DOCSLIB.ORG

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation∗

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation∗ From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation∗ Frederico Araujo Kevin W. Hamlen Sebastian Biedermann Stefan Katzenbeisser The University of Texas at Dallas Technische Universität Darmstadt {frederico.araujo, hamlen}@utdallas.edu {biedermann, katzenbeisser}@seceng.informatik.tu-darmstadt.de ABSTRACT alone released over 100 security bulletins spanning 330 sepa- Traditional software security patches often have the unfortu- rate vulnerabilities in its products during 2013 [33]. However, nate side-effect of quickly alerting attackers that their attempts despite the increasingly prompt availability of security patches, to exploit patched vulnerabilities have failed. Attackers greatly a majority of attacks in the wild continue to exploit vulnera- benefit from this information; it expedites their search for bilities that are known and for which a patch exists [5, 9, 23]. unpatched vulnerabilities, it allows them to reserve their ulti- This is in part because patch adoption is not immediate, mate attack payloads for successful attacks, and it increases and may be slowed by various considerations, such as patch attacker confidence in stolen secrets or expected sabotage compatibility testing, in some sectors. resulting from attacks. As a result, even determined, resourceful attackers often To overcome this disadvantage, a methodology is pro- probe and exploit unpatched, patchable vulnerabilities in their posed for reformulating a broad class of security patches into victims. For example, a 2013 security audit of the U.S. De- honey-patches|patches that offer equivalent security but partment of Energy revealed that 60% of DoE desktops lacked that frustrate attackers' ability to determine whether their critical patch updates, leading to a compromise and exfiltra- attacks have succeeded or failed. When an exploit attempt tion of private information on over 100,000 individuals [22]. is detected, the honey-patch transparently and efficiently The prevalence of unpatched systems has led to tools and redirects the attacker to an unpatched decoy, where the at- technologies via which attackers can quickly derive unique, tack is allowed to succeed. The decoy may host aggressive previously unseen exploits from patches [12], allowing them to software monitors that collect important attack information, infiltrate vulnerable systems. and deceptive files that disinform attackers. An implementa- The obvious solution is, of course, to obey the golden rule tion for three production-level web servers, including Apache of \patch early, patch often." However, once applied, typical HTTP, demonstrates that honey-patching can be realized for security patches have a significant drawback|they advertise large-scale, performance-critical software applications with that the system is patched. For example, a request that minimal overheads. yields garbage output from an unpatched server, but yields an error message from a patched server, readily divulges Categories and Subject Descriptors: D.2.7 [Software whether the server is vulnerable. Attackers can quickly and Engineering]: Distribution, Maintenance, and Enhancement; efficiently probe such servers for known vulnerabilities to D.4.6 [Operating Systems]: Security and Protection; K.6.5 discover patching lapses and prepare potent attacks. [Management of Computing and Information Systems]: Secu- To misdirect such attackers, we propose patching vulnera- rity and Protection|Unauthorized access bilities in such a way that failed exploits appear to succeed. Keywords: Intrusion detection and prevention; Honeypots This frustrates attackers' ability to discern which apparent vulnerabilities will actually divulge secrets or do damage 1. INTRODUCTION once fully exploited. We refer to such a patch as a honey- patch. Honey-patches offer equivalent security to conventional Patching continues to be perhaps the most ubiquitous and patches, but respond to attempted exploits by transparently widely accepted means for addressing newly discovered security redirecting the attacker's connection to a carefully isolated vulnerabilities in commodity software products. Microsoft decoy environment. The decoy is unpatched, allowing the attack to succeed, but gathers information about the threat ∗This research was supported by ONR grant N00014-14-1-0030, AFOSR grant FA9550-14-1-0173, NSF grant 1054629, CASED (e.g., collecting and analyzing previously unseen malware), and EC-SPRIDE Darmstadt, and BMBF grant 01C12S01V. and feeds disinformation to the attacker in the form of falsified data (cf., [11, 48, 62]). As an illustration of where honey-patching could be useful, Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed consider the digital infrastructure mandated by the U.S. Pa- for profit or commercial advantage and that copies bear this notice and the full cita- tient Protection and Affordable Care (\Obamacare") Act [52]. tion on the first page. Copyrights for components of this work owned by others than The act entails the deployment of federal- and state-level web ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- servers that sell health care plans. These servers have been publish, to post on servers or to redistribute to lists, requires prior specific permission identified as inviting targets of directed cyber-attacks, since and/or a fee. Request permissions from [email protected]. they receive a wealth of personally identifying information that CCS’14, November 3–7, 2014, Scottsdale, Arizona, USA. Copyright 2014 ACM 978-1-4503-2957-6/14/11 ...$15.00. could be abused for identity theft and fraud [21]. Patching http://dx.doi.org/10.1145/2660267.2660329. these servers in the conventional way protects against known Listing 1: Abbreviated patch for Heartbleed Listing 2: Honey-patch for Heartbleed 1 + if (1 + 2 + payload + 16 > s->s3->rrec.length) 1 if (1 + 2 + payload + 16 > s->s3->rrec.length) 2 + return 0; // silently discard 2 + f 3 + hp fork(); 4 - return 0; // silently discard exploits, but facilitates an attacker's probing efforts until an 5 + hp skip(return 0); // silently discard unpatched vulnerability is found. Network-level filters redirect 6 + g known malware to honey-servers, but may not catch custom malware payloads whose exploitive behavior is only detected disclosures in recent history, affecting a majority of then- at execution. deployed web servers, including Apache. The patch introduces However, honey-patching the servers and stocking the a conditional that validates SSL/TLS heartbeat packets, decoy environments with false information that has been declining malformed requests. Prior to being patched, attackers red-flagged in identity theft databases greatly increase risk for could exploit this bug to acquire sensitive information from attackers who manage to bypass other safeguards to reach many web servers. the decoy. Apparently successful attacks may then yield This patch exemplifies a common vulnerability mitigation: tainted information that could lead to an arrest when used. dangerous inputs or program states are detected via a boolean Even if the deception is eventually uncovered, defenders gain test, with positive detection eliciting a corrective action. valuable threat information by aggressively monitoring the most dangerous attacks, and attacker reconnaissance efforts The corrective action is typically readily distinguishable by are impeded. attackers|in this case, the attacker request is silently declined. While the concept of honey-patching is straightforward, As a result, the patched and unpatched programs differ only realizing it in practice is not. To demonstrate and evaluate on attack inputs, making the patched system susceptible to its feasibility, we present an implementation for three high- probing. Our goal in this work is to introduce a strategy performance web servers: Apache HTTP, Lighttpd, and Nginx. whereby administrators of products such as Apache can Our implementation, RedHerring, Redirects Exploits to easily transform such patches into honey-patches, whose Deceptive Honeypot Environments for counteRReconnaissance corrective actions impede attackers and offer strategic benefits and INformation Gathering. We chose Apache as our flag- to defenders. ship case-study due to its complexity (2.2M SLOC) and its Toward this end, Listing 2 presents an alternative, honey- use in many security-sensitive contexts. For example, most patched implementation of the same patch. In response Obamacare web sites presently use it. to a malformed input, the honey-patched application forks Our work includes the following contributions: itself onto a confined, ephemeral, decoy environment, and behaves henceforth as an unpatched, vulnerable version of • We outline a strategy for easily reformulating many the software. Specifically, line 3 forks the user session to vendor-supplied, source-level patches into equally secure a decoy container, and macro hp_skip in line 5 elides the honey-patches that raise attacker risk and uncertainty. rejection in the decoy container so that the attack appears • We introduce a light-weight, resource-efficient, and to have succeeded. Meanwhile, the attacker session in the fine-grained approach to transparently fork attacker original container is safely terminated (having been forked to connections to a sandboxed decoy devoid of secrets. the decoy), and legitimate, concurrent connections continue • Our decoy generation
Load more

Recommended publications
  • Reducing Power Consumption in Mobile Devices by Using a Kernel
    IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. Z, NO. B, AUGUST 2017 1 Reducing Event Latency and Power Consumption in Mobile Devices by Using a Kernel-Level Display Server Stephen Marz, Member, IEEE and Brad Vander Zanden and Wei Gao, Member, IEEE E-mail: [email protected], [email protected], [email protected] Abstract—Mobile devices differ from desktop computers in that they have a limited power source, a battery, and they tend to spend more CPU time on the graphical user interface (GUI). These two facts force us to consider different software approaches in the mobile device kernel that can conserve battery life and reduce latency, which is the duration of time between the inception of an event and the reaction to the event. One area to consider is a software package called the display server. The display server is middleware that handles all GUI activities between an application and the operating system, such as event handling and drawing to the screen. In both desktop and mobile devices, the display server is located in the application layer. However, the kernel layer contains most of the information needed for handling events and drawing graphics, which forces the application-level display server to make a series of system calls in order to coordinate events and to draw graphics. These calls interrupt the CPU which can increase both latency and power consumption, and also require the kernel to maintain event queues that duplicate event queues in the display server. A further drawback of placing the display server in the application layer is that the display server contains most of the information required to efficiently schedule the application and this information is not communicated to existing kernels, meaning that GUI-oriented applications are scheduled less efficiently than they might be, which further increases power consumption.
    [Show full text]
  • Onload User Guide
    Onload User Guide Copyright © 2017 SOLARFLARE Communications, Inc. All rights reserved. The software and hardware as applicable (the “Product”) described in this document, and this document, are protected by copyright laws, patents and other intellectual property laws and international treaties. The Product described in this document is provided pursuant to a license agreement, evaluation agreement and/or non‐disclosure agreement. The Product may be used only in accordance with the terms of such agreement. The software as applicable may be copied only in accordance with the terms of such agreement. Onload is licensed under the GNU General Public License (Version 2, June 1991). See the LICENSE file in the distribution for details. The Onload Extensions Stub Library is Copyright licensed under the BSD 2‐Clause License. Onload contains algorithms and uses hardware interface techniques which are subject to Solarflare Communications Inc patent applications. Parties interested in licensing Solarflare's IP are encouraged to contact Solarflare's Intellectual Property Licensing Group at: Director of Intellectual Property Licensing Intellectual Property Licensing Group Solarflare Communications Inc, 7505 Irvine Center Drive Suite 100 Irvine, California 92618 You will not disclose to a third party the results of any performance tests carried out using Onload or EnterpriseOnload without the prior written consent of Solarflare. The furnishing of this document to you does not give you any rights or licenses, express or implied, by estoppel or otherwise, with respect to any such Product, or any copyrights, patents or other intellectual property rights covering such Product, and this document does not contain or represent any commitment of any kind on the part of SOLARFLARE Communications, Inc.
    [Show full text]
  • Programmer's Guide
    Programmer’s Guide Release 18.11.11 Jan 20, 2021 CONTENTS 1 Introduction 1 1.1 Documentation Roadmap...............................1 1.2 Related Publications..................................2 2 Overview 3 2.1 Development Environment..............................3 2.2 Environment Abstraction Layer............................4 2.3 Core Components...................................4 2.3.1 Ring Manager (librte_ring)..........................4 2.3.2 Memory Pool Manager (librte_mempool)..................4 2.3.3 Network Packet Buffer Management (librte_mbuf).............6 2.3.4 Timer Manager (librte_timer)........................6 2.4 Ethernet* Poll Mode Driver Architecture.......................6 2.5 Packet Forwarding Algorithm Support........................6 2.6 librte_net........................................6 3 Environment Abstraction Layer7 3.1 EAL in a Linux-userland Execution Environment..................7 3.1.1 Initialization and Core Launching......................8 3.1.2 Shutdown and Cleanup...........................8 3.1.3 Multi-process Support............................8 3.1.4 Memory Mapping Discovery and Memory Reservation..........8 3.1.5 Support for Externally Allocated Memory.................. 11 3.1.6 Per-lcore and Shared Variables....................... 12 3.1.7 Logs...................................... 12 3.1.8 CPU Feature Identification.......................... 12 3.1.9 User Space Interrupt Event......................... 13 3.1.10 Blacklisting.................................. 14 3.1.11 Misc Functions...............................
    [Show full text]
  • A Linux Kernel Scheduler Extension for Multi-Core Systems
    A Linux Kernel Scheduler Extension For Multi-Core Systems Aleix Roca Nonell Master in Innovation and Research in Informatics (MIRI) specialized in High Performance Computing (HPC) Facultat d’informàtica de Barcelona (FIB) Universitat Politècnica de Catalunya Supervisor: Vicenç Beltran Querol Cosupervisor: Eduard Ayguadé Parra Presentation date: 25 October 2017 Abstract The Linux Kernel OS is a black box from the user-space point of view. In most cases, this is not a problem. However, for parallel high performance computing applications it can be a limitation. Such applications usually execute on top of a runtime system, itself executing on top of a general purpose kernel. Current runtime systems take care of getting the most of each system core by distributing work among the multiple CPUs of a machine but they are not aware of when one of their threads perform blocking calls (e.g. I/O operations). When such a blocking call happens, the processing core is stalled, leading to performance loss. In this thesis, it is presented the proof-of-concept of a Linux kernel extension denoted User Monitored Threads (UMT). The extension allows a user-space application to be notified of the blocking and unblocking of its threads, making it possible for a core to execute another worker thread while the other is blocked. An existing runtime system (namely Nanos6) is adapted, so that it takes advantage of the kernel extension. The whole prototype is tested on a synthetic benchmarks and an industry mock-up application. The analysis of the results shows, on the tested hardware and the appropriate conditions, a significant speedup improvement.
    [Show full text]
  • Linux Kernel Development 3Rd Edition
    ptg Linux Kernel Development Third Edition ptg From the Library of Wow! eBook Developer’s Library ESSENTIAL REFERENCES FOR PROGRAMMING PROFESSIONALS Developer’s Library books are designed to provide practicing programmers with unique, high-quality references and tutorials on the programming languages and technologies they use in their daily work. All books in the Developer’s Library are written by expert technology practitioners who are especially skilled at organizing and presenting information in a way that’s useful for other programmers. Key titles include some of the best, most widely acclaimed books within their topic areas: PHP & MySQL Web Development Python Essential Reference Luke Welling & Laura Thomson David Beazley ISBN 978-0-672-32916-6 ISBN-13: 978-0-672-32978-6 MySQL Programming in Objective-C 2.0 ptg Paul DuBois Stephen G. Kochan ISBN-13: 978-0-672-32938-8 ISBN-13: 978-0-321-56615-7 Linux Kernel Development PostgreSQL Robert Love Korry Douglas ISBN-13: 978-0-672-32946-3 ISBN-13: 978-0-672-33015-5 Developer’s Library books are available at most retail and online bookstores, as well as by subscription from Safari Books Online at safari.informit.com Developer’s Library informit.com/devlibrary From the Library of Wow! eBook Linux Kernel Development ptg Third Edition Robert Love Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Cape Town • Sydney • Tokyo • Singapore • Mexico City From the Library of Wow! eBook Linux Kernel Development Acquisitions Editor Third Edition Mark Taber Development Copyright © 2010 Pearson Education, Inc.
    [Show full text]
  • ODROID-HC2: 3.5” High Powered Storage  February 1, 2018
    ODROID WiFi Access Point: Share Files Via Samba February 1, 2018 How to setup an ODROID with a WiFi access point so that an ODROID’s hard drive can be accessed and modied from another computer. This is primarily aimed at allowing access to images, videos, and log les on the ODROID. ODROID-HC2: 3.5” High powered storage February 1, 2018 The ODROID-HC2 is an aordable mini PC and perfect solution for a network attached storage (NAS) server. This device home cloud-server capabilities centralizes data and enables users to share and stream multimedia les to phones, tablets, and other devices across a network. It is an ideal tool for many use Using SquashFS As A Read-Only Root File System February 1, 2018 This guide describes the usage of SquashFS PiFace: Control and Display 2 February 1, 2018 For those who have the PiFace Control and Display 2, and want to make it compatible with the ODROID-C2 Android Gaming: Data Wing, Space Frontier, and Retro Shooting – Pixel Space Shooter February 1, 2018 Variations on a theme! Race, blast into space, and blast things into pieces that are racing towards us. The fun doesn’t need to stop when you take a break from your projects. Our monthly pick on Android games. Linux Gaming: Saturn Games – Part 1 February 1, 2018 I think it’s time we go into a bit more detail about Sega Saturn for the ODROID-XU3/XU4 Gaming Console: Running Your Favorite Games On An ODROID-C2 Using Android February 1, 2018 I built a gaming console using an ODROID-C2 running Android 6 Controller Area Network (CAN) Bus: Implementation
    [Show full text]
  • Monitoring File Events
    MONITORING FILE EVENTS Some applications need to be able to monitor files or directories in order to deter- mine whether events have occurred for the monitored objects. For example, a graphical file manager needs to be able to determine when files are added or removed from the directory that is currently being displayed, or a daemon may want to monitor its configuration file in order to know if the file has been changed. Starting with kernel 2.6.13, Linux provides the inotify mechanism, which allows an application to monitor file events. This chapter describes the use of inotify. The inotify mechanism replaces an older mechanism, dnotify, which provided a subset of the functionality of inotify. We describe dnotify briefly at the end of this chapter, focusing on why inotify is better. The inotify and dnotify mechanisms are Linux-specific. (A few other systems provide similar mechanisms. For example, the BSDs provide the kqueue API.) A few libraries provide an API that is more abstract and portable than inotify and dnotify. The use of these libraries may be preferable for some applications. Some of these libraries employ inotify or dnotify, on systems where they are available. Two such libraries are FAM (File Alteration Monitor, http:// oss.sgi.com/projects/fam/) and Gamin (http://www.gnome.org/~veillard/gamin/). 19.1 Overview The key steps in the use of the inotify API are as follows: 1. The application uses inotify_init() to create an inotify instance. This system call returns a file descriptor that is used to refer to the inotify instance in later operations.
    [Show full text]
  • Unbreakable Enterprise Kernel Release Notes for Unbreakable Enterprise Kernel Release 3
    Unbreakable Enterprise Kernel Release Notes for Unbreakable Enterprise Kernel Release 3 E48380-10 June 2020 Oracle Legal Notices Copyright © 2013, 2020, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Kernel Korner
    Kernel Korner http://0-delivery.acm.org.innopac.lib.ryerson.ca/10.1145/1110000/11030... Kernel Korner Intro to inotify Robert Love Abstract Applications that watch thousands of files for changes, or that need to know when a storage device gets disconnected, need a clean, fast solution to the file change notification problem. Here it is. John McCutchan and I had been working on inotify for about a year when it was finally merged into Linus' kernel tree and released with kernel version 2.6.13. Although a long struggle, the effort culminated in success and was ultimately worth every rewrite, bug and debate. What Is inotify? inotify is a file change notification system—a kernel feature that allows applications to request the monitoring of a set of files against a list of events. When the event occurs, the application is notified. To be useful, such a feature must be simple to use, lightweight with little overhead and flexible. It should be easy to add new watches and painless to receive notification of events. To be sure, inotify is not the first of its kind. Every modern operating system provides some sort of file notification system; many network and desktop applications require such functionality—Linux too. For years, Linux has offered dnotify. The problem was, dnotify was not very good. In fact, it stank. dnotify, which ostensibly stands for directory notify, was never considered easy to use. Sporting a cumbersome interface and several painful features that made life arduous, dnotify failed to meet the demands of the modern desktop, where asynchronous notification of events and a free flow of information rapidly are becoming the norm.
    [Show full text]
  • Deployment Guide
    Deployment Guide SUSE CaaS Platform 4.2.4 Deployment Guide: This guide describes deployment for SUSE CaaS Platform 4.2.4. SUSE CaaS Platform 4.2.4 by Markus Napp and Nora Kořánová Publication Date: 2020-12-11 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Contents vi About This Guide vii 1 Required Background vii 2 Available Documentation vii 3 Feedback viii 4 Documentation Conventions viii 1 Requirements 1 1.1 Platform 1 1.2 Nodes 1 1.3 Hardware 2 Management Workstation 2 • Storage Sizing 2 • Storage Performance 5 1.4 Networking 7 Sub-Network Sizing 7 • Ports 8 • IP Addresses 9 • IP Forwarding 10 • Networking Whitelist 10 • Communication 11 • Performance 11 • Security 12 • Replicas 12 2 Deployment Scenarios 14 2.1 Default Deployment Scenario 14 2.2 Airgapped deployment 16 Process Checklist 16 • Concepts 17 • Requirements 20 • RPM Repository Mirror 24 • Updating RPM Repository Mirror 25 • Container Registry Mirror 26 • Helm Chart Repository Mirror 34 • Updating Registry Mirror For Helm Charts 35 • Deploying SUSE CaaS Platform 38 • Troubleshooting 38 iii Deployment Guide 3 Deployment Instructions 40 3.1 Deployment Preparations 40 Basic SSH Key Configuration 40 • Registration Code 42 • Unique Machine IDs 43 • Installation Tools 44 • Load Balancer 45 3.2 Deployment on SUSE OpenStack Cloud 54 Deploying the Cluster Nodes 56 • Logging in to the Cluster Nodes 61 • Container Runtime Proxy 63 3.3 Deployment on VMware 63 Environment Description 63 • Choose a Setup Type 64 • Setup with AutoYaST 64 • Setup Using
    [Show full text]
  • Analyzing a Decade of Linux System Calls
    Empir Software Eng https://doi.org/10.1007/s10664-017-9551-z Analyzing a decade of Linux system calls Mojtaba Bagherzadeh1 · Nafiseh Kahani1 · Cor-Paul Bezemer1 · Ahmed E. Hassan1 · Juergen Dingel1 · James R. Cordy1 © Springer Science+Business Media, LLC 2017 Abstract Over the past 25 years, thousands of developers have contributed more than 18 million lines of code (LOC) to the Linux kernel. As the Linux kernel forms the central part of various operating systems that are used by millions of users, the kernel must be continuously adapted to the changing demands and expectations of these users. The Linux kernel provides its services to an application through system calls. The combined set of all system calls forms the essential Application Programming Interface (API) through which an application interacts with the kernel. In this paper, we conduct an empirical study of 8,770 changes that were made to Linux system calls during the last decade (i.e., from April 2005 to December 2014). In particular, we study the size of the changes, and we manually identify the type of changes and bug fixes that were made. Our analysis provides an overview of the evolution of the Linux system calls over the last decade. We find that there was a considerable amount of technical debt in the kernel, that was addressed by adding a number of sibling calls (i.e., 26% of all system calls). In addition, we find that by far, the ptrace() and signal handling Communicated by: Harald Gall Cor-Paul Bezemer [email protected] Mojtaba Bagherzadeh [email protected] Nafiseh Kahani [email protected] Ahmed E.
    [Show full text]
  • Linux/UNIX System Programming Fundamentals
    Linux/UNIX System Programming Fundamentals Michael Kerrisk man7.org NDC TechTown; August 2020 ©2020, man7.org Training and Consulting / Michael Kerrisk. All rights reserved. These training materials have been made available for personal, noncommercial use. Except for personal use, no part of these training materials may be printed, reproduced, or stored in a retrieval system. These training materials may not be redistributed by any means, electronic, mechanical, or otherwise, without prior written permission of the author. These training materials may not be used to provide training to others without prior written permission of the author. Every effort has been made to ensure that the material contained herein is correct, including the development and testing of the example programs. However, no warranty is expressed or implied, and the author shall not be liable for loss or damage arising from the use of these programs. The programs are made available under Free Software licenses; see the header comments of individual source files for details. For information about this course, visit http://man7.org/training/. For inquiries regarding training courses, please contact us at [email protected]. Please send corrections and suggestions for improvements to this course material to [email protected]. For information about The Linux Programming Interface, please visit http://man7.org/tlpi/. Short table of contents 1 Course Introduction 1-1 2 Fundamental Concepts 2-1 3 File I/O and Files 3-1 4 Directories and Links 4-1 5 Processes 5-1 6 Signals:
    [Show full text]