Programming
The 101 of ELF files on Linux: Understanding and Analysis
An step-by-step introduction into ELF files. Learn the structure and format, to understand how binaries and libraries on Linux systems work.
Summary
Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where ELF or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial!
Linux and ASLR: kernel/randomize_va_space
ASLR protects the Linux kernel and programs against different attacks. It can be tuned with the randomize_va_space setting to provide different protections.
Summary
Configuring ASLR with randomize_va_space
The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure actually does and how it works.
Understanding ASLR
In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder. A normal program consists of several components, which are loaded into memory and flagged with special properties. Some pieces of the program are executable bits, others are normal data. Before going into these properties, let’s first determine the main goal of a program. Simply said, it should have a start procedure, maintain itself, and finally end. For some programs this whole cycle can take milliseconds, others may take years to complete. It all depends on the program, its stability and how often a system is rebooted.
5 things you didn’t know about shell scripting
Shell scripting doesn't have to be boring. Let's look at a few common things that many don't know about about shell scripts.
Summary
Our security auditing tool Lynis is a toolkit consisting of several shell scripts. Many users of the software actually never realized it was written as a bunch of shells scripts. Now that the secret is out, it is time to learn why we used shell scripting. Here are 5 reasons!
1. Shell scripting is powerful
Yes, people asked us why our tool Lynis was not written in Perl, Python, Ruby, C++ etc.. But honestly, why would we? It is portable, no compilation needed and supports almost every single Unix based system there is. Combine it with the common available tools like awk, grep and sed and you have a great foundation.
How and why Linux daemons drop privileges
By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.
Summary
In this article we have a look at the privileges of Linux daemons and dropping privileges in particular. The samples provided are in C.
Why drop privileges?
Some daemons need root permissions to start. This happens for example when a daemon wants to bind to a low port (<1024). However running network based daemons with root permissions is considered to be a serious risk. In case of compromise of the process, an attacker has full access to the system. This is why software like nginx starts with a master process and forks non-privileged child processes. These child processes (or workers), run under the context of non-privileged account like www-data.