https://openwall.info/wiki/ 2026-04-21T15:50:27+02:00 https://openwall.info/wiki/ https://openwall.info/wiki/lib/tpl/local/images/favicon.ico text/html 2023-05-10T13:46:32+02:00 https://openwall.info/wiki/internal/accessing-users-files-as-root-safely?rev=1683719192&do=diff The following is an excerpt taken from <http://www.openwall.com/lists/oss-security/2011/03/04/24>: Speaking of issues where a more or differently privileged process accesses files in a directory writable by another process, these are surprisingly difficult to "fully" deal with, and the majority of programs are "affected". Of the common Unix commands, only a handful are safe to use in untrusted directories (with possible impact of attacks being a mere DoS against the command itself) - such as … text/html 2013-07-13T20:33:16+02:00 https://openwall.info/wiki/internal/gcc-local-build?rev=1373740396&do=diff These days, GCC stands for the GNU Compiler Collection, but here we're only interested in the C and maybe C++ compilers. The following applies to gcc versions 4.x (last tested with gcc 4.5.0 on Owl-current installed from the 2010/03/23 OpenVZ container template, but should work on other Linux systems with essential “development” tools installed as well). text/html 2015-10-12T00:15:22+02:00 https://openwall.info/wiki/internal/gnu-tar-incremental-backups?rev=1444601722&do=diff Our backup scripts use GNU tar's --listed-incremental (or -g) option. Each Sunday, we remove the “snar” files prior to invoking tar. Then we make 6 levels of incrementals for Monday through Saturday. Our backup scripts also use --no-check-device (available in recent versions of GNU tar only) in order to avoid unintended effectively-full backup dumps after reboots of OpenVZ containers (which result in changed “device” number on simfs inodes). Yes, we backup the containers from the inside, eac… text/html 2011-01-11T23:48:58+02:00 https://openwall.info/wiki/internal/grub-lilo?rev=1294786138&do=diff We generally prefer to use LILO (which comes with Owl) rather than GRUB (a more popular choice these days) on remote Linux servers that we administer. This is due to LILO's pre-reboot configuration file parsing and the “lilo -R” feature, which we rely upon for our remote reboots. text/html 2010-09-23T12:23:18+02:00 https://openwall.info/wiki/internal/kernel-big-lock-reboot?rev=1285237398&do=diff We encountered a situation where a remote server's Linux kernel Oops'ed with the Big Kernel Lock acquired , and we used the following program to reboot that server: #include <sys/io.h> int main(void) { iopl(3); outb(0xfe, 0x64); return 0; } text/html 2010-07-23T15:27:09+02:00 https://openwall.info/wiki/internal/netconsole?rev=1279891629&do=diff Here's a tested combination of settings, assuming that the kernel has netconsole support compiled in (not a module): In /etc/lilo.conf, the section may look like: image=/boot/vmlinuz-2.6.18-194.8.1.el5.028stab070.2.owl3 label=070.2.owl3 append="panic=10 netconsole=444@192.168.xxx.src/eth1,666@192.168.xxx.dst/00:11:22:33:44:55" text/html 2010-07-23T15:29:48+02:00 https://openwall.info/wiki/internal/reboot?rev=1279891788&do=diff These instructions apply primarily to Owl systems. Many other modern Linux distributions use GRUB instead of LILO by default, but we intentionally keep using LILO in Owl. Before the reboot * Take note of the running services and OpenVZ containers (if applicable), optionally make sure that all of them and no others are configured to start upon bootup * Sanity-check and save the NTP-synchronized system time to the RTC/NVRAM with ”/sbin/clock -uw” * Make sure that an fsck won't be forced … text/html 2008-05-23T05:11:01+02:00 https://openwall.info/wiki/internal/shell?rev=1211512261&do=diff How to redirect stderr but not stdout to a pipe (taken from csh-whynot) exec 3>&1; grep yyy xxx 2>&1 1>&3 3>&- | sed s/file/foobar/ 1>&2 3>&- grep: xxx: No such foobar or directory grep's normal output (on stdout) will be unaffected. We're closing fd 3 in case a program actually cares about this fd (although most programs don't). We send stderr to sed's stdin, and then put sed's stdout “back” to stderr. text/html 2023-08-03T20:56:26+02:00 https://openwall.info/wiki/internal/ssh?rev=1691088986&do=diff Status of this wiki page This wiki page used to describe Openwall sysadmin team's conventions from circa 2010 and is mostly not being updated since then. Then content is still relevant, but is missing proper references to recent OpenSSH versions' additions such as Ed25519 and bcrypt_pbkdf. text/html 2008-05-23T06:21:33+02:00 https://openwall.info/wiki/internal/vimrc?rev=1211516493&do=diff Line wrapping and text formatting We commonly use the VIM text editor for composing e-mail messages in Mutt. To have lines auto-wrap at a reasonable length (to allow for quoting them a few times, yet fit an 80-character wide terminal window), put this in ~/.vimrc: text/html 2013-07-11T15:11:03+02:00 https://openwall.info/wiki/internal/xeon_phi?rev=1373548263&do=diff Initial thoughts Here are some pics of our “passively cooled” Xeon Phi 5110P, including with the shroud removed. We're contemplating on how to cool it in other than one of the pricey chassis that it is normally put into (would be cost-effective if we were installing many of these and/or intending to use it for profit, but not so much when we only have one and intend to use it for Open Source software development). Besides, if we manage to, we'd like to put it into a machine with AMD and NVID…