* [PATCH v3 1/2] ima_evm_utils: erroneous "verification failed: 0 (invalid padding)" message
@ 2019-07-18 14:29 Mimi Zohar
2019-07-18 14:29 ` [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors Mimi Zohar
0 siblings, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2019-07-18 14:29 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar
When public keys are specified on the boot command line (--key <public
key file>, [<public key file>, ...]), the appropriate public key is used
to verify EVM or file signatures. If no keys are specified, the default
x509_evm.der or x509_evm.pem file is used to verify the DIGSIG_VERSION_2
or DIGSIG_VERSION_1 signatures respectively, without first checking the
keyids. Instead of emitting a "verification failed: 0 (invalid
padding)" message, an "unknown keyid" message would be clearer.
To address this problem, when no public keys are specified, this patch
loads the x509_evm.der default public key onto the "public_keys" list,
while the x509_evm.pem continues to be passed to verify_hash_v1(). As a
result of this change, the verify_hash_v2() "key" parameter is
unnecssary and is removed.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
src/evmctl.c | 14 +++++++++++---
src/libimaevm.c | 56 ++++++++++++++++++++++----------------------------------
2 files changed, 33 insertions(+), 37 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 61808d276419..9e0926f10404 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -838,6 +838,11 @@ static int cmd_verify_evm(struct command *cmd)
return -1;
}
+ if (params.keyfile) /* Support multiple public keys */
+ init_public_keys(params.keyfile);
+ else /* assume read pubkey from x509 cert */
+ init_public_keys("/etc/keys/x509_evm.der");
+
err = verify_evm(file);
if (!err && params.verbose >= LOG_INFO)
log_info("%s: verification is OK\n", file);
@@ -879,8 +884,10 @@ static int cmd_verify_ima(struct command *cmd)
char *file = g_argv[optind++];
int err;
- if (params.keyfile)
+ if (params.keyfile) /* Support multiple public keys */
init_public_keys(params.keyfile);
+ else /* assume read pubkey from x509 cert */
+ init_public_keys("/etc/keys/x509_evm.der");
errno = 0;
if (!file) {
@@ -1602,9 +1609,10 @@ static int ima_measurement(const char *file)
return -1;
}
- /* Support multiple public keys */
- if (params.keyfile)
+ if (params.keyfile) /* Support multiple public keys */
init_public_keys(params.keyfile);
+ else /* assume read pubkey from x509 cert */
+ init_public_keys("/etc/keys/x509_evm.der");
while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
ima_extend_pcr(pcr[entry.header.pcr], entry.header.digest,
diff --git a/src/libimaevm.c b/src/libimaevm.c
index ae487f9fe36c..43eb4ef2412c 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -302,6 +302,9 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
X509 *crt = NULL;
EVP_PKEY *pkey = NULL;
+ if (!keyfile)
+ return NULL;
+
fp = fopen(keyfile, "r");
if (!fp) {
log_err("Failed to open keyfile: %s\n", keyfile);
@@ -348,8 +351,8 @@ RSA *read_pub_key(const char *keyfile, int x509)
return key;
}
-int verify_hash_v1(const char *file, const unsigned char *hash, int size,
- unsigned char *sig, int siglen, const char *keyfile)
+static int verify_hash_v1(const char *file, const unsigned char *hash, int size,
+ unsigned char *sig, int siglen, const char *keyfile)
{
int err, len;
SHA_CTX ctx;
@@ -449,12 +452,13 @@ void init_public_keys(const char *keyfiles)
/*
* Return: 0 verification good, 1 verification bad, -1 error.
*/
-int verify_hash_v2(const char *file, const unsigned char *hash, int size,
- unsigned char *sig, int siglen, const char *keyfile)
+static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+ unsigned char *sig, int siglen)
{
int ret = -1;
EVP_PKEY *pkey, *pkey_free = NULL;
struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
+ uint32_t keyid = hdr->keyid;
EVP_PKEY_CTX *ctx;
const EVP_MD *md;
const char *st;
@@ -464,20 +468,11 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
log_dump(hash, size);
}
- if (public_keys) {
- uint32_t keyid = hdr->keyid;
-
- pkey = find_keyid(keyid);
- if (!pkey) {
- log_err("%s: unknown keyid: %x\n", file,
- __be32_to_cpup(&keyid));
- return -1;
- }
- } else {
- pkey = read_pub_pkey(keyfile, 1);
- if (!pkey)
- return -1;
- pkey_free = pkey;
+ pkey = find_keyid(keyid);
+ if (!pkey) {
+ log_err("%s: unknown keyid: %x\n",
+ file, __be32_to_cpup(&keyid));
+ return -1;
}
st = "EVP_PKEY_CTX_new";
@@ -569,28 +564,21 @@ static int get_hash_algo_from_sig(unsigned char *sig)
int verify_hash(const char *file, const unsigned char *hash, int size, unsigned char *sig,
int siglen)
{
- const char *key;
- int x509;
- verify_hash_fn_t verify_hash;
+ const char *key = NULL;
/* Get signature type from sig header */
if (sig[0] == DIGSIG_VERSION_1) {
- verify_hash = verify_hash_v1;
+
/* Read pubkey from RSA key */
- x509 = 0;
- } else if (sig[0] == DIGSIG_VERSION_2) {
- verify_hash = verify_hash_v2;
- /* Read pubkey from x509 cert */
- x509 = 1;
- } else
- return -1;
+ if (!params.keyfile)
+ key = "/etc/keys/pubkey_evm.pem";
+ return verify_hash_v1(file, hash, size, sig, siglen, key);
+ }
- /* Determine what key to use for verification*/
- key = params.keyfile ? : x509 ?
- "/etc/keys/x509_evm.der" :
- "/etc/keys/pubkey_evm.pem";
+ if (sig[0] == DIGSIG_VERSION_2)
+ return verify_hash_v2(file, hash, size, sig, siglen);
- return verify_hash(file, hash, size, sig, siglen, key);
+ return -1;
}
int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
--
2.7.5
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-18 14:29 [PATCH v3 1/2] ima_evm_utils: erroneous "verification failed: 0 (invalid padding)" message Mimi Zohar
@ 2019-07-18 14:29 ` Mimi Zohar
2019-07-23 22:18 ` Vitaly Chikunov
0 siblings, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2019-07-18 14:29 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar
Each tima a new unknown key is encountered, emit a message of the format
"key #: <keyid> unknown". The individual files using unknown keys are
then only logged in verbose mode.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
src/libimaevm.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 43eb4ef2412c..d2194a6ca0f8 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
static EVP_PKEY *find_keyid(uint32_t keyid)
{
- struct public_key_entry *entry;
+ struct public_key_entry *entry, *tail = public_keys;
+ int i = 1;
for (entry = public_keys; entry != NULL; entry = entry->next) {
if (entry->keyid == keyid)
return entry->key;
+ i++;
+ tail = entry;
}
- return NULL;
+
+ /* add unknown keys to list */
+ entry = calloc(1, sizeof(struct public_key_entry));
+ if (!entry) {
+ perror("calloc");
+ return 0;
+ }
+ entry->keyid = keyid;
+ tail->next = entry;
+ log_err("key %d: %x unknown\n", i, __be32_to_cpup(&keyid));
+ return 0;
}
void init_public_keys(const char *keyfiles)
@@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
pkey = find_keyid(keyid);
if (!pkey) {
- log_err("%s: unknown keyid: %x\n",
- file, __be32_to_cpup(&keyid));
+ log_info("%s: unknown keyid: %x\n",
+ file, __be32_to_cpup(&keyid));
return -1;
}
--
2.7.5
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-18 14:29 ` [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors Mimi Zohar
@ 2019-07-23 22:18 ` Vitaly Chikunov
2019-07-23 22:59 ` Mimi Zohar
0 siblings, 1 reply; 7+ messages in thread
From: Vitaly Chikunov @ 2019-07-23 22:18 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity
Mimi,
On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> Each tima a new unknown key is encountered, emit a message of the format
> "key #: <keyid> unknown". The individual files using unknown keys are
> then only logged in verbose mode.
>
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> src/libimaevm.c | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 43eb4ef2412c..d2194a6ca0f8 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
>
> static EVP_PKEY *find_keyid(uint32_t keyid)
> {
> - struct public_key_entry *entry;
> + struct public_key_entry *entry, *tail = public_keys;
If user specified in `-k` filename that does not exist no key is added
into public_keys and it remains NULL.
> + int i = 1;
>
> for (entry = public_keys; entry != NULL; entry = entry->next) {
> if (entry->keyid == keyid)
> return entry->key;
> + i++;
> + tail = entry;
> }
> - return NULL;
> +
> + /* add unknown keys to list */
> + entry = calloc(1, sizeof(struct public_key_entry));
> + if (!entry) {
> + perror("calloc");
> + return 0;
> + }
> + entry->keyid = keyid;
> + tail->next = entry;
In that case here is SIGSEGV when user try to ima_verify.
> + log_err("key %d: %x unknown\n", i, __be32_to_cpup(&keyid));
> + return 0;
> }
>
> void init_public_keys(const char *keyfiles)
> @@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
>
> pkey = find_keyid(keyid);
> if (!pkey) {
> - log_err("%s: unknown keyid: %x\n",
> - file, __be32_to_cpup(&keyid));
> + log_info("%s: unknown keyid: %x\n",
> + file, __be32_to_cpup(&keyid));
> return -1;
> }
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-23 22:18 ` Vitaly Chikunov
@ 2019-07-23 22:59 ` Mimi Zohar
2019-07-23 23:13 ` Vitaly Chikunov
0 siblings, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2019-07-23 22:59 UTC (permalink / raw)
To: Vitaly Chikunov; +Cc: linux-integrity
On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> Mimi,
>
> On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > Each tima a new unknown key is encountered, emit a message of the format
> > "key #: <keyid> unknown". The individual files using unknown keys are
> > then only logged in verbose mode.
> >
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > ---
> > src/libimaevm.c | 21 +++++++++++++++++----
> > 1 file changed, 17 insertions(+), 4 deletions(-)
> >
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index 43eb4ef2412c..d2194a6ca0f8 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> >
> > static EVP_PKEY *find_keyid(uint32_t keyid)
> > {
> > - struct public_key_entry *entry;
> > + struct public_key_entry *entry, *tail = public_keys;
>
> If user specified in `-k` filename that does not exist no key is added
> into public_keys and it remains NULL.
Right, just the keyid is added and an error message is emitted.
>
> > + int i = 1;
> >
> > for (entry = public_keys; entry != NULL; entry = entry->next) {
> > if (entry->keyid == keyid)
> > return entry->key;
> > + i++;
> > + tail = entry;
> > }
> > - return NULL;
> > +
> > + /* add unknown keys to list */
> > + entry = calloc(1, sizeof(struct public_key_entry));
> > + if (!entry) {
> > + perror("calloc");
> > + return 0;
> > + }
> > + entry->keyid = keyid;
> > + tail->next = entry;
>
> In that case here is SIGSEGV when user try to ima_verify.
find_keyid() returns NULL, which is checked before being used.
There's only one caller of this function.
Do you have a test case to reproduce this bug?
Mimi
>
> > + log_err("key %d: %x unknown\n", i, __be32_to_cpup(&keyid));
> > + return 0;
> > }
> >
> > void init_public_keys(const char *keyfiles)
> > @@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
> >
> > pkey = find_keyid(keyid);
> > if (!pkey) {
> > - log_err("%s: unknown keyid: %x\n",
> > - file, __be32_to_cpup(&keyid));
> > + log_info("%s: unknown keyid: %x\n",
> > + file, __be32_to_cpup(&keyid));
> > return -1;
> > }
> >
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-23 22:59 ` Mimi Zohar
@ 2019-07-23 23:13 ` Vitaly Chikunov
2019-07-24 0:19 ` Mimi Zohar
0 siblings, 1 reply; 7+ messages in thread
From: Vitaly Chikunov @ 2019-07-23 23:13 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity
Mimi,
On Tue, Jul 23, 2019 at 06:59:16PM -0400, Mimi Zohar wrote:
> On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> > On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > > Each tima a new unknown key is encountered, emit a message of the format
> > > "key #: <keyid> unknown". The individual files using unknown keys are
> > > then only logged in verbose mode.
> > >
> > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > ---
> > > src/libimaevm.c | 21 +++++++++++++++++----
> > > 1 file changed, 17 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > index 43eb4ef2412c..d2194a6ca0f8 100644
> > > --- a/src/libimaevm.c
> > > +++ b/src/libimaevm.c
> > > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> > >
> > > static EVP_PKEY *find_keyid(uint32_t keyid)
> > > {
> > > - struct public_key_entry *entry;
> > > + struct public_key_entry *entry, *tail = public_keys;
> >
> > If user specified in `-k` filename that does not exist no key is added
> > into public_keys and it remains NULL.
>
> Right, just the keyid is added and an error message is emitted.
>
> >
> > > + int i = 1;
> > >
> > > for (entry = public_keys; entry != NULL; entry = entry->next) {
> > > if (entry->keyid == keyid)
> > > return entry->key;
> > > + i++;
> > > + tail = entry;
> > > }
> > > - return NULL;
> > > +
> > > + /* add unknown keys to list */
> > > + entry = calloc(1, sizeof(struct public_key_entry));
> > > + if (!entry) {
> > > + perror("calloc");
> > > + return 0;
> > > + }
> > > + entry->keyid = keyid;
> > > + tail->next = entry;
> >
> > In that case here is SIGSEGV when user try to ima_verify.
>
> find_keyid() returns NULL, which is checked before being used.
> There's only one caller of this function.
find_keyid does not return since tail is NULL, thus there is null
dereference in `tail->next`.
> Do you have a test case to reproduce this bug?
ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
Failed to open keyfile: /absent
Segmentation fault
31b5f50 is head of your git next branch.
I temporary fixed like this:
- tail->next = entry;
+ if (tail)
+ tail->next = entry;
+ else
+ public_keys = entry;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-23 23:13 ` Vitaly Chikunov
@ 2019-07-24 0:19 ` Mimi Zohar
2019-07-24 0:50 ` Vitaly Chikunov
0 siblings, 1 reply; 7+ messages in thread
From: Mimi Zohar @ 2019-07-24 0:19 UTC (permalink / raw)
To: Vitaly Chikunov; +Cc: linux-integrity
On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote:
> Mimi,
>
> On Tue, Jul 23, 2019 at 06:59:16PM -0400, Mimi Zohar wrote:
> > On Wed, 2019-07-24 at 01:18 +0300, Vitaly Chikunov wrote:
> > > On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> > > > Each tima a new unknown key is encountered, emit a message of the format
> > > > "key #: <keyid> unknown". The individual files using unknown keys are
> > > > then only logged in verbose mode.
> > > >
> > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > > ---
> > > > src/libimaevm.c | 21 +++++++++++++++++----
> > > > 1 file changed, 17 insertions(+), 4 deletions(-)
> > > >
> > > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > > index 43eb4ef2412c..d2194a6ca0f8 100644
> > > > --- a/src/libimaevm.c
> > > > +++ b/src/libimaevm.c
> > > > @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
> > > >
> > > > static EVP_PKEY *find_keyid(uint32_t keyid)
> > > > {
> > > > - struct public_key_entry *entry;
> > > > + struct public_key_entry *entry, *tail = public_keys;
> > >
> > > If user specified in `-k` filename that does not exist no key is added
> > > into public_keys and it remains NULL.
> >
> > Right, just the keyid is added and an error message is emitted.
> >
> > >
> > > > + int i = 1;
> > > >
> > > > for (entry = public_keys; entry != NULL; entry = entry->next) {
> > > > if (entry->keyid == keyid)
> > > > return entry->key;
> > > > + i++;
> > > > + tail = entry;
> > > > }
> > > > - return NULL;
> > > > +
> > > > + /* add unknown keys to list */
> > > > + entry = calloc(1, sizeof(struct public_key_entry));
> > > > + if (!entry) {
> > > > + perror("calloc");
> > > > + return 0;
> > > > + }
> > > > + entry->keyid = keyid;
> > > > + tail->next = entry;
> > >
> > > In that case here is SIGSEGV when user try to ima_verify.
> >
> > find_keyid() returns NULL, which is checked before being used.
> > There's only one caller of this function.
>
> find_keyid does not return since tail is NULL, thus there is null
> dereference in `tail->next`.
>
> > Do you have a test case to reproduce this bug?
>
> ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
> ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
> ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
> ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
> Failed to open keyfile: /absent
> Segmentation fault
>
> 31b5f50 is head of your git next branch.
>
> I temporary fixed like this:
>
> - tail->next = entry;
> + if (tail)
> + tail->next = entry;
> + else
> + public_keys = entry;
I see. If you don't object, I'll fold this into the original patch.
Mimi
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors
2019-07-24 0:19 ` Mimi Zohar
@ 2019-07-24 0:50 ` Vitaly Chikunov
0 siblings, 0 replies; 7+ messages in thread
From: Vitaly Chikunov @ 2019-07-24 0:50 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity
Mimi,
On Tue, Jul 23, 2019 at 08:19:46PM -0400, Mimi Zohar wrote:
> On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote:
> > > > > + tail->next = entry;
> > > >
> > > > In that case here is SIGSEGV when user try to ima_verify.
> > >
> > > find_keyid() returns NULL, which is checked before being used.
> > > There's only one caller of this function.
> >
> > find_keyid does not return since tail is NULL, thus there is null
> > dereference in `tail->next`.
> >
> > > Do you have a test case to reproduce this bug?
> >
> > ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
> > ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
> > ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
> > ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
> > Failed to open keyfile: /absent
> > Segmentation fault
> >
> > 31b5f50 is head of your git next branch.
> >
> > I temporary fixed like this:
> >
> > - tail->next = entry;
> > + if (tail)
> > + tail->next = entry;
> > + else
> > + public_keys = entry;
>
> I see. If you don't object, I'll fold this into the original patch.
Of course.
Thanks,
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-07-24 0:50 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-18 14:29 [PATCH v3 1/2] ima_evm_utils: erroneous "verification failed: 0 (invalid padding)" message Mimi Zohar
2019-07-18 14:29 ` [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors Mimi Zohar
2019-07-23 22:18 ` Vitaly Chikunov
2019-07-23 22:59 ` Mimi Zohar
2019-07-23 23:13 ` Vitaly Chikunov
2019-07-24 0:19 ` Mimi Zohar
2019-07-24 0:50 ` Vitaly Chikunov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).