and paging are performed as usual.
Although it seems dangerous to let user programs access a kernel directly, safety of the kernel can be ensured, for example, by static type checking, software fault isolation, and so forth. For proof of concept, we are developing a system which is based on the combination of Kernel Mode Linux and Typed Assembly Language, TAL.
Version restrictions:
- On IA-32, programs executed in kernel mode shouldnt modify their CS, DS, FS and SS registers.
- On AMD64, programs executed in kernel mode shouldnt modify their CS register.
Enhancements:
- This version was merged with the 2.4.35.1 Linux kernel.
Download (0.026MB)
Added: 2007-08-17 License: GPL (GNU General Public License) Price:
486 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above kernel data inpage error search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
