Re: suid root - bash script

[Valery Reznic]

--- On Thu, 4/23/09, Erez D  wrote:

> From: Erez D 
> Subject: suid root - bash script
> To: "linux-il" 
> Date: Thursday, April 23, 2009, 8:56 AM
> hi
> 
> i have a bush script i want to be run with root permisions,
> no matter which user executes it.
> 
> if it was a binary, i would only need set it suid root.
> 
> but as it is a bash script, suid-ing it doesn't do
> anything, and suid-ing /bin/bash itself will make all
> scripts run suid root, which is surly not what i want.
> 
> 
> 
> there must be a solution for that.
> 
> anyone ?
sudo ?

Valery

> 
> 
> -Inline Attachment Follows-
> 
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> 


  

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Oron Peled]

On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
> i have a bush script i want to be run with root permisions, no matter
> which user executes it.
> 
> if it was a binary, i would only need set it suid root.
> 
> but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
> /bin/bash itself will make all scripts run suid root, which is surly not
> what i want.

There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.

> there must be a solution for that.

Yes. Writing secure applications in a secure way.

Maybe writing a wrapper suid program that totally sanitize
both the environment and command line arguments before
exec'ing the script would make it. Although I wouldn't bet
on it since it only covers the obvious attack vectors against
shell scripts.

On 23.04.2009 Yedidyah Bar-David wrote:
> 'sudo' is what you want.

Why bother? It's easier to simply give those users the root password
as the result would be the same anyway.

-- 
Oron Peled Voice: +972-4-8228492
o...@actcom.co.il  http://www.actcom.co.il/~oron
Linux lasts longer!
-- "Kim J. Brand" 


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Shachar Shemesh]

Oron Peled wrote:


There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
  

Name two?


Maybe writing a wrapper suid program that totally sanitize
both the environment and command line arguments before
exec'ing the script would make it. Although I wouldn't bet
on it since it only covers the obvious attack vectors against
shell scripts.
  

Fine. Make the two cover these obvious vectors, one each.

I have to say that I first heard about this restriction, I thought it 
made a lot of sense. Since then, I have searched for these famed attack 
vectors, and have come up short. Sure, if the script itself has security 
holes, then a suid script will be vulnerable. As I'm sure you know well, 
this is also true of C written code, however.


So my question is: are there attack vectors against the following script?

#!/bin/sh -e

echo "Hello, cruel world"

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ot: isps

[Rafi Gordon]

Oleg, first thanks for your answer.

>> AFAIK, this DPI can block voip application like Skype.

>That's an on-going war, similar to the war between P2P applications
>and DPI. It's not limited to cellular companies, of course.

There is still a little difference here, I believe, with cellular companies.
Cellular companies get their profits mostly I believe with telephony
(the internet service in cellular is quite new). So Skype (or other
voip applications) on a cellular device using internet is a real
threat on their profits. Not all ISPs, on the other hand, deal with
telephony, and most of their profits are from internet services, I
believe.

If this is true, than around the globe, it seems that blocking VOIP
traffic with DPI is more important to cellular companies supplying
internet service than to ISPs.

Or am I wrong?

Regards,
Rafi Gordon

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Yedidyah Bar-David]

On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
>
> Oron Peled wrote:
>>
>> There's a reason why the kernel does not respect suid/sgid bit on shell
>> scripts -- It's because there are gazillions of ways a user can use
>> this script to gain total root access.
>>   
> Name two?

The main famous one, inherent in the way scripts work, is that the
kernel has to look at the first line of the script, run the interpreter
mentioned there with the args provided, and this interpreter then runs,
looks at the script, and decides what to do. Running the interpreter
takes time, and so an attacker can make a symlink to it, run the
symlink, and replace it immediately, and have a chance to make the
interpreter run the attacker's version instead of the original. This is
different from running a binary directly, where the kernel knows where
it was and won't have to look again if you tried replacing a symlink to
it.

>>
>> Maybe writing a wrapper suid program that totally sanitize
>> both the environment and command line arguments before
>> exec'ing the script would make it. Although I wouldn't bet
>> on it since it only covers the obvious attack vectors against
>> shell scripts.
>>   
> Fine. Make the two cover these obvious vectors, one each.
>
> I have to say that I first heard about this restriction, I thought it  
> made a lot of sense. Since then, I have searched for these famed attack  
> vectors, and have come up short.

Well, I now googled for 'setuid scripts security' and found this FAQ:
http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
It also mentions other, more-specific issues.

> Sure, if the script itself has security  
> holes, then a suid script will be vulnerable. As I'm sure you know well,  
> this is also true of C written code, however.

Indeed, but there are some differences - usually, finding bugs in
scripts is easier (especially if you do not have the sources for the
C-coded binary), and in the past there used to be bugs in various
interpreters of various OSes. The last point is hopefully less relevant
today, but so are setuid-scripts (I think no modern unix respects
these).

>
> So my question is: are there attack vectors against the following script?
>
> #!/bin/sh -e
>
> echo "Hello, cruel world"
-- 
Didi


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Noam Rathaus]

Hi Yedidyah,

This "stupid" - in my opinion - restriction also applies to perl script.

And there they also recommend using a C program that will be setuid
that will run the  perl script.

This is of course an over-complicated manner of doing things, not to
mention the fact that if this perl script or c program wrapper is then
called from Apache the restriction still applies and I haven't been
able to get around it.

On Thu, Apr 23, 2009 at 11:54 AM, Yedidyah Bar-David
 wrote:
> On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
>>
>> Oron Peled wrote:
>>>
>>> There's a reason why the kernel does not respect suid/sgid bit on shell
>>> scripts -- It's because there are gazillions of ways a user can use
>>> this script to gain total root access.
>>>
>> Name two?
>
> The main famous one, inherent in the way scripts work, is that the
> kernel has to look at the first line of the script, run the interpreter
> mentioned there with the args provided, and this interpreter then runs,
> looks at the script, and decides what to do. Running the interpreter
> takes time, and so an attacker can make a symlink to it, run the
> symlink, and replace it immediately, and have a chance to make the
> interpreter run the attacker's version instead of the original. This is
> different from running a binary directly, where the kernel knows where
> it was and won't have to look again if you tried replacing a symlink to
> it.
>
>>>
>>> Maybe writing a wrapper suid program that totally sanitize
>>> both the environment and command line arguments before
>>> exec'ing the script would make it. Although I wouldn't bet
>>> on it since it only covers the obvious attack vectors against
>>> shell scripts.
>>>
>> Fine. Make the two cover these obvious vectors, one each.
>>
>> I have to say that I first heard about this restriction, I thought it
>> made a lot of sense. Since then, I have searched for these famed attack
>> vectors, and have come up short.
>
> Well, I now googled for 'setuid scripts security' and found this FAQ:
> http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
> It also mentions other, more-specific issues.
>
>> Sure, if the script itself has security
>> holes, then a suid script will be vulnerable. As I'm sure you know well,
>> this is also true of C written code, however.
>
> Indeed, but there are some differences - usually, finding bugs in
> scripts is easier (especially if you do not have the sources for the
> C-coded binary), and in the past there used to be bugs in various
> interpreters of various OSes. The last point is hopefully less relevant
> today, but so are setuid-scripts (I think no modern unix respects
> these).
>
>>
>> So my question is: are there attack vectors against the following script?
>>
>> #!/bin/sh -e
>>
>> echo "Hello, cruel world"
> --
> Didi
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Yedidyah Bar-David]

Hi Noam,

On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> 
> This "stupid" - in my opinion - restriction also applies to perl script.

This is a free country, you know. You are entitled have your own
opinion. As I exaplained below, the main problem with setuid scripts is
irrespective of interpreter, be it /bin/sh, perl, or your own binary for
whatever language you invented.

> 
> And there they also recommend using a C program that will be setuid
> that will run the  perl script.

Indeed. Or use sudo (which is the same, only general).

> 
> This is of course an over-complicated manner of doing things,

I guess there are other ways to do this, but that's how it is in unix.
As far as I know, Windows does not have something similar at all - if
you want there to run some program as another user, you have to do much
more than setuid it.

> not to
> mention the fact that if this perl script or c program wrapper is then
> called from Apache the restriction still applies and I haven't been
> able to get around it.

I did not understand what exact restriction you talk about, what you
tried to achieve and what was the problem. If you want anyone to try and
help you, please provide some more details.

Best,
-- 
Didi

> On Thu, Apr 23, 2009 at 11:54 AM, Yedidyah Bar-David
>  wrote:
> > On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
> >>
> >> Oron Peled wrote:
> >>>
> >>> There's a reason why the kernel does not respect suid/sgid bit on shell
> >>> scripts -- It's because there are gazillions of ways a user can use
> >>> this script to gain total root access.
> >>>
> >> Name two?
> >
> > The main famous one, inherent in the way scripts work, is that the
> > kernel has to look at the first line of the script, run the interpreter
> > mentioned there with the args provided, and this interpreter then runs,
> > looks at the script, and decides what to do. Running the interpreter
> > takes time, and so an attacker can make a symlink to it, run the
> > symlink, and replace it immediately, and have a chance to make the
> > interpreter run the attacker's version instead of the original. This is
> > different from running a binary directly, where the kernel knows where
> > it was and won't have to look again if you tried replacing a symlink to
> > it.
> >
> >>>
> >>> Maybe writing a wrapper suid program that totally sanitize
> >>> both the environment and command line arguments before
> >>> exec'ing the script would make it. Although I wouldn't bet
> >>> on it since it only covers the obvious attack vectors against
> >>> shell scripts.
> >>>
> >> Fine. Make the two cover these obvious vectors, one each.
> >>
> >> I have to say that I first heard about this restriction, I thought it
> >> made a lot of sense. Since then, I have searched for these famed attack
> >> vectors, and have come up short.
> >
> > Well, I now googled for 'setuid scripts security' and found this FAQ:
> > http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
> > It also mentions other, more-specific issues.
> >
> >> Sure, if the script itself has security
> >> holes, then a suid script will be vulnerable. As I'm sure you know well,
> >> this is also true of C written code, however.
> >
> > Indeed, but there are some differences - usually, finding bugs in
> > scripts is easier (especially if you do not have the sources for the
> > C-coded binary), and in the past there used to be bugs in various
> > interpreters of various OSes. The last point is hopefully less relevant
> > today, but so are setuid-scripts (I think no modern unix respects
> > these).
> >
> >>
> >> So my question is: are there attack vectors against the following script?
> >>
> >> #!/bin/sh -e
> >>
> >> echo "Hello, cruel world"
> > --
> > Didi
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> >

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Backup encryption key

[Yuval Hager]

Hi,

I've been considering encrypting my backups (e.g. using duplicity), but I am 
always afraid to lose the backup key when I lose the data I need to 
restore. This has the unfortunate implications of practically having no 
backups at all.

I'd like to ask the list, when you backup your data (and you do, don't 
you?) - do you use encryption? If so, what measures do you take to ensure 
the key is safer than the data itself?

Cheers,

-- 
yuval


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Noam Rathaus]

Hi Yedidyah,

See below

On Thu, Apr 23, 2009 at 12:34 PM, Yedidyah Bar-David
 wrote:
> Hi Noam,
>
> On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>>
>> This "stupid" - in my opinion - restriction also applies to perl script.
>
> This is a free country, you know. You are entitled have your own
> opinion. As I exaplained below, the main problem with setuid scripts is
> irrespective of interpreter, be it /bin/sh, perl, or your own binary for
> whatever language you invented.
>
>>
>> And there they also recommend using a C program that will be setuid
>> that will run the  perl script.
>
> Indeed. Or use sudo (which is the same, only general).
>
>>
>> This is of course an over-complicated manner of doing things,
>
> I guess there are other ways to do this, but that's how it is in unix.
> As far as I know, Windows does not have something similar at all - if
> you want there to run some program as another user, you have to do much
> more than setuid it.


Windows has the Run As service which does something similar, its a bit
more.. complex, but it allows you to do what you mentioned. I am
skipping on Windows' ability to run Service as other users :)


>
>> not to
>> mention the fact that if this perl script or c program wrapper is then
>> called from Apache the restriction still applies and I haven't been
>> able to get around it.
>
> I did not understand what exact restriction you talk about, what you
> tried to achieve and what was the problem. If you want anyone to try and
> help you, please provide some more details.

My scenario is this:
1) Apache runs a perl (which needs to be setuid => it changes IP addresses, etc)
2) This perl needs to call another perl responsible for updating the
sytem => and managing that it works correctly
3) This perl runs several other Perl scripts that are also setuid as
they replace files

When apache tries to execute the perl's line which says:
system("/usr/local/bin/update.pl")

I get the setuid warning that I need to put a wrapper

I then did:
system("/usr/local/bin/update")

Where update

Just executes update.pl

Both update (written in C) and update.pl (written in perl) are setuid root.

I still get the warning

Thanks for the help.



>
> Best,
> --
> Didi
>
>> On Thu, Apr 23, 2009 at 11:54 AM, Yedidyah Bar-David
>>  wrote:
>> > On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
>> >>
>> >> Oron Peled wrote:
>> >>>
>> >>> There's a reason why the kernel does not respect suid/sgid bit on shell
>> >>> scripts -- It's because there are gazillions of ways a user can use
>> >>> this script to gain total root access.
>> >>>
>> >> Name two?
>> >
>> > The main famous one, inherent in the way scripts work, is that the
>> > kernel has to look at the first line of the script, run the interpreter
>> > mentioned there with the args provided, and this interpreter then runs,
>> > looks at the script, and decides what to do. Running the interpreter
>> > takes time, and so an attacker can make a symlink to it, run the
>> > symlink, and replace it immediately, and have a chance to make the
>> > interpreter run the attacker's version instead of the original. This is
>> > different from running a binary directly, where the kernel knows where
>> > it was and won't have to look again if you tried replacing a symlink to
>> > it.
>> >
>> >>>
>> >>> Maybe writing a wrapper suid program that totally sanitize
>> >>> both the environment and command line arguments before
>> >>> exec'ing the script would make it. Although I wouldn't bet
>> >>> on it since it only covers the obvious attack vectors against
>> >>> shell scripts.
>> >>>
>> >> Fine. Make the two cover these obvious vectors, one each.
>> >>
>> >> I have to say that I first heard about this restriction, I thought it
>> >> made a lot of sense. Since then, I have searched for these famed attack
>> >> vectors, and have come up short.
>> >
>> > Well, I now googled for 'setuid scripts security' and found this FAQ:
>> > http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html
>> > It also mentions other, more-specific issues.
>> >
>> >> Sure, if the script itself has security
>> >> holes, then a suid script will be vulnerable. As I'm sure you know well,
>> >> this is also true of C written code, however.
>> >
>> > Indeed, but there are some differences - usually, finding bugs in
>> > scripts is easier (especially if you do not have the sources for the
>> > C-coded binary), and in the past there used to be bugs in various
>> > interpreters of various OSes. The last point is hopefully less relevant
>> > today, but so are setuid-scripts (I think no modern unix respects
>> > these).
>> >
>> >>
>> >> So my question is: are there attack vectors against the following script?
>> >>
>> >> #!/bin/sh -e
>> >>
>> >> echo "Hello, cruel world"
>> > --
>> > Didi
>> >
>> >
>> > ___
>> > Linux-il mailing list
>> > Linux-il@cs.huji.ac.il
>> > http://mailman.cs.huji.ac.il/mail

Re: suid root - bash script

[Shachar Shemesh]

Noam Rathaus wrote:



not to
mention the fact that if this perl script or c program wrapper is then
called from Apache the restriction still applies and I haven't been
able to get around it.
  


At least on my system, perl installs a suid helper that does this for 
you. You just mark the perl script as suid, and it auto-detects that, 
and uses the helper to run the actual script. The result is you just set 
the perl script suid and that's it.


I already tested it from Apache, and it worked for me (several years ago).

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Noam Rathaus]

Hi Shachar,

Thanks for the response.

I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)

So I guess something is wrong with my apache, or script, or both

On Thu, Apr 23, 2009 at 1:29 PM, Shachar Shemesh  wrote:
> Noam Rathaus wrote:
>
> not to
> mention the fact that if this perl script or c program wrapper is then
> called from Apache the restriction still applies and I haven't been
> able to get around it.
>
>
> At least on my system, perl installs a suid helper that does this for you.
> You just mark the perl script as suid, and it auto-detects that, and uses
> the helper to run the actual script. The result is you just set the perl
> script suid and that's it.
>
> I already tested it from Apache, and it worked for me (several years ago).
>
> Shachar
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.
> http://www.lingnu.com
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Shachar Shemesh]

Yuval Hager wrote:

Hi,

I've been considering encrypting my backups (e.g. using duplicity), but I am 
always afraid to lose the backup key when I lose the data I need to 
restore. This has the unfortunate implications of practically having no 
backups at all.


I'd like to ask the list, when you backup your data (and you do, don't 
you?) - do you use encryption? If so, what measures do you take to ensure 
the key is safer than the data itself?


Cheers,

  
Personally, I put the encryption key on a CD (several copies) and on a 
brand new disk on key (again, several copies), and store them in a safe 
I rented at a bank. I also have some other copies (this time the key is 
itself encrypted) which I store at my lawyer's safe.


Then again, my company makes a living from selling online backups. I 
will readily grant that that procedure is somewhat of an overkill.


Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Fwd: ot: isps

[nir grinberg]

I know for a fact that both Cellcom and Orange initially blocked VoIP
ports on their data services network.  Following some "pressure" ;)
applied on them (by us as well); the networks were opened and today
"theoretically" support VoIP applications.  The current issue with the
providers are the fact that their data network coverage is not similar
to their GSM coverage.  in many locations you will be able to talk via
GSM, but receive a very poor data connection.
Skype is a different issue since it communicate via port 80, though
need a much more advance management tools to be filtered (what's
called Traffic shaping).

It is my own believe that the cellular provider will do what ever in
their power to delay the entry of VoIP application to their networks
from reason discussed.

BTW, if anybody needs a SkypeIn on Israeli numbers, let me know.


nir

-- 
Regards,

Nir Grinberg
I.T.C. IP Technologies Ltd.
n...@israelnumber.com
www.IsraelNumber.com
972.3.9707000


On Thu, Apr 23, 2009 at 10:39 AM, Rafi Gordon  wrote:
> Oleg, first thanks for your answer.
>
>>> AFAIK, this DPI can block voip application like Skype.
>
>>That's an on-going war, similar to the war between P2P applications
>>and DPI. It's not limited to cellular companies, of course.
>
> There is still a little difference here, I believe, with cellular companies.
> Cellular companies get their profits mostly I believe with telephony
> (the internet service in cellular is quite new). So Skype (or other
> voip applications) on a cellular device using internet is a real
> threat on their profits. Not all ISPs, on the other hand, deal with
> telephony, and most of their profits are from internet services, I
> believe.
>
> If this is true, than around the globe, it seems that blocking VOIP
> traffic with DPI is more important to cellular companies supplying
> internet service than to ISPs.
>
> Or am I wrong?
>
> Regards,
> Rafi Gordon
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Shachar Shemesh]

Noam Rathaus wrote:

Hi Shachar,

Thanks for the response.

I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
  

#2 is explicitly stated as not necessary, and even harmful.

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Yedidyah Bar-David]

On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> > I guess there are other ways to do this, but that's how it is in unix.
> > As far as I know, Windows does not have something similar at all - if
> > you want there to run some program as another user, you have to do much
> > more than setuid it.
> 
> 
> Windows has the Run As service which does something similar, its a bit
> more.. complex, but it allows you to do what you mentioned. I am
> skipping on Windows' ability to run Service as other users :)

What's the difference (in use, not in implementation) between Run As and
'su'? Does it allow (by some configuration) running some program as
another user without providing its password? But this is getting
off-topic...

> My scenario is this:
> 1) Apache runs a perl (which needs to be setuid => it changes IP addresses, 
> etc)
> 2) This perl needs to call another perl responsible for updating the
> sytem => and managing that it works correctly
> 3) This perl runs several other Perl scripts that are also setuid as
> they replace files
> 
> When apache tries to execute the perl's line which says:
> system("/usr/local/bin/update.pl")
> 
> I get the setuid warning that I need to put a wrapper
> 
> I then did:
> system("/usr/local/bin/update")
> 
> Where update
> 
> Just executes update.pl
> 
> Both update (written in C) and update.pl (written in perl) are setuid root.
> 
> I still get the warning

But does it or does it not run as root? Perhaps it emits this warning
anyway when the script is setuid. I did not check. If it does not: What
happens when you simply run it yourself from the command line? Does it
work?

You can still try sudo anyway. Read 'man sudoers' and look at the
EXAMPLES section.
-- 
Didi


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Kernel panic/exception

[Noam Rathaus]

Hi,

I am seeing these in the logs and I can't find a documentation to what
might have been causing it:
Apr 23 13:57:47 sp kernel:  <1>Unable to handle kernel paging request
at virtual address 0804c3ac
Apr 23 13:57:47 sp kernel:  printing eip:
Apr 23 13:57:47 sp kernel: c0152dc0
Apr 23 13:57:47 sp kernel: *pde = 089f6067
Apr 23 13:57:47 sp kernel: *pte = 
Apr 23 13:57:47 sp kernel: Oops: 
Apr 23 13:57:47 sp kernel: CPU:0
Apr 23 13:57:47 sp kernel: EIP:0010:[]Not tainted
Apr 23 13:57:47 sp kernel: EFLAGS: 00010202
Apr 23 13:57:47 sp kernel: eax: d201fadc   ebx: d201fac0   ecx:
d7f86000   edx: 0804c3a4
Apr 23 13:57:47 sp kernel: esi: d7f86000   edi:    ebp:
   esp: c83adf04
Apr 23 13:57:47 sp kernel: ds: 0018   es: 0018   ss: 0018
Apr 23 13:57:47 sp kernel: Process pidof (pid: 7080, stackpage=c83ad000)
Apr 23 13:57:47 sp kernel: Stack: 522ba678   000c
  c02ba678 0073
Apr 23 13:57:47 sp kernel:c4b75580 c4bb7c80 c02ba678 c02ba828
 01f0 c8443b00 
Apr 23 13:57:47 sp kernel: 0c00 c0150e04 d7f86000
dae26000   d7f86000
Apr 23 13:57:47 sp kernel: Call Trace:[] [] []
Apr 23 13:57:47 sp kernel:
Apr 23 13:57:47 sp kernel: Code: 8b 42 08 8b 4a 04 8b 52 0c 29 c8 01
c5 85 d2 75 ef 8b 86 ec

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Noam Rathaus]

Hi Yedidyah,

1) It doesn't run => shows error => stops
2) Under root it works => no error => works
3) Should I test it under another user? :)



On Thu, Apr 23, 2009 at 1:51 PM, Yedidyah Bar-David
 wrote:
> On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>> > I guess there are other ways to do this, but that's how it is in unix.
>> > As far as I know, Windows does not have something similar at all - if
>> > you want there to run some program as another user, you have to do much
>> > more than setuid it.
>>
>>
>> Windows has the Run As service which does something similar, its a bit
>> more.. complex, but it allows you to do what you mentioned. I am
>> skipping on Windows' ability to run Service as other users :)
>
> What's the difference (in use, not in implementation) between Run As and
> 'su'? Does it allow (by some configuration) running some program as
> another user without providing its password? But this is getting
> off-topic...
>
>> My scenario is this:
>> 1) Apache runs a perl (which needs to be setuid => it changes IP addresses, 
>> etc)
>> 2) This perl needs to call another perl responsible for updating the
>> sytem => and managing that it works correctly
>> 3) This perl runs several other Perl scripts that are also setuid as
>> they replace files
>>
>> When apache tries to execute the perl's line which says:
>> system("/usr/local/bin/update.pl")
>>
>> I get the setuid warning that I need to put a wrapper
>>
>> I then did:
>> system("/usr/local/bin/update")
>>
>> Where update
>>
>> Just executes update.pl
>>
>> Both update (written in C) and update.pl (written in perl) are setuid root.
>>
>> I still get the warning
>
> But does it or does it not run as root? Perhaps it emits this warning
> anyway when the script is setuid. I did not check. If it does not: What
> happens when you simply run it yourself from the command line? Does it
> work?
>
> You can still try sudo anyway. Read 'man sudoers' and look at the
> EXAMPLES section.
> --
> Didi
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Dotan Cohen]

>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.
>

Sudo uses the user's password, not root's. Don't let the *buntu
version of sudo mislead you: sudo can be used to give specific users
specific privileges, far from total root access.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ot: isps

[Dotan Cohen]

> i want a new Internet connection for my home.
>

Stay away from Netvision. While their network is the best in Israel
when it works, their customer support is terrible, and after
experiencing three days of downtime in January I moved to Bezeq
Beinleumi. Netvision does not see three days of downtime as reason fit
to release me from my one-year contract with them, in fact, of the
remaining 400 NIS on the contract they wanted 800 NIS to terminate it
early!

Netvision has proven that they want our money, not our business. Don't
give them either.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Shachar Shemesh]

Noam Rathaus wrote:

Hi Shachar,

Thanks for the response.

I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)

So I guess something is wrong with my apache, or script, or both
  

On my Debian Lenny:
Installed perl-suid
Installed apache2
Put, in /usr/lib/cgi-bin, a file called "test" that read:

#!/usr/bin/perl

print "Content-Type: text/plain\n";
print "\n";

while(<>) {
print $_;
}


Changed owner to root and added suid.

From a broser, ran:
http://localhost/cgi-bin/test?%2fetc%2fshadow

Result: /etc/shadow was dumped to the browser window.

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Noam Rathaus]

Hi Shachar,

Ok, I will try it out, though as I mentioned in sample I run from this
perl, another perl script that is setuid.

On Thu, Apr 23, 2009 at 2:13 PM, Shachar Shemesh  wrote:
> Noam Rathaus wrote:
>
> Hi Shachar,
>
> Thanks for the response.
>
> I am using here Debian 5.0 and I still get the problem even if I:
> 1) setuid the file to be setuid root
> 2) change the perl interpreter at the top of the script from perl to
> suidperl (they are the same symbloic link, but I tried it anyhow)
>
> So I guess something is wrong with my apache, or script, or both
>
>
> On my Debian Lenny:
> Installed perl-suid
> Installed apache2
> Put, in /usr/lib/cgi-bin, a file called "test" that read:
>
> #!/usr/bin/perl
>
> print "Content-Type: text/plain\n";
> print "\n";
>
> while(<>) {
>     print $_;
> }
>
> Changed owner to root and added suid.
>
> From a broser, ran:
> http://localhost/cgi-bin/test?%2fetc%2fshadow
>
> Result: /etc/shadow was dumped to the browser window.
>
> Shachar
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.
> http://www.lingnu.com
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Kernel panic/exception

[Yedidyah Bar-David]

On Thu, Apr 23, 2009 at 01:59:19PM +0300, Noam Rathaus wrote:
> Hi,
> 
> I am seeing these in the logs and I can't find a documentation to what
> might have been causing it:
> Apr 23 13:57:47 sp kernel:  <1>Unable to handle kernel paging request
> at virtual address 0804c3ac
> Apr 23 13:57:47 sp kernel:  printing eip:
> Apr 23 13:57:47 sp kernel: c0152dc0
> Apr 23 13:57:47 sp kernel: *pde = 089f6067
> Apr 23 13:57:47 sp kernel: *pte = 
> Apr 23 13:57:47 sp kernel: Oops: 
> Apr 23 13:57:47 sp kernel: CPU:0
> Apr 23 13:57:47 sp kernel: EIP:0010:[]Not tainted
> Apr 23 13:57:47 sp kernel: EFLAGS: 00010202
> Apr 23 13:57:47 sp kernel: eax: d201fadc   ebx: d201fac0   ecx:
> d7f86000   edx: 0804c3a4
> Apr 23 13:57:47 sp kernel: esi: d7f86000   edi:    ebp:
>    esp: c83adf04
> Apr 23 13:57:47 sp kernel: ds: 0018   es: 0018   ss: 0018
> Apr 23 13:57:47 sp kernel: Process pidof (pid: 7080, stackpage=c83ad000)
> Apr 23 13:57:47 sp kernel: Stack: 522ba678   000c
>   c02ba678 0073
> Apr 23 13:57:47 sp kernel:c4b75580 c4bb7c80 c02ba678 c02ba828
>  01f0 c8443b00 
> Apr 23 13:57:47 sp kernel: 0c00 c0150e04 d7f86000
> dae26000   d7f86000
> Apr 23 13:57:47 sp kernel: Call Trace:[] [] 
> []
> Apr 23 13:57:47 sp kernel:
> Apr 23 13:57:47 sp kernel: Code: 8b 42 08 8b 4a 04 8b 52 0c 29 c8 01
> c5 85 d2 75 ef 8b 86 ec

To get any idea, you need to translate these addresses to function
names. You do this with ksymoops. Read the manpage or google - most
basic use (and which should work if you have the necessary files
installed) is to put the message in a file (e.g. file1) and run
ksymoops file1
-- 
Didi


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Dotan Cohen]

> I've been considering encrypting my backups (e.g. using duplicity), but I am
> always afraid to lose the backup key when I lose the data I need to
> restore. This has the unfortunate implications of practically having no
> backups at all.
>
> I'd like to ask the list, when you backup your data (and you do, don't
> you?) - do you use encryption? If so, what measures do you take to ensure
> the key is safer than the data itself?
>

My backups are merely encrypted tarballs of my $HOME directory, with a
password. Like you, I fear not having access to whatever data that I
need to open my backups, but do not want to leave them unencrypted.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Yedidyah Bar-David]

On Thu, Apr 23, 2009 at 02:01:29PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> 
> 1) It doesn't run => shows error => stops
> 2) Under root it works => no error => works
> 3) Should I test it under another user? :)

Yes, that's what I meant. Sorry.
-- 
Didi


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ot: isps

[Geoffrey Mendelson]

On Thu, Apr 23, 2009 at 1:34 PM, nir grinberg  wrote:
>  The current issue with the
> providers are the fact that their data network coverage is not similar
> to their GSM coverage.  in many locations you will be able to talk via
> GSM, but receive a very poor data connection.

That's because there are three different networks involved here.
Orange runs 3 networks. a 900mHz GSM (voice and data up to 14.4kbps if
they allow it), 1800Mhz (voice, 14.4k data and higher speed data
(GPRS?) ) and a 2.1gHz 3G network. The 900 mHz network covers all of
the State of Israel and the territories, for legal reasons it does not
cover the PA (nudge, nudge, wink wink). The 1800 mHz network has a
shorter range for each cell and covers less. With the shorter
wavelength there are more "dead spots". The 3g network is similar to
the 1.8gHz network in coverage, I have no idea about the number of
cells.

Cell-Com has an 800mHz D-AMPS network (voice and 9.6k data if they
allow it), an 1800mHz GSM network (voice, 14.4k data and higher speed
data) and a 2.1gHz 3G network.
Coverage is similar to Orange's.

As far as signal path, the 1800mHz and G3 networks have the same
problems with signals being stopped by things like paper, "sandwich"
type wood, trees, etc that wifi has. In fact, it's best to think of
them as "wifi on steroids" when it comes to propigation and coverage.
They also suffer from the effects of multipath (reflected signals) and
the fact that the least power of a signal is at a multiple of half of
the wavelength aka "nulls". So you can get a good signal at one
location and 6 inches farther away from the cell get nothing useable.

It also suffers from the effects of antenna orientation (polarization)
so a vertical antenna will get 100 times the signal as a horizontal
one.

So not only is it possible to be out of coverage of the data network,
it's easily possible to be in a "bad location".

Geoff.



-- 
Geoffrey S. Mendelson N3OWJ/4X1GM
Jerusalem, Israel

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Kernel panic/exception

[Noam Rathaus]

Well looking back a few lines above I see:
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 05:00:00 sp mysqld: Starting MySQL:  succeeded
Apr 23 05:01:00 sp rpcscheduler: rpcd.pl startup succeeded
Apr 23 06:01:00 sp rpcscheduler: rpcd.pl startup succeeded
Apr 23 06:39:55 sp kernel: swap_dup: Bad swap file entry 13823064

Is it a physical memory issue?

Is it a swap file corruption => bad HD?


On Thu, Apr 23, 2009 at 2:18 PM, Yedidyah Bar-David
 wrote:
> On Thu, Apr 23, 2009 at 01:59:19PM +0300, Noam Rathaus wrote:
>> Hi,
>>
>> I am seeing these in the logs and I can't find a documentation to what
>> might have been causing it:
>> Apr 23 13:57:47 sp kernel:  <1>Unable to handle kernel paging request
>> at virtual address 0804c3ac
>> Apr 23 13:57:47 sp kernel:  printing eip:
>> Apr 23 13:57:47 sp kernel: c0152dc0
>> Apr 23 13:57:47 sp kernel: *pde = 089f6067
>> Apr 23 13:57:47 sp kernel: *pte = 
>> Apr 23 13:57:47 sp kernel: Oops: 
>> Apr 23 13:57:47 sp kernel: CPU:    0
>> Apr 23 13:57:47 sp kernel: EIP:    0010:[]    Not tainted
>> Apr 23 13:57:47 sp kernel: EFLAGS: 00010202
>> Apr 23 13:57:47 sp kernel: eax: d201fadc   ebx: d201fac0   ecx:
>> d7f86000   edx: 0804c3a4
>> Apr 23 13:57:47 sp kernel: esi: d7f86000   edi:    ebp:
>>    esp: c83adf04
>> Apr 23 13:57:47 sp kernel: ds: 0018   es: 0018   ss: 0018
>> Apr 23 13:57:47 sp kernel: Process pidof (pid: 7080, stackpage=c83ad000)
>> Apr 23 13:57:47 sp kernel: Stack: 522ba678   000c
>>   c02ba678 0073
>> Apr 23 13:57:47 sp kernel:        c4b75580 c4bb7c80 c02ba678 c02ba828
>>  01f0 c8443b00 
>> Apr 23 13:57:47 sp kernel:         0c00 c0150e04 d7f86000
>> dae26000   d7f86000
>> Apr 23 13:57:47 sp kernel: Call Trace:    [] [] 
>> []
>> Apr 23 13:57:47 sp kernel:
>> Apr 23 13:57:47 sp kernel: Code: 8b 42 08 8b 4a 04 8b 52 0c 29 c8 01
>> c5 85 d2 75 ef 8b 86 ec
>
> To get any idea, you need to translate these addresses to function
> names. You do this with ksymoops. Read the manpage or google - most
> basic use (and which should work if you have the necessary files
> installed) is to put the message in a file (e.g. file1) and run
> ksymoops file1
> --
> Didi
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Yuval Hager]

On Thursday 23 April 2009, Dotan Cohen wrote:
> > I've been considering encrypting my backups (e.g. using duplicity), but
> > I am always afraid to lose the backup key when I lose the data I need
> > to restore. This has the unfortunate implications of practically having
> > no backups at all.
> >
> > I'd like to ask the list, when you backup your data (and you do, don't
> > you?) - do you use encryption? If so, what measures do you take to
> > ensure the key is safer than the data itself?
>
> My backups are merely encrypted tarballs of my $HOME directory, with a
> password. Like you, I fear not having access to whatever data that I
> need to open my backups, but do not want to leave them unencrypted.

How do you use the password in an automated backup then?

-- 
yuval


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Shachar Shemesh]

Yuval Hager wrote:

On Thursday 23 April 2009, Dotan Cohen wrote:
  

I've been considering encrypting my backups (e.g. using duplicity), but
I am always afraid to lose the backup key when I lose the data I need
to restore. This has the unfortunate implications of practically having
no backups at all.

I'd like to ask the list, when you backup your data (and you do, don't
you?) - do you use encryption? If so, what measures do you take to
ensure the key is safer than the data itself?
  

My backups are merely encrypted tarballs of my $HOME directory, with a
password. Like you, I fear not having access to whatever data that I
need to open my backups, but do not want to leave them unencrypted.



How do you use the password in an automated backup then?

  
You encrypt using a public key. You only need the private key in order 
to decrypt.


Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Dotan Cohen]

> How do you use the password in an automated backup then?
>

Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz

And this one to decrypt it:
$ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Yuval Hager]

On Thursday 23 April 2009, Dotan Cohen wrote:
> > How do you use the password in an automated backup then?
>
> Actually, I do not automate it. This is the command that I use to make
> the tarball:
> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
> of=DATE.tbz
>
> And this one to decrypt it:
> $ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -

Well, I was looking for a more streamlined solution. Something that is:
1) automatic
2) offsite (e.g. online)
3) bandwidth and space efficient (due to (2) above)
4) (opt.) encrypted
5) incremental

I currently use rdiff-backup, but it does not abide to (3) above. I started 
looking into duplicity (from the same author), and then thought about 
description, hence the original post.

-- 
yuval


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Shachar Shemesh]

Yuval Hager wrote:

On Thursday 23 April 2009, Dotan Cohen wrote:
  

How do you use the password in an automated backup then?
  

Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
of=DATE.tbz

And this one to decrypt it:
$ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -



Well, I was looking for a more streamlined solution. Something that is:
1) automatic
2) offsite (e.g. online)
3) bandwidth and space efficient (due to (2) above)
4) (opt.) encrypted
5) incremental

I currently use rdiff-backup, but it does not abide to (3) above. I started 
looking into duplicity (from the same author), and then thought about 
description, hence the original post.
  

http://rsyncrypto.lingnu.com + rsync

Provides 1-5.

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Yuval Hager]

On Thursday 23 April 2009, Shachar Shemesh wrote:
> Yuval Hager wrote:
> > On Thursday 23 April 2009, Dotan Cohen wrote:
> >>> How do you use the password in an automated backup then?
> >>
> >> Actually, I do not automate it. This is the command that I use to make
> >> the tarball:
> >> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
> >> of=DATE.tbz
> >>
> >> And this one to decrypt it:
> >> $ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -
> >
> > Well, I was looking for a more streamlined solution. Something that is:
> > 1) automatic
> > 2) offsite (e.g. online)
> > 3) bandwidth and space efficient (due to (2) above)
> > 4) (opt.) encrypted
> > 5) incremental
> >
> > I currently use rdiff-backup, but it does not abide to (3) above. I
> > started looking into duplicity (from the same author), and then thought
> > about description, hence the original post.
>
> http://rsyncrypto.lingnu.com + rsync
>
> Provides 1-5.
>
> Shachar

Thanks. I probably wasn't clear on (5). I would like to be able to go back 
in time when I restore. AFAIK, rsync* solutions are mirroring the current 
state only, where rdiff-backup and duplicity does allow time travel.

There is still the original question about the key handling, I just wanted 
to give a little more context..

--y


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Dotan Cohen]

> Thanks. I probably wasn't clear on (5). I would like to be able to go back
> in time when I restore.

I think that you will have to wait for Stephen Hawkins to recover
before that will be possible.

> AFAIK, rsync* solutions are mirroring the current
> state only, where rdiff-backup and duplicity does allow time travel.
>

Really? Is that based on libhgwells?

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Shachar Shemesh]

Yuval Hager wrote:


Thanks. I probably wasn't clear on (5). I would like to be able to go back 
in time when I restore. AFAIK, rsync* solutions are mirroring the current 
state only, where rdiff-backup and duplicity does allow time travel.


There is still the original question about the key handling, I just wanted 
to give a little more context..


--y
  
rsync allows you to create a new image for each iteration, where the new 
version contains hard links to the old one if nothing changed in the 
file. For all intents and purposes, this is incremental backup.


I should point out one huge disadvantage of storing binary diffs when 
using encrypted systems. There is no (practical) way to erase old 
backups. Your backup storage size is bound to be ever increasing. This 
is because the only way to create a new complete snapshot (i.e. - a 
non-incremental backup) is to retransmit the entire backup data. Because 
the remote side is encrypted, you cannot use it to expand the image 
remotely.


With rsync, you have some storage overhead (changed files are stored 
again in their entirety, rather than merely the changes), but that does 
not reflect in the bandwidth requirement. You gain the advantage that 
every snapshot is independent. You can erase old snapshots in arbitrary 
order, without risking your data.


Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Oleg Goldshmidt]

Oron Peled  writes:

> On 23.04.2009 Yedidyah Bar-David wrote:
>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.

Eh? You can sudo this particular script for a particular user or group
and make it non-modifiable...

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Oleg Goldshmidt]

Dotan Cohen  writes:

>> How do you use the password in an automated backup then?
>>
>
> Actually, I do not automate it. This is the command that I use to make
> the tarball:
> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
>
> And this one to decrypt it:
> $ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -

So you password appears in cleartext in the shell history, probably in
some logs, is ps output, etc?

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Oleg Goldshmidt]

Yuval Hager  writes:

> Well, I was looking for a more streamlined solution. Something that is:
> 1) automatic
> 2) offsite (e.g. online)
> 3) bandwidth and space efficient (due to (2) above)
> 4) (opt.) encrypted
> 5) incremental

A combination of tar (that can do incremental backups) and scp or
similar will do 2, 3, and 5. 1 can be handled by cron. 4 probably has
to be delegated to openssl like was suggested, encrypting with a
public key, etc. 

It should be possible with a simple script. I used to have one that
did everything but encryption, I don't know if I can dig it out (of
backups)... ;-)

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Dotan Cohen]

>> Actually, I do not automate it. This is the command that I use to make
>> the tarball:
>> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
>>
>> And this one to decrypt it:
>> $ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -
>
> So you password appears in cleartext in the shell history, probably in
> some logs, is ps output, etc?
>

Actually, I am aware of that problem. I had considered writing a shell
script to automatically add the date and ask for the password, but
decided that will be my opportunity to learn python instead. So until
I have a spare day to get into Python I'm doing it this way. It is a
single user system, which is not an excuse, but it mitigates risks.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Yuval Hager]

On Thursday 23 April 2009, Shachar Shemesh wrote:
> I should point out one huge disadvantage of storing binary diffs when
> using encrypted systems. There is no (practical) way to erase old
> backups. Your backup storage size is bound to be ever increasing. This
> is because the only way to create a new complete snapshot (i.e. - a
> non-incremental backup) is to retransmit the entire backup data. Because
> the remote side is encrypted, you cannot use it to expand the image
> remotely.

I have not given as much thought as you to the details here, but if I read 
the man page correctly, duplicity does allow to --remove-older-than. I am 
not sure how that works though.

--y


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Yuval Hager]

On Thursday 23 April 2009, Oleg Goldshmidt wrote:
> Yuval Hager  writes:
> > Well, I was looking for a more streamlined solution. Something that is:
> > 1) automatic
> > 2) offsite (e.g. online)
> > 3) bandwidth and space efficient (due to (2) above)
> > 4) (opt.) encrypted
> > 5) incremental
>
> A combination of tar (that can do incremental backups) and scp or
> similar will do 2, 3, and 5. 1 can be handled by cron. 4 probably has
> to be delegated to openssl like was suggested, encrypting with a
> public key, etc.
>
> It should be possible with a simple script. I used to have one that
> did everything but encryption, I don't know if I can dig it out (of
> backups)... ;-)

This is so common, that although possible, I don't believe writing your own 
is the most cost-effective way for a backup system. Of course, YMMV.

--y


signature.asc
Description: This is a digitally signed message part.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ot: isps

[Dan Shimshoni]

Hi,
>Skype is a different issue since it communicate via port 80, though
>need a much more advance management tools to be filtered (what's
>called Traffic shaping).

Are you sure about it ? What do you mean by that ??
Does Skype send the **Audio** in ***TCP*** port 80 ?!
Can TCP  do the job for VOIP audio application across the internet?

As far as I know, all traditional VOIP which run across the Intenet
use UDP for audio (and most of the use SIP).
TCP is much heavier, sincr it is stream-based; it has retransmission,
congesion control, many timers and is very complex. When using TCP,
you are most likely to encounter delays and a bad quality. I know that
there were trials to use TCP in VOIP applications with certain
adjustements, but they did not succeed.


Regards,
Dan

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Diego Iastrubni]

As someone who tried to convince his boss to use Shachar's product, I can tell 
you that there are companies (in israel!) who sell a competing product, which 
is closed source, but:

 * works with a nice Java Based web interface,
 * it has a CLI version (works on 64 bit as well)
 * it's incremental backup
 * their service sends you email when you finish the backup
 * the email tells you what amont of data (in MB) has been sent
 * if you miss a backup a few days, you get a call from them "is everthing 
ok"? - don't trust automated setups!
 * they store up to a week of information as history
 * the traffic is encrypted using blowfish
 * if your initial backup is "huge" they can send someone to your office which 
comes with a USB disk and copies it manually the first time.

Besides it being closed source, written in java and (*) it's a damn good 
service. I can recommend off list if you want. Still, if I had the choise, I 
would use Shachar's service, not only because of (*). I prefear my money to 
go to someone from the community. 

Shame it's not my money, right Shachar? ;-)

(*) has far as I can tell, the encryption key is the password used for the 
service. I also know that a support guy can see the encrypted password of 
each customer. I hope I am drunk+stupid+lazy+mistaking, since if I am right, 
this is completelly fucked up. 

On Thursday 23 April 2009 16:00:27 Shachar Shemesh wrote:
> Yuval Hager wrote:
> > Well, I was looking for a more streamlined solution. Something that is:
> > 1) automatic
> > 2) offsite (e.g. online)
> > 3) bandwidth and space efficient (due to (2) above)
> > 4) (opt.) encrypted
> > 5) incremental
>
> http://rsyncrypto.lingnu.com + rsync
>
> Provides 1-5.
>
> Shachar

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Can't view movies at HUJI archive (castup). Do they work for you?

[Michael Shiloh]

I've always assumed it's a Linux issue, but before I complain to them, 
does this work for anyone else?


I'm running Ubuntu 9.04.

http://w3.castup.net/spielberg/index.aspx?lang=en&id=20

The "trailer" at the begining runs (duration: a couple of seconds), but 
then the main feature stalls.


Michael

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Can't view movies at HUJI archive (castup). Do they work for you?

[Tomer Cohen]

Have you tried the greasemonkey script for castup? It might help.

I am bcc'ing Yehuda, who is responsible for most of the greasemonkey scripts
for video in Israeli websites.



On Thu, Apr 23, 2009 at 23:48, Michael Shiloh
wrote:

> I've always assumed it's a Linux issue, but before I complain to them, does
> this work for anyone else?
>
> I'm running Ubuntu 9.04.
>
> http://w3.castup.net/spielberg/index.aspx?lang=en&id=20
>
> The "trailer" at the begining runs (duration: a couple of seconds), but
> then the main feature stalls.
>
> Michael
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
Tomer Cohen
http://tomercohen.com
Sent from Haifa, Israel
Woody Allen 
- "I am not afraid of death, I just don't want to be there when it
happens."
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Amos Shapira]

2009/4/23 Oleg Goldshmidt :
> Oron Peled  writes:
>
>> On 23.04.2009 Yedidyah Bar-David wrote:
>>> 'sudo' is what you want.
>>
>> Why bother? It's easier to simply give those users the root password
>> as the result would be the same anyway.
>
> Eh? You can sudo this particular script for a particular user or group
> and make it non-modifiable...

...And also configure sudo not to ask for password for this particular
script, preventing sudo from even bothering users with asking for
their own password, if you like.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Can't view movies at HUJI archive (castup). Do they work for you?

[Dotan Cohen]

> I've always assumed it's a Linux issue, but before I complain to them, does
> this work for anyone else?
>
> I'm running Ubuntu 9.04.
>
> http://w3.castup.net/spielberg/index.aspx?lang=en&id=20
>
> The "trailer" at the begining runs (duration: a couple of seconds), but then
> the main feature stalls.
>
> Michael
>

I cannot even get the trailer up, Kubuntu 9.04 installed today.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suid root - bash script

[Oron Peled]

On 23.04.2009 Shachar Shemesh wrote:
> Oron Peled wrote:
> >
> > There's a reason why the kernel does not respect suid/sgid bit on shell
> > scripts -- It's because there are gazillions of ways a user can use
> > this script to gain total root access.
> >   
> Name two?

Numero uno:

  --- cut --- start of /bin/stupid1
  #! /bin/sh -e
  ls /root
  --- cut --- end of /bin/stupid1

As a user:
  --- cut --- start of ~/ls
  #! /bin/sh
  rm -rf /   # I'm self destructive today
  --- cut --- end of ~/ls
  chmod 755 ~/ls
  PATH=$HOME:$PATH /bin/stupid1

Which ls would run?
What would happen if /bin/stupid1 was suid root?

Numero dos:

  --- cut --- start of /bin/stupid2
  #! /bin/bash -e
  echo "Hello, cruel world"
  --- cut --- end of /bin/stupid2

As a user:
  If the previous ~/ls didn't wiped our system yet, let's reuse it ;-)

  BASH_ENV=~/ls /bin/stupid2

  # Yes, this one is based on bashis'm, so what?

> > Maybe writing a wrapper suid program that totally sanitize
> > both the environment and command line arguments before
> > exec'ing the script would make it. Although I wouldn't bet
> > on it since it only covers the obvious attack vectors against
> > shell scripts.
> >   
> Fine. Make the two cover these obvious vectors, one each.

Don't have one ready for command line args yet, IFS games should
be the path to it. But I cannot make them work. Either bash deviates
from the normal/documented behavior or I'm too tired/stupid.

> So my question is: are there attack vectors against the following script?
> 
> #!/bin/sh -e
> 
> echo "Hello, cruel world"

You got lucky this time:
1. echo is built-in command so I didn't find a way to override it.
2. Add a single external command to the script and I can apply numero uno.
3. In the original Bourne shell, echo wasn't built-in, so numero uno would
   work as is.

> I have to say that I first heard about this restriction, I thought it 
> made a lot of sense. Since then, I have searched for these famed attack 
> vectors, and have come up short. Sure, if the script itself has security 
> holes, then a suid script will be vulnerable. As I'm sure you know well, 
> this is also true of C written code, however.

C as a language has minimal external influences and so you *can*
practically write secure code (being careful with the usual suspects -- 
anything coming from the outside).

However, the shell (and most Unix scripting languages) have a very
reach semantics that is affected by many external factors (environment
is one of the most obvious) your chances of writing anything practical
shell script that would not be vulnerable are pretty nil.
[BTW: if I don't find an obvious hole, it doesn't mean there isn't one].

Perl tries to do a little better by its "tainting" mechanism. That's
a very good idea, but it's strength depends on a bug-free implementation
of both perl and all the C-based modules you use. Would you bet on
something like perl-TK being audited enough?

Cheers,

-- 
Oron Peled Voice: +972-4-8228492
o...@actcom.co.il  http://www.actcom.co.il/~oron
Linux:  If you're not careful, you might actually learn something.
-- Allen Wong


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Amos Shapira]

2009/4/23 Dotan Cohen :
> Actually, I am aware of that problem. I had considered writing a shell
> script to automatically add the date and ask for the password, but
> decided that will be my opportunity to learn python instead. So until
> I have a spare day to get into Python I'm doing it this way. It is a
> single user system, which is not an excuse, but it mitigates risks.

Asking for password in one shell line:

read -r -s -p "SubVersion password for user \"$USERNAME\": " DEPLOY_PWD

No biggy :)

--Amos

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Dotan Cohen]

> Asking for password in one shell line:
>
> read -r -s -p "SubVersion password for user \"$USERNAME\": " DEPLOY_PWD
>
> No biggy :)
>

I know that it is not difficult, but it remains my motivation for
treating myself to learn Python. One of these days.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ot: isps

[Amos Shapira]

2009/4/23 Geoffrey Mendelson :
> That's because there are three different networks involved here.
> Orange runs 3 networks. a 900mHz GSM (voice and data up to 14.4kbps if
> they allow it), 1800Mhz (voice, 14.4k data and higher speed data
> (GPRS?) ) and a 2.1gHz 3G network. The 900 mHz network covers all of
> the State of Israel and the territories, for legal reasons it does not
> cover the PA (nudge, nudge, wink wink). The 1800 mHz network has a
> shorter range for each cell and covers less. With the shorter
> wavelength there are more "dead spots". The 3g network is similar to
> the 1.8gHz network in coverage, I have no idea about the number of
> cells.

I'm not going to dispute Geofrrey's (proved) knowledge when he speaks
of something, but my personal experience in the last four weeks of
visiting Israel is that once I got the Orange 3.5G SIM in a Nokia E71
(quad-band, I think it's 850/900/1800/2100) and paid 80 NIS for 5Gb I
managed to receive data signal
wherever I went in Israel (between Ashdod/Mazkeret-Batya to Megido and
Beit-Lechem Haglilit).

Speed is also very good, as far as I can tell it's better than what I
get in Australia. Maybe because their data network is not overloaded
yet?

One thing I think that I noticed is that the battery runs faster too -
I have to refill it every day in order to have enough juice to finish
the next day. In Oz I can run for almost a week without refilling the
battery. I guess that maybe it has to do with fewer towers which
require the phone to increase its own signal strength, but I'm not an
expert.

--Amos

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backup encryption key

[Shachar Shemesh]

Before I begin, I should point out that I never brought my company's 
service up in this thread. Yes, rsyncrypto is my project, and it is a 
major part of the service Lingnu is offering, but it is open source, 
comes built in as part of Debian and Ubuntu, and you can use it without 
paying me or Lingnu a dime.


Diego Iastrubni wrote:
As someone who tried to convince his boss to use Shachar's product, I can tell 
you that there are companies (in israel!) who sell a competing product, which 
is closed source, but:


 * works with a nice Java Based web interface,
 * it has a CLI version (works on 64 bit as well)
 * it's incremental backup
 * their service sends you email when you finish the backup
 * the email tells you what amont of data (in MB) has been sent
 * if you miss a backup a few days, you get a call from them "is everthing 
ok"? - don't trust automated setups!

 * they store up to a week of information as history
 * the traffic is encrypted using blowfish
 * if your initial backup is "huge" they can send someone to your office which 
comes with a USB disk and copies it manually the first time.
  
More than half the points you raise are related to the service, rather 
than the technology. Yes, you can get most of them from Lingnu as well, 
but the discussion here was centered around technology for doing remote 
backups (as I pointed out, I never even brought up the fact that my 
company offers such a service). In particular, the point one before last 
should be used as a huge warning sign as far as the technology is involved.
Besides it being closed source, written in java and (*) it's a damn good 
service. I can recommend off list if you want. Still, if I had the choise, I 
would use Shachar's service, not only because of (*). I prefear my money to 
go to someone from the community. 

  
This is a huge point, though. The traffic transferring the data to the 
remote server is encrypted, but the data on the remote server is not. A 
rogue employee or a security breach may compromise your data.


Of course, once the data is not encrypted, manipulating it is a piece of 
cake. You can perform quite sophisticated server side processing on it.


Shachar

P.s.
Blowfish? In this day and age?

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il