Venkata Kishore's Weblog
Sunday Nov 26, 2006
System call flow in lx brand
Recently for the FOSS.in presentation, I started looking through the source code for BrandZ. There are some interesting things that I found out in the design document that is present on the BrandZ community page in OpenSolaris.org webpage.
If you follow the flow in the system call emulation diagram you finally end up calling the linux system call again, as the second time when the solaris systemcall is invoked by lx library function it checks the brand data of the proc_t structure and finds it as a linux brand and again goes to the int80_handler of the brand's kernel module. I don't mean that the diagram is wrong, the developers purposfully made it like this as they are finally going to implement that in future releases. So after consulting Nils Nieuwejaar and Edward Pilatowicz I came up with the following system call flow diagram for lx brand.
The numbered arrows shows the exact systemcall flow, arrow heads represent the call direction.
Posted at 12:13PM Nov 26, 2006 by mvkishore in General |
Friday Jul 22, 2005
Buffer overflow
Its really nice & very interesting to clear the clouds in my mind about different topics. And wanted to share and bookmark it.I started exploiting this after an interesting topic from Chandan, about the security. Though I attended it earlier this is much clearer to me now. He discussed about the "Buffer over flow" exploits. It is a black box for me all these days, so wanted to know more about it.
Buffer overflow occurs when you have a fixed memory area, and you are trying to put more data than it can really take. Like copying 30 characters into a character array of length 20. This can cause a serious security vulnerability.
Here is how it can happen. The stack always grows downwards, in both X86 and sparc boxes. When a function is called typically in an X86 machine, the return address will bepushed into the stack and then the caller functions frame pointer. Then all the local variable for the function will be created.
Now suppose you are allocated an array of size 10 it will allocate a 10 byte array and give you the least address (or) the starting address. If you copy a 20 byte content into the array then the buffer overflows, and this will goes into the return address of the caller function. If the exploiter cleverly puts address inthe return address that points to the "exec bash" source, then after completing the function bash code will be executed and gives the bash shell for the root.
This is how the hackers will exploit the buffer overflow vulnerability.
Other interesting points:
- In S9 the stack is executable but in S10 it is not executable so the above exploit can't happen.
- BOF can also happen with Data section being overflowed to go to stack section.
Posted at 07:14AM Jul 22, 2005 by mvkishore in General | Comments[12]
Wednesday Jun 08, 2005
Systems Management in Solaris
Ever wanted to know about the system management tools in solaris, that are used to partition disks, add new users either to the hosts or to the different naming domains, view logs, system information, Resource controls etc.., then this is for you. This blog briefs about the different products that are used for the system management in solaris10 in simple terminology, for detailed information follow the links given in each tool.WBEM
This is the acronym for Web Based Enterprise Management, which is an industry defined set of management and Internet standard technologies developed to unify the management of enterprise computing environments. This is the backend for managing the Solaris box.In WBEM's terminology each and every managed resource like disk, user, projects, printer, network etc.. will be treated as an object called CIM(Common Interface Model), and through CIM schema defines different attributes and the operations that can be performed on the resources. Providers are written for these resources according to the schema. Since the schema is universally accepted and published, the front end tools can be written without bothering about the provider implementation. more...
SMC
This is the acronym for Solaris Management Console. This is a single login place holder for all the management applications in Solaris, so that applications need not worry about the GUI development, login module etc.. With SMC application developers just have to worry about the way of taking inputs from the user & presenting them with the data from the WBEM server. There are tools to compile and register the application with the SMC console. This tool is tightly coupled with WBEM. more...Java Web Console
This is a newly developed web based console infrastructure tool for all the management applications in solaris. This has much more advanced features compared to SMC and it is not coupled with WBEM.Till version 2.x this is based on JATO framework and from Java Web Console3.x it is been moved to JSF framework. Also developing User interface is much simpler compared to applications on SMC. more...
Posted at 04:33AM Jun 08, 2005 by mvkishore in General | Comments[3]
Wednesday Jun 01, 2005
Signal handler for a shell script
If you want to handle a signal in shell script try thistrap "
Ex:
1)trap "echo Kishore" INT
2)trap "echo kishore" 2
Sample script:
#!/bin/sh
trap 'echo "Ignoring Control-C..."' 2
for i in 1 2 3 4 5 6 7 8
do
sleep 2
done
echo "program now terminated normally..."
exit 0
Posted at 04:30AM Jun 01, 2005 by mvkishore in General | Comments[1]
Tuesday May 31, 2005
My first blog message
This is my first blog message. Trying to find out what to write.... Ok, let me brief about my self, I'm with SUN since one year 5 months & 19 days (Sorry I don't have time to calculate the hours and minutes now). I am very much interested in listening to the music, reading about telugu movies and gossips(Great fan of http://idlebrain.com). Also love to solve puzzle, what ever form it is. Fond of OOAD concepts, design patterns & device drivers. This is for today, I am planning to blog the OOAD design patterns that I read. Try to blog the interview questions.Posted at 04:32AM May 31, 2005 by mvkishore in General | Comments[1]
Subscribe!
