Posts Tagged ‘security’

.note.GNU-stack

By chys on December 25th, 2010

GCC always appends one line to any assembler file (.s) file it generates:

	.section	.note.GNU-stack,"",@progbits

Literally, it adds an empty section named .note.GNU-stack to the object file, but it actually serves a hint to the linker* that code in this object file does not require an executable stack. GNU assembler also accepts command-line option “--noexecstack”, which has the same effect.

If every object file contains a section of this name, the linker knows the whole program does not need an executable stack, and the resulting executable will run with a non-executable stack if the OS and underlying hardware support it (see also NX bit).

Why is this important? In practice, virtually no program needs an executable stack (hackers may sometimes use it, though), but buffer overflow attacks frequently insert and run code in stacks. A non-executable stack helps improve security without any overhead.

* GNU linker only.

Tags: ,

su without password

By chys on November 28th, 2008

Google returns a lot of meaningful results for “sudo without password” and “ssh without password.” I don’t know why googling “su without password” gives no useful info.

To allow a user to become root with su without entering the password, edit /etc/pam.d/su.

For example, in Gentoo (should be the same or similar in other distros) uncommenting the following line allows users in group wheel to su without password:

auth sufficient pam_wheel.so use_uid trust

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Tags: ,

Always start denyhosts with sshd

By chys on October 24th, 2008

Denyhosts is a small tool that frequently checks SSH daemon logs for incoming requests and put suspective IPs into /etc/hosts.deny.

For some reason, denyhosts was not running in recent days in my machine. (It should be automatically started at boot time, but was not.) Today I restarted it, and 7 IPs were immediately banned. They are from all around the world: 1 from US, 1 from Germany, 1 from Turkey, 1 from Armenia, and the rest 3 from China (respectively Xiamen University, Tianjin Netcom, and Qingdao Guangdian).

I then checked /var/log/messages, and found 5236 attacks in the last 5 days.

Yes, hackers all around the world are doing all kinds of brute-force attacks. Last summer, I found someone was using my anonymous proxy at port 3128, which had been open for just a few hours, to send hundreds of spams.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Tags: ,