[Openswan Users] Module installation issue

Brian Gustin brian at daviesinc.com
Sun May 4 18:24:02 EDT 2008 

problem with 2.6.23 is if the kernel is in use on a public webserver
running services like http,ftp etc, there is a really nasty root exploit
that escalates an unprivileged user to root privileges... (if they are
able to get the exploit code injected and/or compiled)   Actually had
this happen on a server at work... almost lost 230 websites, 18 accounts
due to the malicious nature of the attack..  so every machine now has
2.6.24 or better . the exploit exists on kernels below 2.6.24, if I recall.

This is what I currently have installed:

Linux **** 2.6.24.3 #1 SMP Tue Mar 11 00:04:52 EDT 2008 i686 GNU/Linux


ii  openswan                        1:2.4.8-dfsg-1             IPSEC
utilities for Openswan
ii  openswan-modules-source         1:2.4.8-dfsg-1             IPSEC
kernel modules source for Openswan

(they were installed with apt-get install openswan)

Perhaps he may be able to resolve dependencies if he would use apt and
let it handle dependency issues.. like remove the .debs, install the .8
version, and then run "apt-get -f install" , which just might resolve
all the dependencies and install needed packages ..

and ours does work- just that the kernel for this machine had to be
re-compiled with some additional flags and options enabled, I forget
which.. (although, we compile our own kernels, I do believe a default
kernel from debian netinst may have that stuff already..)

I havent gotten my own internet set up to use it yet (it's kind of a
"project" thing on the back burner right now... ) but it at least starts
and runs the daemon and generates the keys (I had to open a second
terminal and run top for a little while , tail syslog, etc to generate
enough entropy on the idle machine for the keys to generate.. but it
works..)



Paul Wouters wrote:
> On Sun, 4 May 2008, Stasek Killov wrote:
> 
>>  I have faced the problem during installation openswan modules:
>>
>> Linux mobile 2.6.24-1-amd64 #1 SMP Thu Mar 27 16:52:38 UTC 2008 x86_64 GNU/Linux
> 
>> /usr/src/modules/openswan/modobj26/ipsec_proc.c: In function ‘ipsec_tncfg_get_info’:
>> /usr/src/modules/openswan/modobj26/ipsec_proc.c:532: warning: passing argument 1 of ‘__dev_get_by_name’ from incompatible pointer type
>> /usr/src/modules/openswan/modobj26/ipsec_proc.c:532: error: too few arguments to function ‘__dev_get_by_name’
>> /usr/src/modules/openswan/modobj26/ipsec_proc.c: In function ‘ipsec_proc_init’:
>> /usr/src/modules/openswan/modobj26/ipsec_proc.c:921: error: ‘proc_net’ undeclared (first use in this function)
> 
> 2.6.24 obsoleted some of the proc interface, and openswan has not yet been
> updated to use seq_file instead. Try using 2.6.23.
> 
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> !DSPAM:1,481e2fbc83551344965704!
> 
>

More information about the Users mailing list