DOCSLIB.ORG

STING: Finding Name Resolution Vulnerabilities in Programs

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
STING: Finding Name Resolution Vulnerabilities in Programs STING: Finding Name Resolution Vulnerabilities in Programs Hayawardh Vijayakumar, Joshua Schiffman and Trent Jaeger Systems and Internet Infrastructure Security Laboratory, Department of Computer Science and Engineering, The Pennsylvania State University hvijay,jschiffm,tjaeger @cse.psu.edu f g Abstract the same object. When a program needs access to a re- source, it presents a name to a name server, which uses The process of name resolution, where names are re- a mechanism called name resolution to obtain the corre- solved into resource references, is fundamental to com- sponding resource. puter science, but its use has resulted in several classes While name resolution simplifies programming in of vulnerabilities. These vulnerabilities are difficult for many ways, its use has also resulted in several types programmers to eliminate because their cause is exter- of vulnerabilities that have proven difficult to eliminate. nal to the program: the adversary changes namespace Adversaries may control inputs to the name resolution bindings in the system to redirect victim programs to a process, such as namespace bindings, which they can resource of the adversary’s choosing. Researchers have use to redirect victims to resources of the adversaries’ also found that these attacks are very difficult to prevent choosing. Programmers often fail to prevent such at- systematically. Any successful defense must have both tacks because they fail to validate names correctly, fol- knowledge about the system namespace and the program low adversary-supplied namespace bindings, or lack in- intent to eradicate such attacks. As a result, finding and sight into which resources are accessible to adversaries. fixing program vulnerabilities to such as attacks is our Table1 lists some of the key classes of these vulnerabil- best defense. In this paper, we propose the STING test ities. engine, which finds name resolution vulnerabilities in programs by performing a dynamic analysis of name res- While a variety of system defenses for these attacks olution processing to produce directed test cases when- have been proposed, particularly for name resolution at- ever an attack may be possible. The key insight is that tacks based on race conditions [14, 20, 22, 39, 40, 48, 50– such name resolution attacks are possible whenever an 52, 57], researchers have found that such defenses are adversary has write access to a directory shared with the fundamentally limited by a lack of knowledge about the victim, so STING automatically identifies when such di- program [12]. Thus, the programmers’ challenge is to rectories will be accessed in name resolution to produce find such vulnerabilities before adversaries do. How- test cases that are likely to indicate a true vulnerability ever, finding such vulnerabilities is difficult because the if undefended. Using STING, we found 21 previously- vectors for name resolution attacks are outside the pro- unknown vulnerabilities in a variety of Linux programs gram. Table1 shows that adversaries may control names- on Ubuntu and Fedora systems, demonstrating that com- pace bindings to redirect victims to privileged resources prehensive testing for name resolution vulnerabilities is of their choice, using what we call improper binding at- practical. tacks or redirect victims to resources under the adver- saries’ control, using what we call improper resource at- tacks. Further, both kinds of attacks may leverage the 1 Introduction non-atomicity of various system calls to create races, such as the time-of-check-to-time-of-use (TOCTTOU) The association between names and resources is funda- attacks [6,38], which makes them even more difficult for mental to computer science. Using names frees computer victims to detect. programmers from working with physical references to Researchers have explored the application of dynamic resources, allowing the system to store resources in the and static analysis to detect namespace resolution at- way that it sees fit, and enables easy sharing of resources, tacks. Dynamic analyses [1, 32, 35, 36, 56] log observed where different programs may use the different names for system calls to detect possible problems, such as check- Attack CWE ID engine, which finds name resolution vulnerabilities in Improper Binding Attacks programs by performing a dynamic analysis of name res- UNIX Symlink Following CWE-61 olution processing to produce directed test cases when- UNIX Hard Link Following CWE-62 ever an attack may be possible. STING is an extension Improper Resource Attacks to a Linux Security Module [58] that implements the ad- Resource Squatting CWE-283 ditional methods described above to provide comprehen- Untrusted Search Path CWE-426 Attacks Caused by Either Bindings or Resources sive, system-wide testing for name resolution vulnera- TOCTTOU Race Condition CWE-362 bilities. Using STING, we found 21 previously-unknown name resolution vulnerabilities in 19 different programs, Table 1: Classes of name resolution attacks. ranging from startup scripts to mature programs, such as cups, to relatively new programs, such as x2go. We de- tail several bugs to demonstrate the subtle cases that can use pairs that may be used in TOCTTOU attacks. How- be found using STING. Tests were done on Ubuntu and ever, the existence of problems does not necessarily Fedora systems, where interestingly some bugs only ap- mean that the program is vulnerable. Many of the check- peared on one of the two systems because of differences use pairs found were not exploitable. Static analyses use in the access control policies that implied different ad- syntactic analyses [6,53] and/or semantic models of pro- versary access. grams to check for security errors [15, 44], sometimes This research makes the following novel contribu- focusing on race conditions [27]. These static analyses tions: do not model the system environment, however, so they often produce many false positives. In addition, several We find that name resolution attacks are always pos- • of these analyses result in false negatives as they rely sible whenever a victim resolves a name using a on simpler models of program behavior (e.g., finite state directory where its adversaries have permission to machines), limited alias analysis, and/or manual annota- create files and/or links, as defined in Section3. If a tions. victim uses such a directory in resolving a name, an The key insight is that such name resolution attacks adversary may redirect them to a resource of the ad- are possible only when an adversary has write access to versary’s choosing, compromising victims that use a directory shared with the victim. Using this write ac- such resources unwittingly. cess, adversaries can plant files with names used by vic- We develop a method for generating directed test tims or create bindings to redirect the victim to files of • cases automatically that uses a dynamic analysis to the adversaries’ choice. Chari et al. [14] demonstrated detect when an adversary could redirect a name res- that when victims use such bindings and files planted by olution in Section 4.1. adversaries attacks are possible, so they built a system mechanism to authorize the bindings used in name reso- We develop a method for system-wide test case pro- lution. However, we find that only a small percentage of • cessing that detects where victims are vulnerable to name resolutions are really accessible to adversaries and name resolution attacks, restores program state to most of those are defended by programs. Further, the continue testing, and manages the testing coverage solution proposed by Chari et al. is prone to false posi- in Section 4.2. tives, as any pure system solution is, because it lacks in- formation about the programs’ expected behaviors [12]. We implement a prototype system STING for Linux • Instead, we propose to test programs for name resolu- 3.2.0 kernel, and run STING on the current versions tion vulnerabilities by having the system assume the role of Linux distributions, discovering 21 previously- of an adversary, performing modifications that an adver- unknown name resolution vulnerabilities in 13 dif- sary is capable of, at runtime. Using the access control ferent programs. Perhaps even more importantly, policy and a list of adversarial subjects, the system can STING finds that 90% of adversary-accessible name determine whether an adversary has write access to a di- resolutions are defended by programs correctly, rectory to be used in a name resolution. If so, the sys- eliminating many false positives. tem prepares an attack as that adversary would and de- tect whether the program was exploited or immune to We envision that STING could be integrated into sys- the attack (e.g., did the program follow the symbolic link tem distribution testing to find programs that do not ef- created?). This is akin to directed black-box testing [23], fectively defend themselves from name resolution at- where a program is injected with a dictionary of com- tacks given that distribution’s access control policy be- monly known attacker inputs. fore releasing that distribution to the community of In this paper, we design and implement the STING test users. 2 Problem Definition unexpected binding to a resource the adversary controls. Instances of these attacks depend on the namespace. Processes frequently require system level resources like For example, the filesystem namespace is often exploited files, libraries, and sockets. Since the system’s manage- through malicious path bindings like symbolic links and ment of these objects is unknown to the process, names the creation of files with frequently used names. Con- are used as convenient references to the desired resource. sider a mail reader program running as root attempting A name resolution server is responsible for converting to check mail from /var/mail/root. Users in the mail the requested resource name to the desired object via a group are permitted to place files in this directory for the namespace binding. Typical namespaces in Unix-based program to read and send.
Load more

Recommended publications
  • Beginning Portable Shell Scripting from Novice to Professional
    Beginning Portable Shell Scripting From Novice to Professional Peter Seebach 10436fmfinal 1 10/23/08 10:40:24 PM Beginning Portable Shell Scripting: From Novice to Professional Copyright © 2008 by Peter Seebach All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-1043-6 ISBN-10 (pbk): 1-4302-1043-5 ISBN-13 (electronic): 978-1-4302-1044-3 ISBN-10 (electronic): 1-4302-1044-3 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Frank Pohlmann Technical Reviewer: Gary V. Vaughan Editorial Board: Clay Andres, Steve Anglin, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Richard Dal Porto Copy Editor: Kim Benbow Associate Production Director: Kari Brooks-Copony Production Editor: Katie Stence Compositor: Linda Weidemann, Wolf Creek Press Proofreader: Dan Shaw Indexer: Broccoli Information Management Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013.
    [Show full text]
  • A First Course to Openfoam
    Basic Shell Scripting Slides from Wei Feinstein HPC User Services LSU HPC & LON [email protected] September 2018 Outline • Introduction to Linux Shell • Shell Scripting Basics • Variables/Special Characters • Arithmetic Operations • Arrays • Beyond Basic Shell Scripting – Flow Control – Functions • Advanced Text Processing Commands (grep, sed, awk) Basic Shell Scripting 2 Linux System Architecture Basic Shell Scripting 3 Linux Shell What is a Shell ▪ An application running on top of the kernel and provides a command line interface to the system ▪ Process user’s commands, gather input from user and execute programs ▪ Types of shell with varied features o sh o csh o ksh o bash o tcsh Basic Shell Scripting 4 Shell Comparison Software sh csh ksh bash tcsh Programming language y y y y y Shell variables y y y y y Command alias n y y y y Command history n y y y y Filename autocompletion n y* y* y y Command line editing n n y* y y Job control n y y y y *: not by default http://www.cis.rit.edu/class/simg211/unixintro/Shell.html Basic Shell Scripting 5 What can you do with a shell? ▪ Check the current shell ▪ echo $SHELL ▪ List available shells on the system ▪ cat /etc/shells ▪ Change to another shell ▪ csh ▪ Date ▪ date ▪ wget: get online files ▪ wget https://ftp.gnu.org/gnu/gcc/gcc-7.1.0/gcc-7.1.0.tar.gz ▪ Compile and run applications ▪ gcc hello.c –o hello ▪ ./hello ▪ What we need to learn today? o Automation of an entire script of commands! o Use the shell script to run jobs – Write job scripts Basic Shell Scripting 6 Shell Scripting ▪ Script: a program written for a software environment to automate execution of tasks ▪ A series of shell commands put together in a file ▪ When the script is executed, those commands will be executed one line at a time automatically ▪ Shell script is interpreted, not compiled.
    [Show full text]
  • Ten Steps to Linux Survival
    Ten Steps to Linux Survival Bash for Windows People Jim Lehmer 2015 Steps List of Figures 5 -1 Introduction 13 Batteries Not Included .............................. 14 Please, Give (Suggestions) Generously ...................... 15 Why? ........................................ 15 Caveat Administrator ............................... 17 Conventions .................................... 17 How to Get There from Here ........................... 19 Acknowledgments ................................. 20 0 Some History 21 Why Does This Matter? .............................. 23 Panic at the Distro ................................. 25 Get Embed With Me ................................ 26 Cygwin ....................................... 26 1 Come Out of Your Shell 29 bash Built-Ins .................................... 30 Everything You Know is (Almost) Wrong ..................... 32 You’re a Product of Your Environment (Variables) . 35 Who Am I? .................................. 36 Paths (a Part of Any Balanced Shrubbery) .................... 37 Open Your Shell and Interact ........................... 38 Getting Lazy .................................... 39 2 File Under ”Directories” 43 Looking at Files .................................. 44 A Brief Detour Around Parameters ........................ 46 More Poking at Files ............................... 47 Sorting Things Out ................................ 51 Rearranging Deck Chairs ............................. 55 Making Files Disappear .............................. 56 2 touch Me .....................................
    [Show full text]
  • Automating Admin Tasks Using Shell Scripts and Cron Vijay Kumar Adhikari
    AutomatingAutomating adminadmin taskstasks usingusing shellshell scriptsscripts andand croncron VijayVijay KumarKumar AdhikariAdhikari vijayvijay@@kcmkcm..eduedu..npnp HowHow dodo wewe go?go? IntroductionIntroduction toto shellshell scriptsscripts ExampleExample scriptsscripts IntroduceIntroduce conceptsconcepts atat wewe encounterencounter themthem inin examplesexamples IntroductionIntroduction toto croncron tooltool ExamplesExamples ShellShell The “Shell” is a program which provides a basic human-OS interface. Two main ‘flavors’ of Shells: – sh, or bourne shell. It’s derivatives include ksh (korn shell) and now, the most widely used, bash (bourne again shell). – csh or C-shell. Widely used form is the very popular tcsh. – We will be talking about bash today. shsh scriptscript syntaxsyntax The first line of a sh script must (should?) start as follows: #!/bin/sh (shebang, http://en.wikipedia.org/wiki/Shebang ) Simple unix commands and other structures follow. Any unquoted # is treated as the beginning of a comment until end-of-line Environment variables are $EXPANDED “Back-tick” subshells are executed and `expanded` HelloHello WorldWorld scriptscript #!/bin/bash #Prints “Hello World” and exists echo “Hello World” echo “$USER, your current directory is $PWD” echo `ls` exit #Clean way to exit a shell script ---------------------------------------- To run i. sh hello.sh ii. chmod +x hello.sh ./hello.sh VariablesVariables MESSAGE="Hello World“ #no $ SHORT_MESSAGE=hi NUMBER=1 PI=3.142 OTHER_PI="3.142“ MIXED=123abc new_var=$PI echo $OTHER_PI # $ precedes when using the var Notice that there is no space before and after the ‘=‘. VariablesVariables contcont…… #!/bin/bash echo "What is your name?" read USER_NAME # Input from user echo "Hello $USER_NAME" echo "I will create you a file called ${USER_NAME}_file" touch "${USER_NAME}_file" -------------------------------------- Exercise: Write a script that upon invocation shows the time and date and lists all logged-in users.
    [Show full text]
  • Java 11 Single-File Applications
    Java 11 Single-File Applications Replacing bash with a syntax I actually know Steve Corwin Corwin Technology LLC Why use Java instead of shell script? Frustration. # ...working shell script... VALUES=($RESULTS) V500S=${VALUES[0]} V504S=${VALUES[1]} COUNT500S=$(echo "${V500S//[$'\t\r\n ']}") COUNT504S=$(echo "${V504S//[$'\t\r\n ']}") echo "\"$SERVER\", \"$COUNT500S\", \"$COUNT504S\"" Basics of single-file applications JEP 330: https://openjdk.java.net/jeps/330 • Java 11 • Java app where everything is within a single file, including public static void main(String[] args) { • invoke using java or shebang Begin with HelloWorld (where else?) public class HelloWorld { public static void main(String[] args) { System.out.println("Hello, world! I am a plain .java file!"); } } $ /home/scorwin/apps/java/jdk- 11.0.1/bin/java HelloWorld.java • standard main() method • my default is Java 8 Shebang HelloWorldShebang: #!/home/scorwin/apps/java/jdk-11.0.1/bin/java -- source 11 public class HelloWorldShebang { public static void main(String[] args) { System.out.println("Hello, world! I have a shebang but no file extension."); } } $ ./HelloWorldShebang • shebang must include --source option • file must be marked executable • Eclipse doesn’t recognize as Java code Shebang with .java HelloWorldShebang.java: //#!/home/scorwin/apps/java/jdk-11.0.1/bin/java -- source 11 public class HelloWorldShebang { public static void main(String[] args) { System.out.println("Hello, world! I have a shebang and a file extension."); } } • with the shebang line commented out:
    [Show full text]
  • Tour of the Terminal: Using Unix Or Mac OS X Command-Line
    Tour of the Terminal: Using Unix or Mac OS X Command-Line hostabc.princeton.edu% date Mon May 5 09:30:00 EDT 2014 hostabc.princeton.edu% who | wc –l 12 hostabc.princeton.edu% Dawn Koffman Office of Population Research Princeton University May 2014 Tour of the Terminal: Using Unix or Mac OS X Command Line • Introduction • Files • Directories • Commands • Shell Programs • Stream Editor: sed 2 Introduction • Operating Systems • Command-Line Interface • Shell • Unix Philosophy • Command Execution Cycle • Command History 3 Command-Line Interface user operating system computer (human ) (software) (hardware) command- programs kernel line (text (manages interface editors, computing compilers, resources: commands - memory for working - hard-drive cpu with file - time) memory system, point-and- hard-drive many other click (gui) utilites) interface 4 Comparison command-line interface point-and-click interface - may have steeper learning curve, - may be more intuitive, BUT provides constructs that can BUT can also be much more make many tasks very easy human-manual-labor intensive - scales up very well when - often does not scale up well when have lots of: have lots of: data data programs programs tasks to accomplish tasks to accomplish 5 Shell Command-line interface provided by Unix and Mac OS X is called a shell a shell: - prompts user for commands - interprets user commands - passes them onto the rest of the operating system which is hidden from the user How do you access a shell ? - if you have an account on a machine running Unix or Linux , just log in. A default shell will be running. - if you are using a Mac, run the Terminal app.
    [Show full text]
  • NRPE: Unable to Read Output
    NRPE - NRPE: Unable To Read Output Article Number: 620 | Rating: 3.3/5 from 7 votes | Last Updated: Mon, Jul 17, 2017 at 12:35 AM Pr o ble m De s c r ipt io n This KB article addresses the following NRPE error: NRPE: Unable To Read Output As s ume d Kno wle dge The following KB article contains an explanation of how NRPE works and may need to be referenced to completely understand the problem and solution that is provided here: NRPE - Agent and Plugin Explained Tr o uble s ho o t ing The Er r o r This error implies that NRPE did not return any character output. Common causes are incorrect plugin paths in the nrpe.cfg file or that the remote host does not have NRPE installed. There are also cases where the wrong interpreter is invoked when running the remote plugin. Rarely, it is caused by trying to run a plugin that requires root privileges. Inc orre c t Plugin Pat hs Log onto the remote host as root and check the plugin paths in /usr/local/nagios/etc/nrpe.cfg. Try to browse to the plugin folder and make sure the plugins are listed. Sometimes when installing from a package repo, the commands in nrpe.cfg will have a path to a distribution specific location. If the nagios-plugins package was installed from source or moved over from another remote host, they me be located in a different directory. The default location for the nagios-plugins can be found at /usr/local/nagios/libexec/.
    [Show full text]
  • Linux Software Installation Session 2
    Linux Software Installation Session 2 Qi Sun Bioinformatics Facility Installation as non-root user • Change installation directory; o Default procedure normally gives “permission denied” error. • Sometimes not possible; o Installation path is hard coded; • Ask system admin; o Service daemons, e.g. mysql; • Docker Python Two versions of Python Python2 is the legacy Python3 is the but still very popular current version. They are not compatible, like two different software sharing the same name. Running software Installing software python 2 python 2 python myscript.py pip install myPackage python 3 python 3 python3 myscript.py pip3 install myPackage Check shebang line, to make sure it points to right python A typical Python software directory ls pyGenomeTracks-2.0 bin lib lib64 Main code Libraries ls pyGenomeTracks-2.0 bin lib lib64 To run the software: export PATH=/programs/pyGenomeTracks-2.0/bin:$PATH export PYTHONPATH=/programs/pyGenomeTracks- 2.0/lib64/python2.7/site-packages:/programs/pyGenomeTracks- 2.0/lib/python2.7/site-packages/ If there is a problem, modify Other library files PYTHONPATH or files in $HOME/.local/lib 1. $PYTHONPATH directories Defined by you; Defined by Python, 2. $HOME/.local/lib but you can change files in directory; 3. Python sys.path directories Defined by Python; Check which python module is being used For example: >>> import numpy $PYTHONPATH frequently causes problem. E.g. python2 and python3 share the same $PYTHONPATH >>> print numpy.__file__ /usr/lib64/python2.7/site- packages/numpy/__init__.pyc >>> print numpy.__version__ 1.14.3 * run these commands in “python” prompt PIP – A tool for installing/managing Python packages • PIP default to use PYPI repository; • PIP vs PIP3 PIP -> python2 PIP3 -> python3 Two ways to run “pip install” as non-root users pip install deepTools \ pip install deepTools --user --install-option="--prefix=mydir" \ --ignore-installed Installed in $HOME/.local/bin Installed in $HOME/.local/lib & lib64 mydir/bin mydir/lib & lib64 * Suitable for personal installation * Suitable for installation for a group e.g.
    [Show full text]
  • Functional Package Management with Guix
    Functional Package Management with Guix Ludovic Courtès Bordeaux, France [email protected] ABSTRACT 1. INTRODUCTION We describe the design and implementation of GNU Guix, a GNU Guix1 is a purely functional package manager for the purely functional package manager designed to support a com- GNU system [20], and in particular GNU/Linux. Pack- plete GNU/Linux distribution. Guix supports transactional age management consists in all the activities that relate upgrades and roll-backs, unprivileged package management, to building packages from source, honoring the build-time per-user profiles, and garbage collection. It builds upon the and run-time dependencies on packages, installing, removing, low-level build and deployment layer of the Nix package man- and upgrading packages in user environments. In addition ager. Guix uses Scheme as its programming interface. In to these standard features, Guix supports transactional up- particular, we devise an embedded domain-specific language grades and roll-backs, unprivileged package management, (EDSL) to describe and compose packages. We demonstrate per-user profiles, and garbage collection. Guix comes with a how it allows us to benefit from the host general-purpose distribution of user-land free software packages. programming language while not compromising on expres- siveness. Second, we show the use of Scheme to write build Guix seeks to empower users in several ways: by offering the programs, leading to a \two-tier" programming system. uncommon features listed above, by providing the tools that allow users to formally correlate a binary package and the Categories and Subject Descriptors \recipes" and source code that led to it|furthering the spirit D.4.5 [Operating Systems]: Reliability; D.4.5 [Operating of the GNU General Public License|, by allowing them to Systems]: System Programs and Utilities; D.1.1 [Software]: customize the distribution, and by lowering the barrier to Applicative (Functional) Programming entry in distribution development.
    [Show full text]
  • Mac OS X Server Introduction to Command-Line Administration Version 10.6 Snow Leopard Kkapple Inc
    Mac OS X Server Introduction to Command-Line Administration Version 10.6 Snow Leopard K Apple Inc. Apple Remote Desktop, Finder, and Snow Leopard are © 2009 Apple Inc. All rights reserved. trademarks of Apple Inc. Under the copyright laws, this manual may not AIX is a trademark of IBM Corp., registered in the U.S. be copied, in whole or in part, without the written and other countries, and is being used under license. consent of Apple. The Bluetooth® word mark and logos are registered The Apple logo is a trademark of Apple Inc., registered trademarks owned by Bluetooth SIG, Inc. and any use in the U.S. and other countries. Use of the “keyboard” of such marks by Apple is under license. Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may This product includes software developed by the constitute trademark infringement and unfair University of California, Berkeley, FreeBSD, Inc., competition in violation of federal and state laws. The NetBSD Foundation, Inc., and their respective contributors. Every effort has been made to ensure that the information in this manual is accurate. Apple is not Java™ and all Java-based trademarks and logos responsible for printing or clerical errors. are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Apple 1 Infinite Loop PowerPC™ and the PowerPC logo™ are trademarks Cupertino, CA 95014 of International Business Machines Corporation, used 408-996-1010 under license therefrom. www.apple.com UNIX® is a registered trademark of The Open Group. Apple, the Apple logo, AppleScript, FireWire, Keychain, Other company and product names mentioned herein Leopard, Mac, Mac OS, Quartz, Safari, Xcode, Xgrid, and are trademarks of their respective companies.
    [Show full text]
  • Linux Shell Scripting Tutorial V2.0
    Linux Shell Scripting Tutorial v2.0 Written by Vivek Gite <[email protected]> and Edited By Various Contributors PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Mon, 31 May 2010 07:27:26 CET Contents Articles Linux Shell Scripting Tutorial - A Beginner's handbook:About 1 Chapter 1: Quick Introduction to Linux 4 What Is Linux 4 Who created Linux 5 Where can I download Linux 6 How do I Install Linux 6 Linux usage in everyday life 7 What is Linux Kernel 7 What is Linux Shell 8 Unix philosophy 11 But how do you use the shell 12 What is a Shell Script or shell scripting 13 Why shell scripting 14 Chapter 1 Challenges 16 Chapter 2: Getting Started With Shell Programming 17 The bash shell 17 Shell commands 19 The role of shells in the Linux environment 21 Other standard shells 23 Hello, World! Tutorial 25 Shebang 27 Shell Comments 29 Setting up permissions on a script 30 Execute a script 31 Debug a script 32 Chapter 2 Challenges 33 Chapter 3:The Shell Variables and Environment 34 Variables in shell 34 Assign values to shell variables 38 Default shell variables value 40 Rules for Naming variable name 41 Display the value of shell variables 42 Quoting 46 The export statement 49 Unset shell and environment variables 50 Getting User Input Via Keyboard 50 Perform arithmetic operations 54 Create an integer variable 56 Create the constants variable 57 Bash variable existence check 58 Customize the bash shell environments 59 Recalling command history 63 Path name expansion 65 Create and use aliases 67 The tilde expansion 69 Startup scripts 70 Using aliases 72 Changing bash prompt 73 Setting shell options 77 Setting system wide shell options 82 Chapter 3 Challenges 83 Chapter 4: Conditionals Execution (Decision Making) 84 Bash structured language constructs 84 Test command 86 If structures to execute code based on a condition 87 If.
    [Show full text]
  • (BEHR) Retrieval: Readme
    Berkeley High Resolution (BEHR) Retrieval: Readme Josh Laughner March 12, 2018 Summary: The Berkeley High Resolution Retrieval is a high resolution NO2 retrieval based on the NASA OMNO2 product from the Ozone Monitoring Instrument (OMI) aboard the Aura satellite. This retrieval improves the standard OMNO2 product in several ways: 1. A higher resolution terrain product (GLOBE Terrain Database) is used to calculate the terrain pressure of the pixels 2. A more frequent and finer resolution albedo is used, taken from the Moderate Resolu- tion Imaging Spectrometer (MODIS) instruments aboard the Terra and Aqua satellites. 3. A MODIS cloud fraction is available to use in rejecting cloudy pixels, as the OMNO2 cloud fraction tends to overestimate cloud fractions if highly reflective surfaces are present This document will describe the current state of BEHR, including its file structure and a changelog. As of this writing, the code is maintained in a Git repository on my machine. I will try to keep the main matter of this document up-to-date; however, if there is a discrepancy between the changelog and the main matter, defer to the changelog. Contents 1 Authors 3 2 Literature3 3 Getting started4 3.1 Before you begin.................................4 3.2 Quickstart.....................................5 4 Retrieving NASA data5 4.1 Group server file locations............................5 4.2 NASA versioning system.............................6 4.3 Downloading from web sites...........................7 4.4 Automated downloading.............................8 1 5 Version Control9 5.1 Repositories....................................9 5.2 Best practices for version control........................ 11 5.3 Versioning scheme................................. 12 6 Program structure 13 6.1 Read data....................................
    [Show full text]