DOCSLIB.ORG

Operating System Stability and Security Through Process Homeostasis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Operating System Stability and Security Through Process Homeostasis Operating System Stability and Security through Process Homeostasis by Anil Buntwal Somayaji B.S., Massachusetts Institute of Technology, 1994 DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Computer Science The University of New Mexico Albuquerque, New Mexico May 2002 c 2002, Anil Buntwal Somayaji ! iii Dedication To all those system administrators who spend their days nursemaiding our computers. iv Acknowledgments Graduate school has turned out to be a long, difficult, but rewarding journey for me, and I would not have made it this far without the help of many, many people. I cannot hope to completely document how these influences have helped me grow; nevertheless, I must try and acknowledge those who have accompanied me. First, I would like to thank my committee: David Ackley, Rodney Brooks, Barney Maccabe, Margo Seltzer, and especially my advisor, Stephanie Forrest. They all had to read through a rougher manuscript than I would have liked, and had to do so under significant time pressures. They provided invaluable feedback on my ideas and experiments. Most importantly, they have been my teachers. I’m also grateful to have been part of the Adaptive Computation Group at the University of New Mexico and to have been a member of the complex adaptive systems community here in New Mexico. Fellow graduate students at UNM and colleagues at the Santa Fe Institute have shaped my thoughts and have inspired me to do my best work. I will miss all of you. The Computer Science Department at UNM has been my home for the past several years. Its faculty members have instructed me and have treated me as a colleague; its administrative staff have helped me with the practical details of being a graduate student. The department has been a supportive environment, and it will be hard to leave. Also, the Systems Support Group of the UNM Computer Science department helped me collect some of my most important datasets. In the process, they sometimes had to deal with crises that I inadvertently created. They have been both helpful and understanding. Over the past several years many people in the computer security community have helped us understand important past work, yet have also encouraged us to pursue our own vision. They have been valuable colleagues and friends. The Massachusetts Institute of Technology was my home during my undergrad- uate years, and I was also a visiting graduate student in its Artificial Intelligence laboratory during the 1996-97 academic year. This year was a valuable part of my graduate school education. With the help of my former physics teacher, Bill Rodriguez, the University School of Nashville’s web server provided the best data on the behavior of pH. Finally, I must thank my many friends for supporting me, Dana for being there during the last stages of my graduate career, and my parents and my sister Shalini for providing the love and support to get me this far. This work was funded by NSF, DARPA, ONR, Intel, and IBM. v Operating System Stability and Security through Process Homeostasis by Anil Buntwal Somayaji ABSTRACT OF DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Computer Science The University of New Mexico Albuquerque, New Mexico May 2002 Operating System Stability and Security through Process Homeostasis by Anil Buntwal Somayaji B.S., Massachusetts Institute of Technology, 1994 Ph.D., Computer Science, University of New Mexico, 2002 Abstract Modern computer systems are plagued with stability and security problems: ap- plications lose data, web servers are hacked, and systems crash under heavy load. Many of these problems arise from rare program behaviors. pH (process Homeosta- sis) is a Linux 2.2 kernel extension which detects unusual program behavior and responds by slowing down that behavior. Inspired by the homeostatic mechanisms organisms use to stabilize their internal environment, pH detects changes in pro- gram behavior by observing changes in short sequences of system calls. When pH determines that a process is behaving unusually, it responds by slowing down that process’s system calls. If the anomaly corresponds to a security violation, delays often stop attacks before they can do damage. Delays also give users time to decide whether further actions are warranted. vii My dissertation describes the rationale, design, and behavior of pH. Experimental results are reported which show that pH effectively captures the normal behavior of a variety of programs under normal use conditions. This captured behavior allows it to detect anomalies with a low rate of false positives (as low as 1 user interven- tion every five days). Data are presented that show pH responds effectively and autonomously to buffer overflows, trojan code, and kernel security flaws. pH can also help administrators by detecting newly-introduced configuration errors. At the same time, pH is extremely lightweight: it incurs a general performance penalty of only a few percent, a slowdown that is imperceptible in practice. The pH prototype is licensed under the GNU General Public License and is available for download at http://www.cs.unm.edu/ soma/pH/. ∼ viii Contents List of Figures xv List of Tables xvii 1 Introduction 1 1.1 Motivation . 2 1.2 Computer Homeostasis . 3 1.3 System-call Monitoring and Response . 6 1.4 Contributions . 8 1.5 Overview . 9 2 Background 10 2.1 Computer Security . 10 2.1.1 Intrusion Detection . 12 2.1.2 Automated Response . 16 2.1.3 Kernel-level Security Projects . 18 ix Contents 2.2 Operating Systems . 19 2.3 Compilers . 20 2.4 Fault Tolerance . 21 2.5 System Administration . 23 2.6 Artificial Life & Robotics . 24 3 Homeostasis 27 3.1 Biological Homeostasis . 28 3.1.1 Temperature Control . 28 3.1.2 Immune System . 29 3.2 Process Homeostasis . 32 3.2.1 Requirements . 33 3.2.2 Abstractions . 34 3.2.3 Enclosed System . 36 3.2.4 System Property . 36 3.2.5 Detector . 37 3.2.6 Effector . 39 3.2.7 The User’s View of pH . 40 4 Analyzing System Call Sequences 43 4.1 Requirements . 43 x Contents 4.2 Description . 45 4.3 Analysis . 49 4.3.1 Speed . 50 4.3.2 Profile Size . 51 4.3.3 Convergence . 52 4.3.4 Anomaly Sensitivity . 54 4.4 Summary . 55 5 Implementing pH 57 5.1 Why a kernel implementation? . 57 5.2 Implementation Overview . 59 5.3 Classifying Normal Profiles . 63 5.3.1 Requirements . 63 5.3.2 Profile Heuristics . 64 5.4 Delaying System Calls . 66 5.5 Tolerization and Sensitization . 69 5.6 Data Structures . 70 5.7 Kernel Integration . 74 5.8 Interacting with pH . 76 5.9 Parameters . 79 5.9.1 System Call Window Sizes . 80 xi Contents 5.9.2 Logging . 80 5.9.3 Classifying Normal Profiles . 81 5.9.4 Automated Response . 82 5.10 Performance . 84 6 Normal Program Behavior in Practice 88 6.1 What is Normal Behavior? . 89 6.2 A Day in Detail . 91 6.3 Choosing a Method & Window Size . 95 6.4 A Few Weeks on a Personal Workstation . 98 6.5 Normal Monitoring . 99 6.6 False Positives . 104 6.7 Normal Behavior on Other Hosts . 108 6.8 Profile Diversity and Complexity . 111 6.9 suspend execve Issues & Longer-Term Data . 116 6.10 Normal in Practice . 119 7 Anomalous Behavior 121 7.1 What Changes Are Detectable? . 122 7.2 Inetd Perturbations . 129 7.2.1 Daytime . 131 xii Contents 7.2.2 Chargen . 132 7.2.3 Unknown External Program . 135 7.2.4 Unknown Service . 137 7.2.5 Summary . 140 7.3 Intrusions . 141 7.3.1 A Buffer Overflow . 143 7.3.2 Trojan Code . 145 7.3.3 A Kernel Vulnerability . 147 7.4 Other Attacks . 149 7.4.1 Earlier pH Experiments . 149 7.4.2 Linux capability exploit . 152 7.4.3 System-call Monitoring Experiments . 153 7.5 Intelligent Adversaries . 156 7.6 Summary . 158 8 Discussion 160 8.1 Contributions . 160 8.2 Limitations . 162 8.2.1 Capturing Normal Behavior . 163 8.2.2 Denial of Service . 164 8.2.3 Portability . 166 xiii Contents 8.3 Computer Homeostasis . 168 References 170 xiv List of Figures 1.1 A schematic diagram of classes of program behavior. 4 1.2 The process of making a system call. 7 3.1 An MHC-peptide complex . 31 5.1 Basic flow of control and data in a pH-modified Linux kernel. 61 5.2 Training and testing datasets . 62 5.3 pHmon screenshot . 62 5.4 pH’s normal profile heuristics. 65 5.5 Schematic delay graph . ..
Load more

Recommended publications
  • Software Security for Open-Source Systems
    Open-Source Security Software Security for Open-Source Systems Debate over whether open-source software development leads to more or less secure software has raged for years. Neither is in- trinsically correct: open-source software gives both attackers and defenders greater power over system security. Fortunately, several security-enhancing technologies for open-source sys- tems can help defenders improve their security. classify methods that CRISPIN ome people have claimed that open-source ensure and enforce COWAN software is intrinsically more secure than closed the “nothing else” part into three broad categories: WireX source,1 and others have claimed that it’s not.2 Communications Neither case is absolutely true: they are essen- • Software auditing, which prevents vulnerabilities by Stially flip sides of the same coin. Open source gives both searching for them ahead of time, with or without auto- attackers and defenders greater analytic power to do matic analysis something about software vulnerabilities. If the defender • Vulnerability mitigation, which are compile-time tech- does nothing about security, though, open source just niques that stop bugs at runtime gives that advantage away to the attacker. • Behavior management, which are operating system fea- However, open source also offers great advantages to tures that either limit potential damage or block specif- the defender, giving access to security techniques that are ic behaviors known to be dangerous normally infeasible with closed-source software. Closed source forces users to accept the level of security diligence Software auditing that the vendor chooses to provide, whereas open source The least damaging software vulnerability is the one that lets users (or other collectives of people) raise the bar on never happens.
    [Show full text]
  • Hardening Linux
    eBooks-IT.org 4444_FM_final.qxd 1/5/05 12:39 AM Page i eBooks-IT.org Hardening Linux JAMES TURNBULL 4444_FM_final.qxd 1/5/05 12:39 AM Page ii eBooks-IT.org Hardening Linux Copyright © 2005 by James Turnbull All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN (pbk): 1-59059-444-4 Printed and bound in the United States of America 987654321 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Jim Sumser Technical Reviewer: Judith Myerson Editorial Board: Steve Anglin, Dan Appleman, Ewan Buckingham, Gary Cornell, Tony Davis, Jason Gilmore, Chris Mills, Dominic Shakeshaft, Jim Sumser Project Manager: Kylie Johnston Copy Edit Manager: Nicole LeClerc Copy Editor: Kim Wimpsett Production Manager: Kari Brooks-Copony Production Editor: Kelly Winquist Compositor: Linda Weidemann Proofreader: Lori Bring Indexer: Kevin Broccoli Artist: Kinetic Publishing Services, LLC Cover Designer: Kurt Krames Manufacturing Manager: Tom Debolski Distributed to the book trade in the United States by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013, and outside the United States by Springer-Verlag GmbH & Co. KG, Tiergartenstr. 17, 69112 Heidelberg, Germany. In the United States: phone 1-800-SPRINGER, fax 201-348-4505, e-mail [email protected], or visit http://www.springer-ny.com.
    [Show full text]
  • Securing Linux
    466_HTC_Linux_FM.qxd 10/2/07 10:05 AM Page iii How to Cheat at Securing Linux Mohan Krishnamurthy Eric S. Seagren Raven Alder Aaron W. Bayles Josh Burke Skip Carter Eli Faskha 466_HTC_Linux_FM.qxd 10/2/07 10:05 AM Page iv Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. PUBLISHED BY Syngress Publishing, Inc.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Using Internal Sensors for Computer Intrusion Detection
    USING INTERNAL SENSORS FOR COMPUTER INTRUSION DETECTION A Thesis Submitted to the Faculty of Purdue University by Diego Zamboni CERIAS TR 2001-42 Center for Education and Research in Information Assurance and Security, Purdue University August 2001 USING INTERNAL SENSORS FOR COMPUTER INTRUSION DETECTION A Thesis Submitted to the Faculty of Purdue University by Diego Zamboni In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2001 ii To my parents for giving me life, and to Susana for sharing it with me. iii ACKNOWLEDGMENTS As usual, a large number of people were very important for the completion of this thesis work, and I would like to acknowledge at least some of them. First the official acknowledgments: Portions of the research contributing to this dis- sertation were supported by the various sponsors of CERIAS, and my stay at Purdue was partially funded by a Fulbright/Conacyt fellowship. Their support is gratefully acknowl- edged. I would like to thank my advisor, Eugene Spafford. He received me with open arms from my first day at Purdue, and provided continuous guidance and support throughout my stay here. For that I am very, very grateful. I would like to acknowledge the other members of my Ph.D. committee: Stephanie For- rest, Mikhail Atallah, Jens Palsberg and Carla Brodley. They provided invaluable feedback and advice for my work and for this dissertation. Many people contributed significantly to my work, and my deepest gratitude goes to all of them. Susana Soriano, Benjamin Kuperman, Thomas Daniels, Florian Kerschbaum, Rajeev Gopalakrishna and Jim Early provided me with many hours of discussion, continu- ously questioned my assumptions, and led to many new ideas.
    [Show full text]
  • Iptables Tutorial 1.2.2
    Iptables Tutorial 1.2.2 Oskar Andreasson [email protected] Marc Blanc [email protected] Publié par : Philippe Latu philippe.latu(at)inetdoc.net http://www.inetdoc.net Dédicaces Je voudrais dédier ce document à ma merveilleuse soeur pour m'avoir inspiré et donné ses conseils en retour. Elle est une source de joie et un rayon de soleil quand j'ai besoin d'elle. Merci ! Un mot particulier pour Ninel pour m'avoir toujours encouragé dans mon travail et avoir pris soin de moi quand j'en avais le plus besoin. Merci ! Ensuite, j'aimerais dédicacer ce travail à tous les courageux développeurs et mainteneurs de Linux. Ce sont eux qui font exister ce fabuleux système d'exploitation. Iptables Tutorial 1.2.2 i Table des matières À propos de l'auteur .............................................................................................................................. vii Exploration de ce document .................................................................................................................. viii Préalables ............................................................................................................................................... ix Conventions utilisées dans ce document .................................................................................................. x 1. Introduction ......................................................................................................................................... 1 1.1. Motivations ..............................................................................................................................
    [Show full text]
  • Les Systèmes D'exploitation
    Cours IN201 Année 2010-2011 Les Systèmes d’Exploitation Responsable : Bertrand Collin. Auteurs : Bertrand Collin, Marc Baudoin, Manuel Bouyer, Jérôme Gueydan, Thomas Degris, Fré- déric Loyer, Damien Mercier. École nationale supérieure de techniques avancées Copyright c Bertrand Collin 2009–2011 Ce document est mis à disposition selon les termes du contrat Creative Com- mons « Paternité - Pas d’utilisation commerciale - Partage des conditions initiales à l’identique » 2.0 France : http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Vous êtes libre : – de reproduire, distribuer et communiquer cette création au public ; – de modifier cette création. Selon les conditions suivantes : Paternité. Vous devez citer le nom de l’auteur original de la manière indiquée par l’auteur de l’œuvre ou le titulaire des droits qui vous confère cette autorisation (mais pas d’une manière qui suggérerait qu’ils vous soutiennent ou approuvent votre utilisation de l’œuvre). Pas d’utilisation commerciale. Vous n’avez pas le droit d’utiliser cette création à des fins commerciales. Partage des conditions initiales à l’identique. Si vous modifiez, transformez ou adaptez cette création, vous n’avez le droit de distribuer la création qui en résulte que sous un contrat identique à celui-ci. – À chaque réutilisation ou distribution de cette création, vous devez faire appa- raître clairement au public les conditions contractuelles de sa mise à disposition. La meilleure manière de les indiquer est un lien vers cette page Web. – Chacune de ces conditions peut être levée si vous obtenez l’autorisation du titulaire des droits sur cette œuvre. – Rien dans ce contrat ne diminue ou ne restreint le droit moral de l’auteur ou des auteurs.
    [Show full text]
  • CERIAS Tech Report 2002-41 a RECURSIVE SESSION TOKEN PROTOCOL for USE in COMPTUER FORENSICS and TCP TRACEBACK by Brian Carrier
    CERIAS Tech Report 2002-41 A RECURSIVE SESSION TOKEN PROTOCOL FOR USE IN COMPTUER FORENSICS AND TCP TRACEBACK by Brian Carrier & Clay Shields Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907 A Recursive Session Token Protocol For Use in Computer Forensics and TCP Traceback Brian Carrier Clay Shields Center for Education and Research in Department of Computer Science Information Assurance and Security (CERIAS) Georgetown University Purdue University Washington, D.C., 20007 West Lafayette, IN 47907 [email protected] [email protected] C C 0 1 C n−1 We present the Session TOken Protocol (STOP) [5], which H H H H H 0 1 2 n−1 n is based on the ident protocol, and helps forensic investiga- tion of stepping-stone chains while protecting the privacy of H H Fig. 1. Connection chain example between 0 and n users. STOP saves application-level data about the process and user that opened the socket, and can also send requests to pre- vious hosts to identify other hosts in the chain. At each stage, Abstract— We introduce a new protocol designed to assist in the forensic a hashed token is returned; at no point in the protocol does the investigation of malicious network-based activity, specifically ad- requester ever directly learn user or process data. Instead, they dressing the stepping-stone scenario in which an attacker uses a must redeem the token to the system administrator who can de- chain of connections through many hosts to hide his or her iden- termine the merit of releasing user information.
    [Show full text]
  • Smashguard: a Hardware Solution to Prevent Security Attacks on the Function Return Address
    1 SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address H. Ozdo¨ gano˜ glu˜ ∗, T. N. Vijaykumar‡, C. E. Brodley†, B. A. Kuperman§ and A. Jalote¶ ∗[email protected], ‡[email protected], ¶[email protected] School of Electrical and Computer Engineering Purdue University, West Lafayette, Indiana 47906–1285 †[email protected], Department of Computer Science Tufts University, Medford, MA 02155 §[email protected] Department of Computer Science Swarthmore College, Swarthmore, PA 19081 Abstract A buffer overflow attack is perhaps the most common attack used to compromise the security of a host. This attack can be used to change the function return address and redirect execution to the attacker’s code. We present a hardware-based solution, called SmashGuard, to protect against all known forms of attack on the function return addresses stored on the program stack. With each function call instruction, the current return address is pushed onto a hardware stack. A return instruction compares its address to the return address from the top of the hardware stack. An exception is raised to signal the mismatch. Because the stack operations and checks are done in hardware in parallel with the usual execution of instructions, our best- performing implementation scheme has virtually no 1 performance overhead. While previous software-based approaches’ average performance degradation for the SPEC2000 benchmarks is only 2.8%, their worst-case degradation is up to 8.3%. Apart from the lack of robustness in performance, the software approaches’ key disadvantages are less security coverage and the need for recompilation of applications.
    [Show full text]
  • Kevells Documentation Release 0.1
    kevells Documentation Release 0.1 kevell April 27, 2015 Contents 1 About pharaohtools 1 1.1 Commands................................................1 2 Indices and tables 497 i ii CHAPTER 1 About pharaohtools Welcome to the pharaohtools documentation! The Pharaohs has its own benefit while comparing to other tools as it is user friendly. In this tool the coding and the entire process depends and based php. As the pharaoh tool is framed as per php, it is easier to re-write the codes if required. Its modules functionality provides support to Mac, Linux or Unix, and also for the windows. It is a known as a shorter route which is less time-consuming, limits the use of manpower, reduces the necessity of input from users while installation. No need to download separately the templates and plug-ins that are used to support the software’s as everything gets covers under a single root. It is extensible, as if any extra module is required the user can frame and design the module as per their requirements and they can include. It is also simpler to rewrite the coding as required. By installing a single application ptconfigure entire modules under the pharaoh tool get enveloped. 1.1 Commands 1.1.1 Jrush Cache Synopsis Jrush auxiliary to clear cache in temporary memory. It has two types of cache. But both are having different functions as specified in their name. They are site clear and admin clear. It is gratified with Ubuntu and cent OS. Deleting files, folders and applications – and clearing the data from the temporary memory – won’t do the trick if you’re going to recycle the content wont be available in your computer.
    [Show full text]
  • Practical Linux Forensics by Bruce Nikkel! As a Prepublication Title, This Book May Be Incom- Plete and Some Chapters May Not Have Been Proofread
    P R A C T I C A L LINUX FORENSICS A GUIDE FOR DIGITAL INVESTIGATORS BRUCE NIKKEL EARLY ACCESS NO STARCH PRESS EARLY ACCESS PROGRAM: FEEDBACK WELCOME! Welcome to the Early Access edition of the as yet unpublished Practical Linux Forensics by Bruce Nikkel! As a prepublication title, this book may be incom- plete and some chapters may not have been proofread. Our goal is always to make the best books possible, and we look forward to hearing your thoughts. If you have any comments or questions, email us at [email protected]. If you have specific feedback for us, please include the page number, book title, and edition date in your note, and we’ll be sure to review it. We appreciate your help and support! We’ll email you as new chapters become available. In the meantime, enjoy! PR CA T IC A L L INU X FOR E N SI C S BRUCE N IK KE L Early Access edition, 6/18/21 Copyright © 2021 by Bruce Nikkel. ISBN-13: 978-1-7185-0196-6 (print) ISBN-13: 978-1-7185-0197-3 (ebook) Publisher: William Pollock Production Manager: Rachel Monaghan Production Editor: Miles Bond Developmental Editor: Jill Franklin Cover Illustrator: James L. Barry Technical Reviewer: Don Frick Copyeditor: George Hale No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trade- marked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
    [Show full text]
  • Linux Distrib Vendors Make Patches Available for GHOST 29 January 2015, by Nancy Owano
    Linux distrib vendors make patches available for GHOST 29 January 2015, by Nancy Owano patches were available from Linux distributions, he added, in the Tuesday posting. What is "glibc"? This is the Gnu C library and a core part of the OS. "The vulnerability is in one of the functions of glibc," said Sarwate, where a buffer overflows.The vulnerability can be triggered locally and remotely from any of the gethostbyname*() functions. So what's the risk? An attacker, said Sarwate, could send a malicious email to an email server and get a remote shell to the Linux machine. The good news is that most Linux vendors have released patches. "So the best way to mitigate this issue," said Sarwate, "is to apply a patch from your Linux distribution." Gavin Millard, technical director of Tenable Network Security, told the Telegraph: "Patches are being released for the major Linux distributions and should be applied with a priority on any vulnerable systems with services that can be reached from the Internet." Qualys said on Tuesday that there was a serious Sarwate said the vulnerability is called "GHOST" weakness in the Linux glibc library. During a code because of the GetHOST functions by which the audit, Qualys researchers discovered a buffer flaw can be exploited. The vulnerability has a overflow in the __nss_hostname_digits_dots() history; it was found some years ago and it was function of glibc. The weakness can allow fixed but it was not classified as a security attackers to remotely take control of the victim's vulnerability. Nonetheless, as of Tuesday, system without any prior knowledge of system distributions have released patches, said Sarwate, credentials.
    [Show full text]