Safe ’n‘ Simple

Security is hard

Sicherheit ist nicht einfach. Dies gilt allgemein, aber auch und insbesondere für Linux-Systeme. Denn wenn man – wie man es machen sollte – die /tmp-Partition mit noexec einbindet, so kommt es des öfteren vor, dass aptitude bzw. apt-get Probleme haben, da auf /tmp Skripte ausgeführt werden sollen.

Das hat mich bei der Aktualisierung eben wieder angenervt, weswegen ich endlich mal nach einer Lösung gesucht habe. Gefunden habe ich http://www.debian-administration.org/articles/57 , hier ganz kurz die Punchline des Artikels:

Add the following to the file /etc/apt/apt.conf:

DPkg::Pre-Install-Pkgs {"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};

Ich hoffe, das funktioniert auch wirklich. Beim nächsten Update werde ich es erfahren.

Fedora 7 and problems with the laptop fan

Maybe this also concerns others, despite me.
I have Fedora running on my Acer Laptop, which is a Travelmate 661 LCi (now running flawlessly for almost four years!). Since I upgraded to Fedora 7 with its Kernel 2.6.21 I had problems with the fan of the laptop: When it started spinning, the laptop froze. Under X, it froze the whole computer, the num lock led was blinking. When using the console solely, the computer just froze and sometimes threw some acpi error messages on the console.

Well, after a while I found out, that it is a regression in the Linux kernel, bug #8385 in kernel’s bugzilla, to be more precise.

So, what to do about that? I want to use Fedora 7 and its kernels. Just patch them with the patch supplied in Comment #50 of the above mentioned bugzilla report. And for those new to building kernels, here is a short howto on how to do so (hence the name „howto“…)

  1. Install the fedora-devtools package: yum install fedora-rpmdevtools unifdef
  2. Create your rpmbuild-directory: fedora-buildrpmtree
  3. cd ~/rpmbuild/SRPMS
  4. wget http://download.fedora.redhat.com/pub/fedora/linux/updates/7/SRPMS/kernel-2.6.21-1.3228.fc7.src.rpm (or whatever kernel you would like to install)
  5. rpm -ivh ~/rpmbuild/SRPMS/kernel-2.6.21-1.3228.fc7.src.rpm
  6. cd ~/rpmbuild/SPECS; rpmbuild -bp kernel-2.6.spec
  7. cd ~/rpmbuild/BUILD/kernel-2.6.21/linux-2.6.21.i386 ; vi Makefile (your actual directory may differ)
  8. Change the string behing EXTRAVERSION to something sensible, let’s say -own.kernel
  9. Download the patch:
    wget -O p1.patch „http://bugzilla.kernel.org/attachment.cgi?id=11684“
  10. Apply the patch:
    patch -p1 < p1.patch
  11. make oldconfig (we will not customize the kernel in any way, so no make menuconfig or similar done now)
  12. make; su -c „make modules_install && make install“
  13. reboot
  14. When rebooting make sure to chose the new kernel in grub. The default choice can be selected by editing /etc/grub.conf

I hope, this mini-howto helps anyone out there to get Fedora 7 turned back into a usable system again.

Update: edited to include the recent development / updates / better patches