DOCSLIB.ORG

Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

;login OCTOBER 2014 VOL. 39, NO. 5 : Operating Systems & Linux Containers James Bottomley and Pavel Emelyanov & Rump Kernels Antti Kantee and Justin Cormack & Push on Green Dan Klein, Dina Bester, and Mathew Monroe & Parables for Sysadmins Andy Seely Columns Health Checks for LDAP Servers David N. Blank-Edelman Python: Pathname Parsing with Path David Beazley iVoyeur: The Lying Mean Dave Josephsen For Good Measure: Testing Dan Geer /dev/random: The Internet of Insecure Things Robert G. Ferrell Conference Reports ATC ’14: 2014 USENIX Annual Technical Conference HotCloud ’14: 6th USENIX Workshop on Hot Topics in Cloud Computing HotStorage ’14: 6th USENIX Workshop on Hot Topics in Storage and File Systems UPCOMING EVENTS OSDI ’14: 11th USENIX Symposium on Operating Systems SaTCPI ’15: National Science Foundation Secure and Design and Implementation Trustworthy Cyberspace Principal Investigators’ October 6–8, 2014, Broomfield, CO, USA Meeting (2015) www.usenix.org/osdi14 January 5–7, 2015, Arlington, VA Co-located with OSDI ’14 and taking place October 5, 2014 Sponsored by the National Science Foundation Presented by USENIX Diversity ’14: 2014 Workshop on Supporting Diversity in Systems Research www.usenix.org/diversity14 FAST ’15: 13th USENIX Conference on File and Storage Technologies HotDep ’14: 10th Workshop on Hot Topics in System February 16–19, 2015, Santa Clara, CA, USA Dependability www.usenix.org/fast15 www.usenix.org/hotdep14 HotPower ’14: 6th Workshop on Power-Aware NSDI ’15: 12th USENIX Symposium on Networked Computing and Systems Systems Design and Implementation May 4–6, 2015, Oakland, CA www.usenix.org/hotpower14 www.usenix.org/nsdi15 INFLOW ’14: 2nd Workshop on Interactions of NVM/ Flash with Operating Systems and Workloads HotOS XV: 15th Workshop on Hot Topics in Operating www.usenix.org/inflow14 Systems May 18–20, 2015, Kartause Ittingen, Switzerland TRIOS ’14: 2014 Conference on Timely Results in Submissions due: January 9, 2015 Operating Systems www.usenix.org/hotos15 www.usenix.org/trios14 USENIX ATC ’15: USENIX Annual Technical Conference LISA14 July 8–10, 2015, Santa Clara, CA, USA November 9–14, 2014, Seattle, WA, USA www.usenix.org/lisa14 Co-located with ATC ’15 and taking place July 6–7, 2015 Co-located with LISA14 HotCloud ’15: 7th USENIX Workshop on Hot Topics in Cloud Computing URES ’14 West: 2014 USENIX Release Engineering Summit West HotStorage ’15: 7th USENIX Workshop on Hot Topics November 10, 2014 in Storage and File Systems www.usenix.org/ures14west UCMS ’14 West: 2014 USENIX Configuration USENIX Security ’15: 24th USENIX Security Symposium Management Summit West August 12–14, 2015, Washington, D.C., USA November 10, 2014 www.usenix.org/ucms14west LISA15 November 8–13, 2015, Washington, D.C., USA SESA ’14: 2014 USENIX Summit for Educators in System Administration November 11, 2014 USENIX Journal of Education in System Administration (JESA) Published in conjunction with SESA www.usenix.org/jesa Do you know about the USENIX Open Access Policy? USENIX is the rst computing association to o er free and open access to all of our conferences proceed- ings and videos. We stand by our mission to foster excellence and innovation while supporting research with a practical bias. Your membership fees play a major role in making this endeavor successful. Please help us support open access. Renew your USENIX membership and ask your colleagues to join or renew today! www.usenix.org/membership twitter.com/usenix www.usenix.org/youtube www.usenix.org/gplus Stay Connected... www.usenix.org/facebook www.usenix.org/linkedin www.usenix.org/blog OCTOBER 2014 VOL. 39, NO. 5 EDITOR Rik Farrow [email protected] EDITORIAL COPY EDITORS Steve Gilmartin 2 Musings Rik Farrow Amber Ankerholz OPERATING SYSTEMS PRODUCTION MANAGER Michele Nelson 6 Containers James Bottomley and Pavel Emelyanov PRODUCTION 11 Rump Kernels: No OS? No Problem! Antti Kantee and Justin Cormack Arnold Gatilao Jasmine Murcia PROGRAMMING TYPESETTER 18 Sirius: Distributing and Coordinating Application Reference Data Star Type Michael Bevilacqua-Linn, Maulan Byron, Peter Cline, Jon Moore, [email protected] and Steve Muir USENIX ASSOCIATION 2560 Ninth Street, Suite 215 SYSADMIN Berkeley, California 94710 26 Making “Push on Green” a Reality Daniel V. Klein, Dina M. Betser, Phone: (510) 528-8649 and Mathew G. Monroe FAX: (510) 548-5738 34 /var/log/manager: Parables of System Administration Management www.usenix.org Andy Seely ;login: is the official magazine of the USENIX Educating System Administrators Charles Border and Kyrre Begnum Association. ;login: (ISSN 1044-6397) 36 is published bi-monthly by the USENIX Association, 2560 Ninth Street, Suite 215, DIVERSITY Berkeley, CA 94710. 40 CRA-W Grad Cohort: Guiding Female Graduate Students Towards $90 of each member’s annual dues is for a Success Dilma Da Silva subscription to ;login:. Subscriptions for non- members are $90 per year. Periodicals postage COLUMNS paid at Berkeley, CA, and additional offices. 42 Practical Perl Tools: Get Your Health Checked David N. Blank-Edelman POSTMASTER: Send address changes to 47 A Path Less Traveled David Beazley ;login:, USENIX Association, 2560 Ninth Street, Suite 215, Berkeley, CA 94710. 52 iVoyeur: Lies, Damned Lies, and Averages Dave Josephsen ©2014 USENIX Association 56 For Good Measure: Testing Dan Geer USENIX is a registered trademark of the 60 /dev/random: The Internet of Things Robert Ferrell USENIX Association. Many of the designations used by manufacturers and sellers to distinguish their products are claimed BOOKS as trademarks. USENIX acknowledges all 62 Book Reviews Rik Farrow and Mark Lamourine trademarks herein. Where those designations appear in this publication and USENIX is aware NOTES of a trademark claim, the designations have been printed in caps or initial caps. 66 USENIX Association Financial Statements for 2013 CONFERENCE REPORTS 68 ATC ’14: 2014 USENIX Annual Technical Conference 82 HotCloud ’14: 6th USENIX Workshop on Hot Topics in Cloud Computing 91 HotStorage ’14: 6th USENIX Workshop on Hot Topics in Storage and File Systems Musings RIK FARROWEDITORIAL Rik is the editor of ;login:. ’ve often rambled on about the future of operating systems, imagining [email protected] something completely different and new. Of course, there are loads of Ipractical issues with that path, like the inability to run any existing software on the spanking new OS. And it turns out there are still things about existing operating systems that can surprise me. I speculated that a future operating system might not look at all like Linux, today’s favorite OS for servers and for OS research projects too. Linux is large, complex, and difficult when it comes to incorporating large changes into it because of its history and design. While the BSD kernels are more modularly designed, they are less popular, and thus not as interesting, or even as well-known. And both are enormous, with many millions of lines of code. While Minix3 is much smaller and actually takes a new approach, it too suffers from the “not as popular as Linux” issue, like the BSDs. I’ve watched the OS space for a while, curious to see if some of the less popular directions taken will pick up a lot of interest. And that interest generally comes from providing features that users, whether they are running servers in some cluster or researchers looking to add the next neat feature or improvement, just can’t live without. Size Is Not Everything Today’s OSes are huge. When I worked with Morrow Designs in the ’80s, I actually put together a set of two, double-density, floppy disks that contained a bootable kernel and utili- ties you needed to recover an unbootable system. That was a total of less than 800 kilobytes of code for the equivalent of a rescue CD, which should sound ridiculous in this day and age. But is it really? The Internet of Things (IoT) already includes inexpensive devices, and that means slower CPUs, small memories, and sometimes relatively generous amounts of flash. With small memories, these devices won’t be booting a generic kernel but one trimmed down to the bare essentials. In one sense, that’s easy enough: You can build a kernel without support for file systems and devices you will never use in a diskless system on chip (SoC) device. Popular examples of this include the Raspberry Pi and the BeagleBone Black. But even these devices are overkill for many IoT applications. Another popular example is the Arduino family, which does not run *nix but may still include networking. Even simpler (and slower with less memory) are the Peripheral Interface Controllers (PICs), favored not just by hobbyists but also by device designers. These devices have really tiny amounts of RAM (really just RAM as registers), yet are more than adequate for many household and industrial devices. They do not run *nix, or even what could ever be called an operating system. Let’s head to the opposite extreme and consider IBM’s Sequoia (Blue Gene/Q) that was installed at Lawrence Livermore National Labs in 2011. Like others in this series, the Sequoia’s compute nodes (some 98,000 of them) run the Compute Node Kernel (CNK). The CNK operating system is just 5000 lines of C++, just enough to communicate with I/O nodes and launch applications that have been compiled just for the CNK environment. The con- cept behind CNK is simple: the bare minimum of memory and processing required so that 2 OCTOBER 2014 VOL. 39, NO. 5 www.usenix.org EDITORIAL Musings most of the CPU and memory can be devoted to computation. The Lineup And it works, as the Sequoia was the world’s fastest computer We begin this issue with two operating systems-related articles. for a while, as well as using 37% less energy than the computer When I met Kirill Korotaev (Parallels) during Linux FAST (BG/K) it replaced.
Recommended publications
  • Unix Protection

    Unix Protection

    View access control as a matrix Protection Ali Mashtizadeh Stanford University Subjects (processes/users) access objects (e.g., files) • Each cell of matrix has allowed permissions • 1 / 39 2 / 39 Specifying policy Two ways to slice the matrix Manually filling out matrix would be tedious • Use tools such as groups or role-based access control: • Along columns: • - Kernel stores list of who can access object along with object - Most systems you’ve used probably do this dir 1 - Examples: Unix file permissions, Access Control Lists (ACLs) Along rows: • dir 2 - Capability systems do this - More on these later. dir 3 3 / 39 4 / 39 Outline Example: Unix protection Each process has a User ID & one or more group IDs • System stores with each file: • 1 Unix protection - User who owns the file and group file is in - Permissions for user, any one in file group, and other Shown by output of ls -l command: 2 Unix security holes • user group other owner group - rw- rw- r-- dm cs140 ... index.html 3 Capability-based protection - Eachz}|{ groupz}|{ z}|{ of threez}|{ lettersz }| { specifies a subset of read, write, and execute permissions - User permissions apply to processes with same user ID - Else, group permissions apply to processes in same group - Else, other permissions apply 5 / 39 6 / 39 Unix continued Non-file permissions in Unix Directories have permission bits, too • Many devices show up in file system • - Need write permission on a directory to create or delete a file - E.g., /dev/tty1 permissions just like for files Special user root (UID 0) has all
  • A Practical UNIX Capability System

    A Practical UNIX Capability System

    A Practical UNIX Capability System Adam Langley <[email protected]> 22nd June 2005 ii Abstract This report seeks to document the development of a capability security system based on a Linux kernel and to follow through the implications of such a system. After defining terms, several other capability systems are discussed and found to be excellent, but to have too high a barrier to entry. This motivates the development of the above system. The capability system decomposes traditionally monolithic applications into a number of communicating actors, each of which is a separate process. Actors may only communicate using the capabilities given to them and so the impact of a vulnerability in a given actor can be reasoned about. This design pattern is demonstrated to be advantageous in terms of security, comprehensibility and mod- ularity and with an acceptable performance penality. From this, following through a few of the further avenues which present themselves is the two hours traffic of our stage. Acknowledgments I would like to thank my supervisor, Dr Kelly, for all the time he has put into cajoling and persuading me that the rest of the world might have a trick or two worth learning. Also, I’d like to thank Bryce Wilcox-O’Hearn for introducing me to capabilities many years ago. Contents 1 Introduction 1 2 Terms 3 2.1 POSIX ‘Capabilities’ . 3 2.2 Password Capabilities . 4 3 Motivations 7 3.1 Ambient Authority . 7 3.2 Confused Deputy . 8 3.3 Pervasive Testing . 8 3.4 Clear Auditing of Vulnerabilities . 9 3.5 Easy Configurability .
  • Nginx 1 Web Server Implementation Cookbook

    Nginx 1 Web Server Implementation Cookbook

    Nginx 1 Web Server Implementation Cookbook Over 100 recipes to master using the Nginx HTTP server and reverse proxy Dipankar Sarkar BIRMINGHAM - MUMBAI This material is copyright and is licensed for the sole use by 2135 Lymington on 26th March 2012 2135 Lymington, Carrollton, 75007 Nginx 1 Web Server Implementation Cookbook Copyright © 2011 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2011 Production Reference: 1180511 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849514-96-5 www.packtpub.com Cover Image by Javier Barria ([email protected]) This material is copyright and is licensed for the sole use by 2135 Lymington
  • System Calls System Calls

    System Calls System Calls

    System calls We will investigate several issues related to system calls. Read chapter 12 of the book Linux system call categories file management process management error handling note that these categories are loosely defined and much is behind included, e.g. communication. Why? 1 System calls File management system call hierarchy you may not see some topics as part of “file management”, e.g., sockets 2 System calls Process management system call hierarchy 3 System calls Error handling hierarchy 4 Error Handling Anything can fail! System calls are no exception Try to read a file that does not exist! Error number: errno every process contains a global variable errno errno is set to 0 when process is created when error occurs errno is set to a specific code associated with the error cause trying to open file that does not exist sets errno to 2 5 Error Handling error constants are defined in errno.h here are the first few of errno.h on OS X 10.6.4 #define EPERM 1 /* Operation not permitted */ #define ENOENT 2 /* No such file or directory */ #define ESRCH 3 /* No such process */ #define EINTR 4 /* Interrupted system call */ #define EIO 5 /* Input/output error */ #define ENXIO 6 /* Device not configured */ #define E2BIG 7 /* Argument list too long */ #define ENOEXEC 8 /* Exec format error */ #define EBADF 9 /* Bad file descriptor */ #define ECHILD 10 /* No child processes */ #define EDEADLK 11 /* Resource deadlock avoided */ 6 Error Handling common mistake for displaying errno from Linux errno man page: 7 Error Handling Description of the perror () system call.
  • Advanced Components on Top of a Microkernel

    Advanced Components on Top of a Microkernel

    Faculty of Computer Science Institute for System Architecture, Operating Systems Group Advanced Components on Top of A Microkernel Björn Döbel What we talked about so far • Microkernels are cool! • Fiasco.OC provides fundamental mechanisms: – Tasks (address spaces) • Container of resources – Threads • Units of execution – Inter-Process Communication • Exchange Data • Timeouts • Mapping of resources TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 2 / 54 Lecture Outline • Building a real system on top of Fiasco.OC • Reusing legacy libraries – POSIX C library • Device Drivers in user space – Accessing hardware resources – Reusing Linux device drivers • OS virtualization on top of L4Re TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 3 / 54 Reusing Existing Software • Often used term: legacy software • Why? – Convenience: • Users get their “favorite” application on the new OS – Effort: • Rewriting everything from scratch takes a lot of time • But: maintaining ported software and adaptions also does not come for free TU Dresden, 2012-07-24 L4Re: Advanced Components Slide 4 / 54 Reusing Existing Software • How? – Porting: • Adapt existing software to use L4Re/Fiasco.OC features instead of Linux • Efficient execution, large maintenance effort – Library-level interception • Port convenience libraries to L4Re and link legacy applications without modification – POSIX C libraries, libstdc++ – OS-level interception • Wine: implement Windows OS interface on top of new OS – Hardware-level: • Virtual Machines TU Dresden, 2012-07-24 L4Re:
  • Relieving the Burden of Track Switch in Modern Hard Disk Drives

    Relieving the Burden of Track Switch in Modern Hard Disk Drives

    Multimedia Systems DOI 10.1007/s00530-010-0218-5 REGULAR PAPER Relieving the burden of track switch in modern hard disk drives Jongmin Gim • Youjip Won Received: 11 November 2009 / Accepted: 22 November 2010 Ó Springer-Verlag 2010 Abstract In this work, we propose a novel hard disk 128 KByte, 17% of the disk space becomes unusable. technique, ‘‘AV Disk’’, for modern multimedia applica- Despite the decreased storage area, track aligning tech- tions. Modern hard disk drives adopt complex sector layout nique increases the overall performance of the hard disk. mechanisms to reduce track and head switch overhead. According to our simulation-based experiment, overall disk While these complex sector layout mechanism can reduce performance increases about 5–25%. Given that capacity of average overhead involved in the track and head switch, hard disk increases 100% every year, we cautiously regard they bring larger variability in the overhead. From a it as reasonable tradeoff to increase the I/O latency of the multimedia application’s point of view, it is important to disk. minimize the worst case I/O latency rather than to improve the average IO latency. We focus our effort to minimize Keyword Hard disk drive Á Multimedia Á Track align Á track switch overhead as well as the variability in track Track switch Á Sector geometry Á Audio and video switch overhead involved in disk I/O. We propose that track of the hard disk drive is aligned with a certain IO size. In this work, we develop an elaborate performance model 1 Introduction with which we can compute the optimal IO unit size for multimedia applications.
  • Ext4 File System and Crash Consistency

    Ext4 File System and Crash Consistency

    1 Ext4 file system and crash consistency Changwoo Min 2 Summary of last lectures • Tools: building, exploring, and debugging Linux kernel • Core kernel infrastructure • Process management & scheduling • Interrupt & interrupt handler • Kernel synchronization • Memory management • Virtual file system • Page cache and page fault 3 Today: ext4 file system and crash consistency • File system in Linux kernel • Design considerations of a file system • History of file system • On-disk structure of Ext4 • File operations • Crash consistency 4 File system in Linux kernel User space application (ex: cp) User-space Syscalls: open, read, write, etc. Kernel-space VFS: Virtual File System Filesystems ext4 FAT32 JFFS2 Block layer Hardware Embedded Hard disk USB drive flash 5 What is a file system fundamentally? int main(int argc, char *argv[]) { int fd; char buffer[4096]; struct stat_buf; DIR *dir; struct dirent *entry; /* 1. Path name -> inode mapping */ fd = open("/home/lkp/hello.c" , O_RDONLY); /* 2. File offset -> disk block address mapping */ pread(fd, buffer, sizeof(buffer), 0); /* 3. File meta data operation */ fstat(fd, &stat_buf); printf("file size = %d\n", stat_buf.st_size); /* 4. Directory operation */ dir = opendir("/home"); entry = readdir(dir); printf("dir = %s\n", entry->d_name); return 0; } 6 Why do we care EXT4 file system? • Most widely-deployed file system • Default file system of major Linux distributions • File system used in Google data center • Default file system of Android kernel • Follows the traditional file system design 7 History of file system design 8 UFS (Unix File System) • The original UNIX file system • Design by Dennis Ritche and Ken Thompson (1974) • The first Linux file system (ext) and Minix FS has a similar layout 9 UFS (Unix File System) • Performance problem of UFS (and the first Linux file system) • Especially, long seek time between an inode and data block 10 FFS (Fast File System) • The file system of BSD UNIX • Designed by Marshall Kirk McKusick, et al.
  • Lecture Notes in Assembly Language

    Lecture Notes in Assembly Language

    Lecture Notes in Assembly Language Short introduction to low-level programming Piotr Fulmański Łódź, 12 czerwca 2015 Spis treści Spis treści iii 1 Before we begin1 1.1 Simple assembler.................................... 1 1.1.1 Excercise 1 ................................... 2 1.1.2 Excercise 2 ................................... 3 1.1.3 Excercise 3 ................................... 3 1.1.4 Excercise 4 ................................... 5 1.1.5 Excercise 5 ................................... 6 1.2 Improvements, part I: addressing........................... 8 1.2.1 Excercise 6 ................................... 11 1.3 Improvements, part II: indirect addressing...................... 11 1.4 Improvements, part III: labels............................. 18 1.4.1 Excercise 7: find substring in a string .................... 19 1.4.2 Excercise 8: improved polynomial....................... 21 1.5 Improvements, part IV: flag register ......................... 23 1.6 Improvements, part V: the stack ........................... 24 1.6.1 Excercise 12................................... 26 1.7 Improvements, part VI – function stack frame.................... 29 1.8 Finall excercises..................................... 34 1.8.1 Excercise 13................................... 34 1.8.2 Excercise 14................................... 34 1.8.3 Excercise 15................................... 34 1.8.4 Excercise 16................................... 34 iii iv SPIS TREŚCI 1.8.5 Excercise 17................................... 34 2 First program 37 2.1 Compiling,
  • Additional Software 1 Additional Software

    Additional Software 1 Additional Software

    Additional Software 1 Additional Software 1 Additional Software 15 Feb 2014 1 1.1 Description 1.1 Description Where to get software written by other parties that might be useful (or necessary) when running mod_perl. 1.2 Perl Perl is probably already installed on your machine, but you should at least check the version you are using. It is highly recommended that you have at least Perl version 5.004. You can get the latest perl version from http://cpan.org/src/. Try the direct download link http://cpan.org/src/stable.tar.gz. You can get Perl documentation from the same location (although copious documentation is included in the downloaded Perl distribution). 1.3 CPAN Downloads You can download most of the Perl modules from CPAN. There are many mirrors of this site. The main site’s URL is http://cpan.org/. You may want to search the Perl modules database by using http://search.cpan.org/. Either use the search form, or type in the name of the package the module is distributed in. For example if you are looking for Apache::DumpHeaders, you can type: http://search.cpan.org/search?dist=Apache-DumpHeaders . 1.4 Apache Get the latest Apache webserver and documentation from http://httpd.apache.org. Try the direct download link http://httpd.apache.org/dist/. 1.5 Squid - Internet Object Cache http://www.squid-cache.org/ Squid Linux 2.x Redhat RPMs : http://home.earthlink.net/~intrep/linux/ 1.6 thttpd - tiny/turbo/throttling HTTP server http://www.acme.com/software/thttpd/ 1.7 mod_proxy_add_forward Ask Bjoern Hansen has written the mod_proxy_add_forward.c module for Apache that sets the X-Forwarded-For field when doing a ProxyPass, similar to what Squid does.
  • Server: Apache

    Server: Apache

    Modern Trends in Network Fingerprinting SecTor [11.21.07] Jay Graver Ryan Poppa // Fingerprinting Topics Why, What, Who & How? Tools in action Why Tools Break Tools EOL New Approaches New Tool // Why Fingerprint? WhiteHat needs accurate identification of hosts in a PenTest report BlackHat reconnaissance SysAdmins track down and identify new services or hosts when they appear on their network // What is a Fingerprint? Looking at something common … 192.168.2.187:8004 192.168.2.187 [152] 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK. 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f .Connection: clo 73 65 0d 0a 41 6c 6c 6f 77 3a 20 4f 50 54 49 4f se..Allow: OPTIO 4e 53 2c 20 47 45 54 2c 20 48 45 41 44 2c 20 50 NS, GET, HEAD, P 4f 53 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e OST..Content‐Len 67 74 68 3a 20 30 0d 0a 44 61 74 65 3a 20 46 72 gth: 0..Date: Fr 69 2c 20 30 32 20 4e 6f 76 20 32 30 30 37 20 32 i, 02 Nov 2007 2 32 3a 32 35 3a 31 38 20 47 4d 54 0d 0a 53 65 72 2:25:18 GMT..Ser 76 65 72 3a 20 6c 69 67 68 74 74 70 64 2f 31 2e ver: lighttpd/1. 34 2e 31 35 0d 0a 0d 0a 4.15...
  • Next Generation Web Scanning Presentation

    Next Generation Web Scanning Presentation

    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
  • Capabilities

    Capabilities

    CS 261, Fall 2015 Scribe notes September 8: Capabilities Scribe: Riyaz Faizullabhoy 1 Motivation for Capabilities In The Confused Deputy, the compiler had two sets of rights: one from the user to access user files such as source code to compile, and another set granted to the compiler intended to access a special statistics file that would collect information about language feature usage. The compiler was installed in the SYSX directory, where it was granted access to write to any file in this directory. Naturally, the statistics file SYSX/STAT was also located in this directory such that the compiler (SYSX/FORT) could add language feature information. To achieve this, the compiler's privileges were set with a home files license that was allowed by the operating system to write to any file in the SYSX directory. A billing information file SYSX/BILL was also stored in SYSX { due to its sensitive nature, this billing file was not directly accessible to users. However, since the compiler was granted access to the entire SYSX directory, users could subvert their access restrictions on the billing information file by using the compiler like so: SYSX/FORT foo.f -o SYSX/BILL The above user-invoked command to the compiler would allow the compiler to first read the user's source code in foo.f, but then the compiler's privilege to SYSX would cause the SYSX/BILL file to be overwritten with the user's binary. In effect, the compiler is the confused deputy having to reconcile both its own and the user's set of privileges, but unfortunately allows for unintended behavior.