Más popular

• OpenMosix cluster user area tools
• kradview, a free DICOM viewer for Linux
• Libros recomendados
• Proyectos de fin de carrera ofertados
• Mandar un correo a David

Más leido en mi blog

• La auctoritas y la gestión de equipos
• Gestión de recursos humanos (I): la teoría X
• Gestión de recursos humanos (II): la teoría Y
• Memento mori
• Las reglas del juego del software libre - Introducción
• Búsqueda y selección de personal en empresas de software libre
• Tonterías dañinas: recomendando la comoditización del profesional
• Cosas que me gustaría que mis alumnos universitarios tuvieran claras

• Home
• Blog
• Biografía
• Servicios profesionales
• Docencia
• Investigación
• Software libre

The OpenMosix userland project (user area tools)

Note to the users of OpenMosix.

DON'T PANIC

Maybe you are here because you have read the following bug http://www.securityfocus.com/bid/28663.

If this is the case, DO NOT PANIC, and read the full text. Do not begin the download before you fully understand the following text.

This is a personal issue against me of one of the most influent Argentinian bloggers and his followers. In fact, It was notified first to a well known spanish-spoken media and news agregator -meneame-, and the next day to security-related list, without analysis, patches, or asking me.

In fact, they got a 2003 version of the tools by the age of the fork in the CVS -from the epoch of the fork- and used them to show how incompetent I was.

The facts are:

• The alleged security bug is not considered by experts a valid, exploitable one http://www.securityfocus.com/archive/1/490715.
• The alleged security bug was inherited from MOSIX tools, and was fixed on my version of Userland Tools three years ago. So if you are using a recent version of my Userland Tools, you are outside any danger.
• No matter it is not exploitable, If you have a old version of the tools, you can download my version of Userland tools here. Please be patient, there are several people downloading them.
• If it would be exploitable, it would only be useful if you have developed an application using moslib, and the application have the setuid bit on.
• The security report is wrong. It marks the vulnerability as remote, but this is not true; because if it would be exploitable, it would be a local exploit -it would be a buffer overflow on a console application that do not touch the network.
• OpenMosix HAS SECURITY ISSUES; particulary, with the ports open for migration -the handshaking of the nodes have not a strong authentification system-, so do not keep your cluster on unprotected network zones, and be careful with the users with root password.

Finnaly, if you read the message of the blogger and his court, DO NOT TOUCH the lines:

if (!err) { if (ip_need_two_phase (pe, n, oldpe, oldmosnet, oldnents)) {

They are alleged to be plain wrong, and correct one -and recommended fix- is to change it to:

if (!err && ip_need_two_phase (pe, n, oldpe, oldmosnet, oldnents)) {

The real thing is that the two ways should be the same, but in older gcc compilers with O3 activated, it was detected that ip_needed_two_phase is executed, no matter !err is false. So the two lines should behave on the same way, but they don't on several compilers with O3. Do not make the changes proposed by the famous Argentinian blogger, because the best you can be is on the same way that you are.

To avoid the missuse of old and outdated versions of this project by such persons, old versions are not more available for downloading.

OpenMosix Userland tools Changelog v.0.5.1

- 18/4/2006

Official highly experimental version for kernels 2.6. It works for 2.4 kernels; but It is not inteed to work for 2.6.

• Makefiles for dual-compiling for 2.4 and 2.6 (David Santo Orcero)
• Porting of moslib to 2.6 (David Santo Orcero)
• Porting of migrate to 2.6 (David Santo Orcero)
• Partial porting of mosctl to 2.6 (David Santo Orcero)
• Download the official alpha version of OpenMosix userland tools for 2.6 kernels (stable for 2.4 kernels) here.

Before download it, remember that the code will not compile without the OpenMosix kernel source code and rightly editing configuration file.

---

OpenMosix Userland tools Changelog v.0.3.0-irbis

- 21/2/2005

This is a version that I use on my clusters; it is not the official one.

• All Bryan's and Moreno's bugfixes doesn't really works due to a bug in libmosix. This bug is now fixed (David Santo Orcero)
• Cluster topology relies on /etc/hpc.conf (David Santo Orcero)
• updated mosmon to version 2.0 (Moreno Baricevic)
• fixed a compile issue with regard to 2.4.22-2 (Vincent Hanquez)
• omndiscd retired due to race conditions (David Santo Orcero)
• fix lots of buffer issues (David Santo Orcero)
• static map-file (Martin Høy)
• Compiler warning code cleanups (Ettore Simone, David Santo Orcero)
• Utilities for manipulation of process groups added (Matthias Rechenburg)
• mosctl now handles ≶ 2GB RAM correctly (Bryan Bayerdorffer)

---

Actual versions - v.0.3.x finally stable, mainteance passed to Mirko Caserta

Versions from here to the end of the page were official, but now they are obsolete.

---

OpenMosix Userland tools Changelog v.0.2.4

- 5/8/2002

• Node autodiscovering (Louis Zechtzer)
• New script omsh -launch a remote task with sh sintaxis (David Santo Orcero)
• New omrunon script without bugs (David Santo Orcero)
• Update of node autodiscovering to /proc/hpc (David Santo Orcero)
• Integration of autodiscovery tools on userland tools (David Santo Orcero)
• Old runon script deleted, and softlinked with new omrunon (David Santo Orcero)
• Makefile updated with new credits and legal information (David Santo Orcero)
• mosctl messages fixed and updated (David Santo Orcero)
• moslib messages fixed and updated (David Santo Orcero)
• fixvfork messages fixed and updated (David Santo Orcero)
• migrate messages fixed and updated (David Santo Orcero)
• mon messages fixed and updated (David Santo Orcero)
• mosrun messages fixed and updated (David Santo Orcero)
• setpe messages fixed and updated (David Santo Orcero)
• setpe manpage updated (David Santo Orcero)
• mosrun manpage updated (David Santo Orcero)
• Some more advices on inicialization script (David Santo Orcero)
• Changes to the documentation of the instalation (David Santo Orcero)
• Changes to "configuration" file, $(INSTALLEXTRADIR) bug fixed (David Santo Orcero)
• Beta-testing (Tom)

OpenMosix Userland tools Changelog v.0.2.3

- 9/7/2002

• OpenMosix inicialization script updated (Amit Shah)

OpenMosix Userland tools Changelog v.0.2.2

- 4/7/2002

• Manpage dir now fully configurable for non-LSB distros (David Santo Orcero)
• Information about instalation updated (David Santo Orcero)
• New openMosix inicialization script (Amit Shah)
• Beta-testing (Amit Shah)

OpenMosix Userland tools Changelog v.0.2.1

- 28/6/2002

• Heading kernel files problem fixed at all .c and .h files (David Santo Orcero)
• Configuration file corrected (David Santo Orcero)
• Moved yardstick to 1.4Ghz according with today's CPU speeds (Moshe Bar)
• Beta-testing (Amit Shah)

Changelog v.0.2.0

- 22/4/2002

• Userland tools now rely on /proc/hpc (David Santo Orcero)
• Some changes to directory structure proposed by Martin Høy implemented. (David Santo Orcero)
• Does not touch any more system permissions of system dirs. (David Santo Orcero)
• Some Makefile and mon.c cleanups. (Brian Pontz)
• Some minor cleanups and bugfixes. (David Santo Orcero)

OpenMosix Userland tools Changelog v.0.1.3

- 4/3/2002

• Confirmed by prof. Barak: Mosix is no longer free software.
• Userland tools are now based on 1.1.2; it is the last one that I can proof with matherial proofs that it was GPLed. Anyway, in the horizont we will sweep out all that code. (David Santo Orcero)
• Tune it completly broken without non-GPL code. (David Santo Orcero)
• Minor bugfixes in setpe. (David Santo Orcero)

OpenMosix Userland tools Changelog v.0.1.2

- 28/2/2002

• After a conversation with Mulix, I am in doubt about the licence of the original package. All the old non-GPL code was sweep out, and here you have a distribution completly GPL. Thanks to Reid Huntsinger for point me that older versions has the GPL header. (David Santo Orcero)
• Typo corrected (Moshe Bar)

OpenMosix Userland tools Changelog v.0.1.1

- 24/2/2002

This version is permantently erased, so far Mosix is no longer free software.

• Typo on name of Shlomo Matichen corrected (Moshe Bar).

OpenMosix Userland tools Changelog v.0.1.0

- 24/2/2002

This version is permantently erased, so far Mosix is no longer free software.

• Configuration now clearer and easier. (David Santo Orcero)
• Completly new and better Makefiles. (David Santo Orcero)
• Completly new and better layout. (David Santo Orcero)
• Turn to a makefile structure easier to maintain. (David Santo Orcero)
• Coment Makefile and documentation. (David Santo Orcero)
• Activate all warnings, for me to debug easily. (David Santo Orcero)
• mon name conflict well resolved. (David Santo Orcero)
• No more debian patch needed. (David Santo Orcero)
• Now all binary executables are stripped. (David Santo Orcero)

---