n0on3.net

CVE-2010-3081

September 20th, 2010
Write comment

Sometimes you just have to spread alerts such this one.
If you are running 64-bit Linux machines, then you should take care of this vulnerability, because there is also a public exploit that is being used to attack affected production systems. If your distribution has already provided a patch, you just have to update your system kernel. Otherwise, you should patch it yourself. A couple of links about that:

Ksplice developers also wrote a tool to check if your systems have been compromised by that exploit by looking for the backdoors it installs. You can find it here. In order to do the check, just download this source code file, compile it, and run it. You should see something like this:

$ gcc -o diagnose-2010-3081 diagnose-2010-3081.c
$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)
 
$$$ Kernel release: 2.6.26-XX-XXX-XXX
$$$ Backdoor in LSM (1/3): not available.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking...not present.
 
Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.

Otherwise, your system is already compromised.
Patch this vulnerability and consider also running some analysis, because while this is a publicly known exploit, there are probably many bad guys with their own one.

Marsa Alam 2010

September 11th, 2010
Write comment

Well, it’s been a while since I went back from holidays and since memories begin fading away, I want to spend few words to review and remember the amazing place I’ve been. I enjoyed a week with my girlfriend at the Sentido Oriental Dream village ( images from google satellite are pretty old ¬_¬ ) in Marsa Alam, Egypt. We booked the tour with the italian tour operator Viloratour ( italian website ), but the place is also available for international tourists since also the animation is divided in two groups: the italian one ( because there are a lot of us ) and the international one. Anyway, the place is really good, the structures are clean often and well organized with a couple of restaurants and three pools, each with a bar where you can take drinks or snacks for free directly from the poolside or from inside the pool. This is because the treatment of the place is all inclusive ( soft or full, depends on your choice to have alcoholic drinks or not ). Buildings with rooms are connected to restaurants, pools and beach by paths surrounded by palms and flowers. The rooms internally are very hight celling, and each has a small terrace, a minibar, satellite tv, air conditioning and private bathroom. Room service is discreet and you may occasionally find animals sculptures realized with towels on the bed. Anyway, the best part of the place is definitely the sea. The egypt red sea is the place for the barrier reef, where you can see really hundreds of colored and big fishes. Read more

Detach process from parent shell

August 17th, 2010
Write comment

When using UNIX or similar systems via CLI, you typically log in a shell as a single running process, spawned by another process such as any ssh-daemon if you are connecting remotely or by the gnome-terminal process if you are in a gnome-desktop environment, and so on ( by the way, you can check what is your shell spawned from with the pstree utility ). Anyway, from this shell you will probably provide commands, that wil launch programs, that will be put into concrete form by the OS spawning new processes ( actually, forking the current process and calling something like execve ).
While you can play with the launched processes with some jobs control techniques, sometimes you just want to start some programs that should be completed independently from the fate of your shell (e.g. you want to log out, or just to close your terminal emulator, or just your shell somehow dies). That means, in other words, that you may want to run something and then log out letting the machine do the job while you can go performing more pleasant tasks

.
This is also often seen as " turning a process into a daemon " , even if it’s not strictly correct.
This can be easily achieved with the nohup POSIX command that will instruct your process to ignore the SIGHUP signal if your shell dies (e.g. when you log out). To use it, you can just append the command you want to provide after the nohup invocation such as:

nohup ./my_time_consuming_script.sh and its args

By the way, if you use the bash shell, you can get the same result using the disown builtin command, that can remove jobs from the job table, or to mark jobs so that SIGHUP is not sent to them if the parent shell receives it. The syntax is:

disown [-ar] [-h] [jobspec ...]

with options meaning:

-h do not remove from job table
-a apply to all jobs
-r apply to running jobs only

That’s it, let the machine do the jobs and go sunbathing

iphone backup via ssh

August 10th, 2010
Write comment

I recently upgraded my iphone firmware, but since i’m really a paranoid man, i wanted to backup all of my critical stuffs stored on the phone first.
Yes, i know itunes keeps backups of the iphone contents but really, i didn’t want to trust an application and take the risk to loose my contacts, sms, and so on, especially when i was going to do something not expected by that application ( yes, i’m talking of the jailbreak

).
So, since my iphone was already out of jail, i was able to login via ssh into the device system. It simply keep all of your stuffs in (sqlite) databases and folders, so if you know where-is-what the backup process is really simple. So i wrote a simple shell script to do the backup, and here it is. In order to use it, you should:

Mkdir the backup folder you wish to use and copy the script inside
Connect your iphone to a network reachable from the machine you are going to run the script from
Fill the IPHONE_ADDRESS field with the ip address on the given network assigned to the iphone
Toggle flags to decide what you want to backup or not
Run the script

You should also ( if you did not before ) append your public rsa id to your iphone root ‘authorized_keys’ file in order to avoid being prompted for password at each step, as explained in this previous entry.

I did this as root, but you may try running it as mobile if you wish, just replace any root@ with mobile@ using vim or sed ‘s/root@/mobile@/g’.

Also, this is a good chance ( to add the security tag ) to remember you, jailbreaked iphone users, to change the default ssh “alpine” password, because otherwise, if you connect to untrusted (public) networks with the ssh daemon running, stealing all of your personal data may be easy as running this script ( If your first thought is “they won’t know my ip!”, give up: a simple nmap scan will reveal you quickly and easily )

You can download the script here

August 3rd, 2010
Write comment

Ok, this can be found pretty everywhere on the internet, but on the n-th time someone asked me how to use management scripts that do stuffs via SSH without have to enter one or more password, I need to write it here so that next time I’ll have no remorse in saying “go read it online, on my website”.

Well, here’s the story: you can connect via ssh to other hosts without entering your password as long as you can prove that you are authorized to login with that identity. This is achieved by placing a public key on the host you want to connect to, so that when you try to login an authentication handshake is prompted to your machine that is then supposed to own the corresponding private key and thus to be able to complete the handshake.

This is what happend behind, you won’t see anything of this during your ssh login. But in order to make this mechanism work, you have to place that public key on the host you want to connect to. Probably for this purpose you may want to use your public RSA key generated to use ssh, that you can find in ~/.ssh/id_rsa.pub where ‘~’ is your home folder ( please be careful not mismatching this with ~/.ssh/id_rsa that is your private key: instead take care of this file by setting proper permissions and/or encryption because this file represent your identity and if leaked, anyone can access any machine where your public key is placed to consider you an “authorized” user ).

The place where ssh daemon looks for authorized keys when someone try to connect to the system as the given user is, with very small imagination, the ~user/.ssh/authorized_keys file, where ~user is the home of the user you are trying to login as e.g. with ssh user@whaterver-host.com. So basically what you have to do is append your own ~/.ssh/id_rsa.pub to the remote ~user/.ssh/authorized_keys. Here is a command you can use ( you will have to prompt the password two last times ).

ssh user@whaterver-host.com 'if [ ! -d ~/.ssh ];then mkdir ~/.ssh; fi'; 
cat ~/.ssh/id_rsa.pub | \
  ssh user@whaterver-host.com 'cat >> ~/.ssh/authorized_keys'

Now you will be able to login to whaterver-host.com just with ‘ ssh user@whaterver-host.com ‘ without being prompted for any password, even from many machines if you keep your id_rsa pair with you across them.( But remember, keep it safe! )
Cheers!

Checkpoint

July 24th, 2010
Write comment

Well, it’s been a while since I wrote the last post in this blog.
The good news is that it’s because i’ve been pretty busy: exams at university are now over.
It’s time to look for my thesis now, but this is another story and is actually a week-old one, since it happend last friday. Where have I been in the last week ? This is actually what this post is about.
Here is the short answer, unfortunately in italian language, by uniroma.tv
Ladies and gentleman, the Innovation Camp introduction video:

Shortly, you have just seen some scenes from the new research center “La Faggeta” of Roma Tre University, an ex NATO-base now renovated, where 20 lucky students like me just had the opportunity to enjoy a full-immersion week on themes such as innovation, business models, market trends, business team building and startups knowledge.