FreeBSD-SA-12:08.linux

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

=============================================================================
FreeBSD-SA-12:08.linux Security Advisory
The FreeBSD Project

Topic: Linux compatibility layer input validation error

Category: core
Module: kernel
Announced: 2012-11-22
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE)
2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11)
2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE)
2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5)
2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE)
2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1)
CVE Name: CVE-2012-4576

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

FreeBSD is binary-compatible with the Linux operating system through a
loadable kernel module/optional kernel component.

II. Problem Description

A programming error in the handling of some Linux system calls may
result in memory locations being accessed without proper validation.

III. Impact

It is possible for a local attacker to overwrite portions of kernel
memory, which may result in a privilege escalation or cause a system
panic.

IV. Workaround

No workaround is available, but systems not using the Linux binary
compatibility layer are not vulnerable.

The following command can be used to test if the Linux binary
compatibility layer is loaded:

# kldstat -m linuxelf

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security
branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 9.0, and 9.1 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc
b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1,
9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via
the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Subversion:

Branch/path Revision
– ————————————————————————-
stable/7/ r243418
releng/7.4/ r243417
stable/8/ r243417
releng/8.3/ r243417
stable/9/ r243417
releng/9.0/ r243417
releng/9.1/ r243417
– ————————————————————————-

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.9

iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt
BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP
=KVp4
—–END PGP SIGNATURE—–

FreeBSD 8.0下安装QQ for Linux

国人的电脑上估计都离不开QQ这东东了,虽说这东东比较霸道,但我们还是在用它。以前非Windows用户是无法直接使用QQ的,现在QQ官方提供了Linux系统支持,但在FreeBSD系统上使用还是比较麻烦的。本文主要介绍FreeBSD 8.0下是如何安装QQ的。

一、开启 Linux 二进制兼容支持

# kldload linux

开机自动开启linux二进制兼容支持

vi /etc/rc.conf

linux_enable="YES"

二、安装Linux运行时库

# cd /usr/ports/emulators/linux_base-f10
# make install distclean

三、安装QQ for Linux

#cd /usr/ports/net-im/qq/ && make install clean

四、配置支持中文输入法(仅测试过FCITX)

#/compat/linux/usr/bin/localedef -i zh_CN -f UTF-8 zh_CN

 

参考资料:http://wiki.freebsdchina.org/software/q/qqforlinux

FreeBSD 8.1加载linux flash插件的方法

FreeBSD 8.1加载linux flash插件的方法

pagx在FreeBSDChina发贴共享了FreeBSD 8.1加载linux flash插件的方法,本人根据其方法成功安装了flash插件,由于论坛里面的帖子比较乱,在此重新整理成笔记共享。

安装libflashcross.so

i386环境

# fetch http://btload.googlecode.com/files/nspluginbox-x86src.tar.bz2
# bunzip2 nspluginbox-x86src.tar.bz2
# cd nspluginbox-last_v2/rtld-npp
# make
# cp libflashcross.so /home/test/.mozilla/plugins/.

amd64环境

# fetch http://btload.googlecode.com/files/libflashcross-x86_64.so.tar.bz2
# bunzip2 libflashcross-x86_64.so.tar.bz2
# cp libflashcross.so /home/test/.mozilla/plugins/.

安装libflashplayer.so

直接到Adobe官网下载相应的linux版本的flashplayer压缩包,解压后拷贝到/home/test/.mozilla/目录下。

再安装alsa-lib和alsa-plugins即可。

ports分别位于:
/usr/ports/audio/alsa-lib
/usr/ports/audio/alsa-plugins

FreeBSDChina帖子原文如下:

下载这个文件解压:
http://btload.googlecode.com/files/libflashcross-i386.so.tar.bz2
将 libflash-cross.so 丢到 ~/.mozilla/plugins

从linux那边拷贝libflashplayer.so (for 10.1 r53 i386) 文件过来到
~/.mozilla

安装好之后,目录结构应该如下:
~/.mozilla/libflashplayer.so
~/.mozilla/plugins/libflashcross.so

安装alsa-lib-1.0.23, alsa-plugins-1.0.23 即可。

仅在 FreeBSD 8.1/i386, 环境下的firefox3, chrome测试成功

其他环境需要自己编译:
http://btload.googlecode.com/files/nspluginbox-last.tar.bz2

目前i386的版本已经比较稳定,存在少量的内存泄漏, 但对使用影响不大。导致firefox/chrome崩溃的问题也已经修正。

修正amd64内存泄漏(二进制文件)
http://btload.googlecode.com/files/libflashcross-x86_64.so.tar.bz2

64bit 二进制的对应的flash版本(经过测试可以使用的)是
libflashplayer-10.0.42.34.linux-x86_64.so.tar.gz 或者 libflashplayer-10.0.45.2.linux-x86_64.so.tar.gz

更新x86_64的源代码和二进制文件, 更新对10.2的支持。需要的,重新下载:
http://btload.googlecode.com/files/libflashcross-x86_64.so.tar.bz2
i386的二进制文件因为被报告有问题已经删除,需要的可以下载
http://btload.googlecode.com/files/nspluginbox-x86src.tar.bz2
这个旧版的源代码,自己编译。

源码包是一个集合,所以名字是随意另起的。
代码里面包含了,
1、npprunner: GTK写的测试NPAPI插件的程序(因为使用浏览器不太方便调试, 曾经的名字是nspluginbox)。
2、plugin-gtk: windows下某个安全控件的代替方案的实现。本来可以写支持加密的,不过想想算了,那么干会影响商业秘密的。况且未必变得安全。
3、plugin-wrap: 比较邪恶,不要看。看懂的话也请不要说出来,继续保持沉默。
4、rtld-npp: 加载linux的NPAPI插件的wrapper, 也就是 libflashcross.so

原文链接:http://www.freebsdchina.org/forum/viewtopic.php?t=50134

FreeBSD和Linux如何互相访问文件系统

一、如何mount Linux Ext2文件系统

经常有人在问,强大的FreeBSD为什么不能使用牛B的Linux ext文件系统呢?得到的回答通常是:“能,当然能了”。可是,太多的人习惯了使用mount_xxx来工作,这时会发现mount_只有这样的列表:

mount           mount_mfs       mount_nfs       mount_ntfs      mount_nwfs      mount_smbfs     mount_unionfs
mount_cd9660    mount_msdosfs   mount_nfs4      mount_nullfs    mount_portalfs  mount_udf       mountd

千万不要灰心,强大的FreeBSD还有很多你所不知道的东东,请使用:

mount -t ext2fs

来mount牛B的Linux ext文件系统罢。对了,小小的提示,ext3也可以使用ext2来mount的。

需要注意的是,尽量不要以读写方式挂接 ext2/ext3 文件系统。尽管 FreeBSD 支持在 ext2/3 文件系统中写入数据,但是这种做法是容易导致问题的。如果希望做系统迁移,比较理想的做法是使用 NFS 将数据复制过来。

二、如何在linux中mount ufs2文件系统

FreeBSD的默认文件系统是ufs2。 可以用:

mount -r -t ufs -o ufstype=ufs2 /dev/hda10 /mnt

这样的命令来挂载。

前提:Linux内核中必须启用ufs和bsd disk label支持. 即

CONFIG_BSD_DISKLABEL=y
CONFIG_UFS_FS=y
CONFIG_UFS_FS_WRITE=y

原文链接:http://wiki.freebsdchina.org/faq/filesystem/e/mount_ext2fs
http://wiki.freebsdchina.org/faq/filesystem/e/mount_ufs2_in_linux