[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] URGENT Hacking

Subject: RE: [cobalt-security] URGENT Hacking
From: "Chris Weiss" <chris@xxxxxxxxxxxxx>
Date: Fri, 8 Sep 2000 17:30:05 -0400

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Gossi The Dog
Sent: Friday, September 08, 2000 4:54 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] URGENT Hacking

On Fri, 8 Sep 2000, Chris Weiss wrote:

> -----Original Message-----
>
> [Snipped]
>
> It would be nice if Cobalt hadn't removed ipchains from their
> distribution, as this would aid greatly in blocking things like this.
> --------------------------------------------------------------------
>
> You can install ipchains very easily.  I have on my machines.  You can
also
> download and install the 2.2.14c11 kernel from Cobalt and compile it with
> whatever options you want or need (you should remove some of the default
> crap and other options).

<snip>

Where from?
---------------------------------------------------------------------------

Cobalt has not upgraded the kernel for the Raq 3 since 2.2.12C5

ftp.cobaltnet.com/pub/products/raq4/RPMS

Read about the back door before compiling your kernel:

http://www.cobalt.com/support/kb/search.php3?ques=kernel&qid=189&language=1

---------------------------------------------------------------------------
Also, are there any issues to watch out for?
---------------------------------------------------------------------------

*  Make sure you leave the serial console enabled in case you end up with a
kernel that blows the network settings.

*  You have to manually zip the kernel file.  There is no option for
automatic compression in the make file.

*  Ipchains must be installed separately.  Easily found on a quick search on
the web as well as what settings to enable in the kernel.

*  If you run the patches from Cobalt they will wipe out your current
kernel, and they do not provide source for the kernel they install.

*  If you recompile your kernel by hand and hose your machine, you are SOL
with Cobalt.  Their only supported policy is to install the kernel updates
they provide.

---------------------------------------------------------------------
And finally (this is beginning to sound like a Q&A session), have you
tried moving a Cobalt up to a non-specific Cobalt kernel manually (eg
2.2.18 or 2.4.0-testX or whatever).
---------------------------------------------------------------------

All the 2.#.##C# kernels have special built-ins for things like the LCD
panel controls, etc.  I would not attempt to use a non-cobalt kernel.  You
could try it, but you would probably hamstring the LCD interface, and you
can toss your warranty out the window.

---------------------------------------------------------------------
This are all things that'd very much like to try, but at the same time
don't want to shaft our Cobalt.

References:
- RE: [cobalt-security] URGENT Hacking
  - From: Gossi The Dog

Prev by Date: RE: [cobalt-security] URGENT Hacking
Next by Date: Re: [cobalt-security] SSL on Raq2
Previous by thread: RE: [cobalt-security] URGENT Hacking
Next by thread: [cobalt-security] glibc <= 2.1.3 vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index