Address-Space Randomization for Windows Systems

Total Page:16

File Type:pdf, Size:1020Kb

Address-Space Randomization for Windows Systems Address-Space Randomization for Windows Systems∗ Lixin Li and JamesE.Just R.Sekar Global InfoTek, Inc., Reston, VA Stony Brook University, Stony Brook, NY {nli,jjust}@globalinfotek.com [email protected] Abstract Wehntrust [21] and Ozone [20]. In addition, Windows Address-space randomization (ASR) is a promising Vista is going to be shipped with a limited implemen- solution to defend against memory corruption attacks tation of ASR [9]. However, these products suffer from that have contributed to about three-quarters of US- one or more of the following drawbacks: CERT advisories in the past few years. Several tech- • Insufficient range of randomization. Windows Vista niques have been proposed for implementing ASR on randomizes base addresses over a range of 256 possi- Linux, but its application to Microsoft Windows, the ble values. This level of randomization is hardly suf- largest monoculture on the Internet, has not received ficient to defeat targeted attacks: the attacker simply as much attention. We address this problem in this pa- needs to try their attack an average of 128 times be- per and describe a solution that provides about 15-bits fore succeeding. This isn’t likely to significantly slow of randomness in the locations of all (code or data) ob- down self-replicating worms either. Wehntrust and jects. Our randomization is applicable to all processes Ozone provide more randomization, but significantly on a Windows box, including all core system services, less than that of DAWSON in some memory regions as well as applications such as web browsers, office ap- such as the stack. plications, and so on. Our solution has been deployed • Incomplete randomization. Often, only a subset continuously for about a year on a desktop system used of memory regions are randomized. For instance, daily, and is robust enough for production use. Wehntrust does not randomize some memory regions. With Ozone, no information is available beyond the 1 Introduction fact that the stack and the DLLs are randomized. An overwhelming majority of security advisories from Unfortunately, if the address of any writable memory US CERT in recent years has been attributed to mem- region is predictable, the attacker can modify their ory corruption attacks. Typically, these attacks en- attack so as to inject code into this region and ex- able a remote attacker to execute arbitrary code on ecute it. Therefore, DAWSON randomizes all such the victim system, thereby providing a mechanism for memory regions. self-propagating worms, installation of backdoors (in- • Lack of detailed analysis. With Wehntrust and cluding “bot” software), spyware, or rootkits. Address- Ozone, even the most basic information about their space randomization (ASR) [16, 3, 23, 4] provides a implementation (e.g., the complete list of memory general defense against memory corruption attacks. regions that are randomized) isn’t available. As a Although several ASR techniques have been described result, one cannot independently analyze or evalu- for Linux [16, 3, 23, 4], to the best of our knowledge, ate the quality of protection provided by them. In there hasn’t been any previous work describing ASR contrast, we provide a detailed analytical as well as for the largest monoculture on the Internet, namely, experimental evaluation of DAWSON. the Microsoft Windows platform. We address this 1.1 Contributions of this paper problem, and describe a system called DAWSON (“Di- versity Algorithms for Worrisome SOftware and Net- • Development of practical techniques for real- works”) that provides about 15-bits of randomness in izing ASR on Windows. The architecture of Win- the locations of all code or data. dows is quite different from UNIX, and poses several In parallel with our work, some commercial prod- unique challenges that necessitate the development ucts for Windows ASR have begun to emerge, namely, of new techniques for realizing randomization. Some of these challenges are: ∗This work was partially funded by Defense Advanced Research Project Agency under contract FA8750-04-C-0244. – Difficulty of relocating critical DLLs. Security- Sekar’s work was also supported in part by an ONR grant critical DLLs such as ntdll and kernel32 are N000140110967 and NSF grants CNS-0208877 and CCR- 0205376. The views and conclusions contained in this document mapped to a fixed memory location by Windows are those of the authors and should not be interpreted as rep- very early in the boot process. Since most of the resenting the official policies, either expressed or implied, of the Defense Advanced Research Project Agency, NSF, ONR, or the APIs targeted by attack code, including all of the U.S. Government. system calls, reside in these DLLs, we needed to Figure 1. Memory Error Exploits. develop techniques to relocate these DLLs. of DAWSON with previous work in Section 3. Our – Lack of access to OS or application source code. technical approach is described in Section 4, followed This means that the primary approach used by by analytical and experimental evaluation in Sections 5 Linux ASR implementations, namely, modification and 6 respectively. Finally, concluding remarks appear of the kernel source, is not an option on Windows. in Section 7. – Lack of UNIX-style shared libraries. In UNIX, dynamically loaded libraries contain position- 2 ASR and Memory Corruption Attacks independent code, which allows them to be shared even if they are loaded at different addresses by dif- Intuitively, a memory error occurs in C programs when ferent processes. In contrast, Windows DLLs need the object accessed via a pointer expression is different to be stored at the same memory address by all from its referent, i.e., the object intended by the pro- processes that share a single copy of the DLL. grammer. Memory errors are classified into spatial and • temporal errors. Temporal errors occur when a pointer Robust implementation. DAWSON applies ASR is dereferenced beyond the lifetime of its referent, e.g., to all Windows services, as well as user applications. access to freed (or reallocated) memory. Security ex- We have had this system running on a production ploits haven’t targeted temporal errors, and indeed, it laptop installed with Windows XP, Office, and SQL is unclear how they can be used in attacks. Conse- and IIS servers. In addition to the standard set quently, security research has focused on spatial errors, of OS services and applications, we have routinely which are caused by (a) dereferencing a pointer that used Office applications, Windows development tools holds a value outside of the bounds of its referent, or (MSVC, .Net, etc.), SQL and IIS servers, and web (b) dereferencing a non-pointer or a corrupted pointer browsers (e.g., IE and Firefox), and haven’t experi- value. enced any compatibility or robustness issues. Perfor- mance overhead of DAWSON is typically under 5%. Figure 1 classifies spatial memory error exploits based on whether pointer corruption is involved or not; • Analytical evaluation of effectiveness. We de- and if so, whether the corrupted pointer refers to a data velop a classification of memory corruption attacks, or code object; and if this object holds values provided and use it subsequently to compare previous works. (“injected”) by the attacker or values already existing We then provide a detailed analytical evaluation of in victim process memory. Within “pointer corruption our approach and provide estimates of success prob- attacks,” we include attacks that corrupt values used abilities for various types of attacks. in address computation, e.g., an integer value used as • Experimental evaluation. We have evaluated the an array subscript. ability of DAWSON to defeat memory corruption at- Absolute address randomization (AAR), used in tacks using 5 real-world exploits, as well as a range [16, 3, 23], randomizes the absolute memory address of sophisticated memory corruption attacks on a syn- of various code and data objects, but the relative dis- thetic application. tances between objects aren’t randomized. AAR blocks 1.2 Paper Organization pointer corruption attacks, since the attacker is no longer able to predict the object that will be refer- We begin with a classification of memory corruption enced by a corrupted pointer value. For instance, a attacks in Section 2 and describe the strengths and stack-smashing attack involves overwriting the return weaknesses of ASR in defending against these attacks. address on the stack with a value that points to a buffer With this background, we then provide a comparison variable used to hold attacker-provided data. The lo- cation of this variable becomes unpredictable in the limitation can totally undermine the effectiveness of presence of AAR, thus defeating the attack. AAR, as we describe below. If a code region S is not Relative address randomization (RAR) techniques randomized, then the attacker can execute a return-to- [4] randomize inter-object distances as well, and hence existing code attack into S. Of particular relevance in can defeat non-pointer attacks. DAWSON imple- Windows is the common use of the instruction sequence ments only AAR, and hence addresses only the pointer- jmp esp which causes a control-transfer to the top of corruption attacks (4 of the 5 categories shown in Fig- the stack. During attacks, it is common for the top of ure 1). In practice, AAR is very effective since mem- the stack to contain attacker provided data. Thus, this ory error exploits reported so far have been based on instruction sequence allows for execution of injected pointer corruption. code. Any unrandomized writable section W poses a ma- 2.1 Limitations of AAR jor threat, as it is possible to mount a 2-step attack as We list the known limitations of ASR here, referring follows. In the first step, the attacker injects a short the reader to previous works such as [3] for details.
Recommended publications
  • Intel Updates
    Intel Updates Jun Nakajima Intel Open Source Technology Center Xen Summit November 2007 Legal Disclaimer y INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. y Intel may make changes to specifications and product descriptions at any time, without notice. y All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. y Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request. y Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. y *Other names and brands may be claimed as the property of others. y Copyright © 2007 Intel Corporation. Throughout this presentation: VT-x refers to Intel®
    [Show full text]
  • EXPLOITING BLUEBORNE in LINUX- BASED IOT DEVICES Ben Seri & Alon Livne
    EXPLOITING BLUEBORNE IN LINUX- BASED IOT DEVICES Ben Seri & Alon Livne EXPLOITING BLUEBORNE IN LINUX-BASED IOT DEVICES – © 2019 ARMIS, INC. Preface 3 Brief Bluetooth Background 4 L2CAP 4 Overview 4 Mutual configuration 5 Linux kernel RCE vulnerability - CVE-2017-1000251 6 Impact 8 Exploitation 9 Case Study #1 - Samsung Gear S3 9 Extracting the smartwatch kernel 9 Leveraging stack overflow into PC control 10 From Kernel to User-Mode 13 Aarch64 Return-Oriented-Programming 13 Structural considerations 14 SMACK 19 Case Study #2 - Amazon Echo 22 Getting out of bounds 23 Analyzing the stack 23 Developing Write-What-Where 26 Putting it all together 28 Case Study #n - Defeating modern mitigations 29 A new information leak vulnerability in the kernel - CVE-2017-1000410 29 Conclusions 31 BLUEBORNE ON LINUX — ©​ 2019 ARMIS, INC. — 2 ​ ​ Preface In September 2017 the BlueBorne attack vector was disclosed by Armis Labs. BlueBorne allows attackers to leverage Bluetooth connections to penetrate and take complete control over targeted devices. Armis Labs has identified 8 vulnerabilities related to this attack vector, affecting four operating systems, including Windows, iOS, Linux, and Android. Previous white papers on BlueBorne were published as well: ● The dangers of Bluetooth implementations detailed the overall research, the attack ​ surface, and the discovered vulnerabilities. ● BlueBorne on Android detailed the exploitation process of the BlueBorne vulnerabilities ​ on Android. This white paper will elaborate upon the Linux RCE vulnerability (CVE-2017-1000251) and its ​ ​ exploitation. The exploitation of this vulnerability will be presented on two IoT devices - a Samsung Gear S3 Smartwatch, and the Amazon Echo digital assistant.
    [Show full text]
  • Dartmouth Computer Science Technical Report TR2011-680 (Draft Version) Exploiting the Hard-Working DWARF: Trojans with No Native Executable Code
    Dartmouth Computer Science Technical Report TR2011-680 (Draft version) Exploiting the Hard-Working DWARF: Trojans with no Native Executable Code James Oakley and Sergey Bratus Computer Science Dept. Dartmouth College Hanover, New Hampshire [email protected] April 11, 2011 Abstract All binaries compiled by recent versions of GCC from C++ programs include complex data and dedicated code for exception handling support. The data structures describe the call stack frame layout in the DWARF format byte- code. The dedicated code includes an interpreter of this bytecode and logic to implement the call stack unwinding. Despite being present in a large class of programs { and therefore poten- tially providing a huge attack surface { this mechanism is not widely known or studied. Of particular interest to us is that the exception handling mech- anism provides the means for fundamentally altering the flow of a program. DWARF is designed specifically for calculating call frame addresses and reg- ister values. DWARF expressions are Turing-complete and may calculate register values based on any readable data in the address space of the pro- cess. The exception handling data is in effect an embedded program residing within every C++ process. This paper explores what can be accomplished with control of the debugging information without modifying the program's text or data. We also examine the exception handling mechanism and argue that it is rife for vulnerability finding, not least because the error states of a program are often those least well tested. We demonstrate the capabilities of this DWARF virtual machine and its suitableness for building a new type of backdoor as well as other implications it has on security.
    [Show full text]
  • Portable Executable File Format
    Chapter 11 Portable Executable File Format IN THIS CHAPTER + Understanding the structure of a PE file + Talking in terms of RVAs + Detailing the PE format + The importance of indices in the data directory + How the loader interprets a PE file MICROSOFT INTRODUCED A NEW executable file format with Windows NT. This for- mat is called the Portable Executable (PE) format because it is supposed to be portable across all 32-bit operating systems by Microsoft. The same PE format exe- cutable can be executed on any version of Windows NT, Windows 95, and Win32s. Also, the same format is used for executables for Windows NT running on proces- sors other than Intel x86, such as MIPS, Alpha, and Power PC. The 32-bit DLLs and Windows NT device drivers also follow the same PE format. It is helpful to understand the PE file format because PE files are almost identi- cal on disk and in RAM. Learning about the PE format is also helpful for under- standing many operating system concepts. For example, how operating system loader works to support dynamic linking of DLL functions, the data structures in- volved in dynamic linking such as import table, export table, and so on. The PE format is not really undocumented. The WINNT.H file has several struc- ture definitions representing the PE format. The Microsoft Developer's Network (MSDN) CD-ROMs contain several descriptions of the PE format. However, these descriptions are in bits and pieces, and are by no means complete. In this chapter, we try to give you a comprehensive picture of the PE format.
    [Show full text]
  • Process Address Spaces and Binary Formats
    Process Address Spaces and Binary Formats Don Porter – CSE 506 Housekeeping ò Lab deadline extended to Wed night (9/14) ò Enrollment finalized – if you still want in, email me ò All students should have VMs at this point ò Email Don if you don’t have one ò TA office hours posted ò Private git repositories should be setup soon Review ò We’ve seen how paging and segmentation work on x86 ò Maps logical addresses to physical pages ò These are the low-level hardware tools ò This lecture: build up to higher-level abstractions ò Namely, the process address space Definitions (can vary) ò Process is a virtual address space ò 1+ threads of execution work within this address space ò A process is composed of: ò Memory-mapped files ò Includes program binary ò Anonymous pages: no file backing ò When the process exits, their contents go away Problem 1: How to represent? ò What is the best way to represent the components of a process? ò Common question: is mapped at address x? ò Page faults, new memory mappings, etc. ò Hint: a 64-bit address space is seriously huge ò Hint: some programs (like databases) map tons of data ò Others map very little ò No one size fits all Sparse representation ò Naïve approach might would be to represent each page ò Mark empty space as unused ò But this wastes OS memory ò Better idea: only allocate nodes in a data structure for memory that is mapped to something ò Kernel data structure memory use proportional to complexity of address space! Linux: vm_area_struct ò Linux represents portions of a process with a vm_area_struct,
    [Show full text]
  • Open and Efficient Type Switch For
    Draft for OOPSLA 2012 Open and Efficient Type Switch for C++ Yuriy Solodkyy Gabriel Dos Reis Bjarne Stroustrup Texas A&M University Texas, USA fyuriys,gdr,[email protected] Abstract – allow for independent extensions, modular type-checking Selecting operations based on the run-time type of an object and dynamic linking. On the other, in order to be accepted is key to many object-oriented and functional programming for production code, the implementation of such a construct techniques. We present a technique for implementing open must equal or outperform all known workarounds. However, and efficient type-switching for hierarchical extensible data existing approaches to case analysis on hierarchical exten- types. The technique is general and copes well with C++ sible data types are either efficient or open, but not both. multiple inheritance. Truly open approaches rely on expensive class-membership To simplify experimentation and gain realistic prefor- testing combined with decision trees []. Efficient approaches mance using production-quality compilers and tool chains, rely on sealing either the class hierarchy or the set of func- we implement our type swich constructs as an ISO C++11 li- tions, which loses extensibility [9, 18, 44, 51]. Consider a brary. Our library-only implementation provides concise no- simple expression language: tation and outperforms the visitor design pattern, commonly exp ∶∶= val S exp + exp S exp − exp S exp ∗ exp S exp~exp used for type-casing scenarios in object-oriented programs. For many uses, it equals or outperforms equivalent code in In an object-oriented language without direct support for languages with built-in type-switching constructs, such as algebraic data types, the type representing an expression-tree OCaml and Haskell.
    [Show full text]
  • Spread for ASP.NET Developer's Guide
    Spread for ASP.NET Developer’s Guide 0 Developer's Guide This guide provides introductory conceptual material and how-to explanations for routine tasks for developers using Spread for ASP.NET. It describes how an application developer would use the properties and methods in Spread to create spreadsheets and grids on Web Forms, bind to databases, and customize the component for your application. Getting Started Understanding the Product Working with the Spread Designer Customizing the Appearance Customizing User Interaction Customizing with Cell Types Managing Data Binding Managing Data in the Component Managing Formulas Managing File Operations Using Sheet Models Maintaining State Working with the Chart Control Using Touch Support with the Component For complete API reference information, refer to the Assembly Reference (on-line documentation). For a complete list of documentation, refer to the Spread for ASP.NET Documentation (on-line documentation). Copyright © GrapeCity, inc. All rights reserved. Spread for ASP.NET Developer’s Guide 1 1 Table of Contents Developer's Guide 0 1. Table of Contents 1-16 Getting Started 17 Handling Installation 17 Installing the Product 17 Licensing a Trial Project after Installation 17 End-User License Agreement 17-18 Creating a Build License 18-19 Handling Redistribution 19-20 Product Requirements 20 Handling Variations In Windows Settings 20-21 Working with the Component 21 Adding a Component to a Web Site using Visual Studio 2015 or 2017 21-24 Adding a Component to a Web Site using Visual Studio 2013
    [Show full text]
  • Download Slides
    Redistribution of this material in any form is not allowed without written permission. ROBOTS AND WINDOWS Joakim Sandström (JODE) nSense define: Joakim Sandström On since 1993’ish 13:37 (EEST) Work: • Chief Technology Officer / Founder @ nSense Interests • Application security • Smartphone security • Code reviews • Writing code • Obscure protocols and more… nSense in a nutshell • Highly specialised in information security • International organization with a strong local presence • Financially independent • The key owners work for the company • High customer satisfaction • ~50 employees Be the leading European IT security assessor Page 4 nSense Service Offering Trusted Advisor Business Enabler Execution Strategic security Security management Vulnerability assessment consultation Penetration testing PCI compliance Security Improvement Program Code reviews ISO and ISF compliance Security reviews and Security coaching analyses services Secure software development Vulnerability management Incident response services Training services Karhu vulnerability scanner Page 5 Main Objectives • Provide a brief overview of the Android and WP7 OS • Security models and architecture • Comparison • Common pitfalls • Allow developers to understand better the underlying platform- and security frameworks. Intro Platforms • Definitions • Overview • Architecture • Ecosystem Devices Outro • Secure programming • Conclusions • Authentication • QA • Authorization • Transport • Storage • Logging • Exception management • Server-side processing Definitions Architecture
    [Show full text]
  • Robust Static Analysis of Portable Executable Malware
    Robust Static Analysis of Portable Executable Malware by Katja Hahn Register INM 11 Master Thesis in Computer Science HTWK Leipzig Fakult¨at Informatik, Mathematik und Naturwissenschaften First Assessor: Prof. Dr. rer. nat. habil. Michael Frank (HTWK Leipzig) Second Assessor: Prof. Dr. rer. nat. Karsten Weicker (HTWK Leipzig) Leipzig, December 2014 Abstract The Portable Executable (PE) format is an architectural independent file format for 32 and 64-bit Windows operating systems. PE format related properties that violate conventions or the specification are called PE malformations. They can cause problems to any program that parses PE files, among others, crashes, refusal to read the file, extracting and displaying wrong information, and inability to parse certain structures. Malware authors use PE malformations to avoid or prolong malware analysis and evade detection by antivirus scanners. This master thesis analyses PE malformations and presents robust PE parsing algorithms. A static analysis library for PE files named PortEx serves as example. The library is hardened successfully against 103 275 PE malware samples and a collection of 269 malformed proof-of-concept files. PortEx is also used to extract statistical information about malicious and clean files, including anomalies in the PE format. The author identifies 31 file properties for heuristic analysis of PE files. Contents 1 Introduction1 1.1 Purpose of Malware Analysis....................1 1.2 PE Format-Related Malware Defence................1 1.3 Robust PE Malware Analysis....................2 1.4 Limitations..............................3 1.5 Roadmap...............................3 2 Malware5 2.1 Malware Types............................5 2.2 File Infection Strategies.......................9 2.3 Malware Analysis........................... 12 2.4 Malware Detection by Antivirus Software............
    [Show full text]
  • Porting Linux Embedded Linux Conference (Europe)
    Porting Linux Embedded Linux Conference (Europe) Porting Linux About Jon Masters ● Been playing with Linux for 14 years (and the kernel for 13 of those), since the age of 13. ● Built embedded NMR scientific instruments, worked with Montavista UK, now at Red Hat. ● Author of the LKML Summary Podcast and the kernel column in Linux User & Developer. ● Co-author of Building Embedded Linux Systems (second edition) – O'Reilly (2008) ● My car still has an empeg :) Porting Linux Overview ● Why port Linux anyway? ● Background pre-requisities ● Early board work ● Bootloader bringup ● Initial kernel bringup ● Debugging ● Working with Upstream ● Trends Porting Linux Why port Linux anyway? ● Linux is very portable ● Supports 23 architectures in the upstream “mainline” kernel tree of Linus Torvalds. ● Kernel is mostly written in C, with some assembly (most architectures only need a dozen such files) ● Split between high-level generic functions and low- level functions to abstract architectural differences. Porting Linux Why port Linux anyway? ● Linux is competitive ● The number of Linux kernel developers contributing to the official kernel has tripled since 2005. ● Feature growth continues with an average of 10K new lines of source code added every day. ● In the hour you spend here 5.45 patches will on average be added to the upstream Linux kernel. ● Source: Linux Foundation analysis Porting Linux Why port Linux anyway? ● Linux is cost effective. ● A large amount of code to build upon. ● Large (growing) community of developers. ● I think we all know the rest. Porting Linux Background pre-requisities ● Hardware ● Development board or simulator – Optional debugger, some kind of UART – Boards range in value from $200-$crazy – Implement the same architecture and platform as the final design but maybe with a number of hacks.
    [Show full text]
  • Developers' Guide Table of Contents
    Developers' Guide Table of Contents 1. Developers' Guide . 1 1.1. Other Guides . 1 2. Using an IDE . 2 2.1. Developing using IntelliJ IDEA . 2 2.2. Developing using Eclipse . 38 3. Building Apache Isis . 45 3.1. Git. 45 3.2. Installing Java . 47 3.3. Installing Maven. 48 3.4. Building all of Apache Isis . 49 3.5. Checking for Vulnerabilities . 49 3.6. Checking for use of internal JDK APIs . 49 4. AsciiDoc Documentation . 51 4.1. Where to find the Docs . 51 4.2. Naming Conventions . 51 4.3. Writing the docs . 52 4.4. Build and Review (using Maven) . 52 4.5. Instant Rebuild (using Ruby) . 52 4.6. Publish procedure . 53 5. Contributing . 54 5.1. Recommended Workflow (github) . 54 5.2. Alternative Workflow (JIRA patches) . 55 5.3. Setting up your fork/clone . 56 5.4. Commit messages . 56 5.5. Creating the patch file . 57 5.6. Sample Contribution Workflow . 57 5.7. If your pull request is accepted . 59 6. Appendix: Git Cookbook. 61 6.1. Modifying existing files . 61 6.2. Adding new files . 61 6.3. Deleting files . 61 6.4. Renaming or moving files . 62 6.5. Common Workflows . 62 6.6. Backing up a local branch . 62 6.7. Quick change: stashing changes . 62 6.8. Ignoring files . 63 6.9. More advanced use cases . 63 6.10. If you’ve accidentally worked on master branch . 64 6.11. If you’ve forgotten to prefix your commits (but not pushed) . 64 7. Appendix: Working with Many Repos .
    [Show full text]
  • Archiving Geocue Projects in Microsoft SQL Server
    CueTip Archiving GeoCue Projects in Microsoft SQL Server GeoCue Group Support January 16, 2015 Revision 2.0 Introduction GeoCue Server runs on top of a SQL database. The database stores all the metadata about projects as well as all internal links to the geospatial data stored in the GeoCue warehouses. The database may be a full SQL database installation or a limited edition of SQL such as Microsoft SQL Server Express (Express) or Microsoft SQL Desktop Engine (MSDE). Express and MSDE are free versions of SQL limited to five concurrent users and a maximum database file size of 10GB (SQL Express 2008 R2 and later) or 2 GB respectively. Note that it is very important to make sure regular GeoCue database backups are integrated with your standard IT backup and archiving policies. Failure to back-up your GeoCue database on a regular basis can result in a significant loss of project data in the case of a hardware or software failure. Once the database size limit will be exceeded GeoCue will no longer be able to store additional metadata about projects as SQL will be unable to allocate additional space in the database - even if the current database size has yet to cross that threshold. Before the file size reaches the database limit of an Express version, it is recommended that a user upgrade to a full version of SQL Server. If a user does not have the ability to upgrade to a full version of SQL Server then the next best option is to delete old or unnecessary projects within the database using project utilities in the GeoCue Client.
    [Show full text]