Archive for the ‘IT’ Category

Geysers video presentation

A video presentation of the GEYSERS project I’m working on at SAP Research.



Wait… where you said you are ?

So far, it’s really time to write something about this :) … Good news!

As I wrote few posts ago I’m over with the exams for my master degree in Computer Science Engineering at Roma Tre University, and as my study course provide for, it’s time to develop the master thesis. After looking for an appropriate topic for few weeks I found a message on the students mailing list originally sent by SAP Research, that is looking for a student interested in writing a technical thesis in the context of an internship in a highly qualified international environment, working on the GEYSERS project. The project itself seemed one of the most interesting things I might hope to find and SAP doesn’t need any introduction at all. Moreover, some of my favorite topics such as cloud computing, virtualization, networking and SLA management are on the table. The message also reported that the concrete topic of the thesis can be tailored to the student’s skills and research interests and is open to include further ideas and suggestions. What else ? In short, a great opportunity in my opinion. So I applied: sent CV, cover letter, references from my professors, and then i got an interview fixed. The interview was fine, and I’ve been hired. So this is it, i’m starting on October 1st. Did i mention that the location of the research center is Zürich, Switzerland :D ?


CVE-2010-3081

Sometimes you just have to spread alerts such this one.
If you are running 64-bit Linux machines, then you should take care of this vulnerability, because there is also a public exploit that is being used to attack affected production systems. If your distribution has already provided a patch, you just have to update your system kernel. Otherwise, you should patch it yourself. A couple of links about that:

Ksplice developers also wrote a tool to check if your systems have been compromised by that exploit by looking for the backdoors it installs. You can find it here. In order to do the check, just download this source code file, compile it, and run it. You should see something like this:

$ gcc -o diagnose-2010-3081 diagnose-2010-3081.c
$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)
 
$$$ Kernel release: 2.6.26-XX-XXX-XXX
$$$ Backdoor in LSM (1/3): not available.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking...not present.
 
Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.

Otherwise, your system is already compromised.
Patch this vulnerability and consider also running some analysis, because while this is a publicly known exploit, there are probably many bad guys with their own one.


Detach process from parent shell

When using UNIX or similar systems via CLI, you typically log in a shell as a single running process, spawned by another process such as any ssh-daemon if you are connecting remotely or by the gnome-terminal process if you are in a gnome-desktop environment, and so on ( by the way, you can check what is your shell spawned from with the pstree utility ). Anyway, from this shell you will probably provide commands, that wil launch programs, that will be put into concrete form by the OS spawning new processes ( actually, forking the current process and calling something like execve ).
While you can play with the launched processes with some jobs control techniques, sometimes you just want to start some programs that should be completed independently from the fate of your shell (e.g. you want to log out, or just to close your terminal emulator, or just your shell somehow dies). That means, in other words, that you may want to run something and then log out letting the machine do the job while you can go performing more pleasant tasks :) .
This is also often seen as " turning a process into a daemon " , even if it’s not strictly correct.
This can be easily achieved with the nohup POSIX command that will instruct your process to ignore the SIGHUP signal if your shell dies (e.g. when you log out). To use it, you can just append the command you want to provide after the nohup invocation such as:

nohup ./my_time_consuming_script.sh and its args

By the way, if you use the bash shell, you can get the same result using the disown builtin command, that can remove jobs from the job table, or to mark jobs so that SIGHUP is not sent to them if the parent shell receives it. The syntax is:

disown [-ar] [-h] [jobspec ...]

with options meaning:

  • -h do not remove from job table
  • -a apply to all jobs
  • -r apply to running jobs only

That’s it, let the machine do the jobs and go sunbathing ;)


iphone backup via ssh

I recently upgraded my iphone firmware, but since i’m really a paranoid man, i wanted to backup all of my critical stuffs stored on the phone first.
Yes, i know itunes keeps backups of the iphone contents but really, i didn’t want to trust an application and take the risk to loose my contacts, sms, and so on, especially when i was going to do something not expected by that application ( yes, i’m talking of the jailbreak :P ).
So, since my iphone was already out of jail, i was able to login via ssh into the device system. It simply keep all of your stuffs in (sqlite) databases and folders, so if you know where-is-what the backup process is really simple. So i wrote a simple shell script to do the backup, and here it is. In order to use it, you should:

  • Mkdir the backup folder you wish to use and copy the script inside
  • Connect your iphone to a network reachable from the machine you are going to run the script from
  • Fill the IPHONE_ADDRESS field with the ip address on the given network assigned to the iphone
  • Toggle flags to decide what you want to backup or not
  • Run the script :P

You should also ( if you did not before ) append your public rsa id to your iphone root ‘authorized_keys’ file in order to avoid being prompted for password at each step, as explained in this previous entry.

I did this as root, but you may try running it as mobile if you wish, just replace any root@ with mobile@ using vim or sed ‘s/root@/mobile@/g’.

Also, this is a good chance ( to add the security tag :P ) to remember you, jailbreaked iphone users, to change the default ssh “alpine” password, because otherwise, if you connect to untrusted (public) networks with the ssh daemon running, stealing all of your personal data may be easy as running this script :P ( If your first thought is “they won’t know my ip!”, give up: a simple nmap scan will reveal you quickly and easily )

You can download the script here

Read more


SSH login without password

Ok, this can be found pretty everywhere on the internet, but on the n-th time someone asked me how to use management scripts that do stuffs via SSH without have to enter one or more password, I need to write it here so that next time I’ll have no remorse in saying “go read it online, on my website”.

Well, here’s the story: you can connect via ssh to other hosts without entering your password as long as you can prove that you are authorized to login with that identity. This is achieved by placing a public key on the host you want to connect to, so that when you try to login an authentication handshake is prompted to your machine that is then supposed to own the corresponding private key and thus to be able to complete the handshake.

This is what happend behind, you won’t see anything of this during your ssh login. But in order to make this mechanism work, you have to place that public key on the host you want to connect to. Probably for this purpose you may want to use your public RSA key generated to use ssh, that you can find in ~/.ssh/id_rsa.pub where ‘~’ is your home folder ( please be careful not mismatching this with ~/.ssh/id_rsa that is your private key: instead take care of this file by setting proper permissions and/or encryption because this file represent your identity and if leaked, anyone can access any machine where your public key is placed to consider you an “authorized” user ).

The place where ssh daemon looks for authorized keys when someone try to connect to the system as the given user is, with very small imagination, the ~user/.ssh/authorized_keys file, where ~user is the home of the user you are trying to login as e.g. with ssh user@whaterver-host.com. So basically what you have to do is append your own ~/.ssh/id_rsa.pub to the remote ~user/.ssh/authorized_keys. Here is a command you can use ( you will have to prompt the password two last times :P ).

ssh user@whaterver-host.com 'if [ ! -d ~/.ssh ];then mkdir ~/.ssh; fi'; 
cat ~/.ssh/id_rsa.pub | \
  ssh user@whaterver-host.com 'cat >> ~/.ssh/authorized_keys'

Now you will be able to login to whaterver-host.com just with ‘ ssh user@whaterver-host.com ‘ without being prompted for any password, even from many machines if you keep your id_rsa pair with you across them.( But remember, keep it safe! )
Cheers!


Return top

About me

Alessandro Manfredi
  twitter facebook linkedIn
  mail Skype foursquare!
  Alessandro Manfredi :.
  n0on3 :.
   PGP Here or Here :.

Latest Tweets

Like this site ? Write a review !

Review www.n0on3.net on alexa.com

Support