chys's random notes » security http://en.chys.info Study more problems; Talk less of isms. Tue, 27 Dec 2011 11:56:38 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 .note.GNU-stack http://en.chys.info/2010/12/note-gnu-stack/ http://en.chys.info/2010/12/note-gnu-stack/#comments Sat, 25 Dec 2010 07:16:17 +0000 chys http://en.chys.info/?p=870 Related posts:
  1. Dynamic library symlinks
]]> GCC always appends one line to any assembler file (.s) file it generates:

	.section	.note.GNU-stack,"",@progbits

Literally, it adds an empty section named .note.GNU-stack to the object file, but it actually serves a hint to the linker* that code in this object file does not require an executable stack. GNU assembler also accepts command-line option “--noexecstack”, which has the same effect.

If every object file contains a section of this name, the linker knows the whole program does not need an executable stack, and the resulting executable will run with a non-executable stack if the OS and underlying hardware support it (see also NX bit).

Why is this important? In practice, virtually no program needs an executable stack (hackers may sometimes use it, though), but buffer overflow attacks frequently insert and run code in stacks. A non-executable stack helps improve security without any overhead.

* GNU linker only.

Related posts:

  1. Dynamic library symlinks

]]> http://en.chys.info/2010/12/note-gnu-stack/feed/ 1 su without password http://en.chys.info/2008/11/su-without-password/ http://en.chys.info/2008/11/su-without-password/#comments Sat, 29 Nov 2008 05:08:00 +0000 chys http://blog.chys.info/2008/11/su-without-password/ Related posts:
  1. SSH without password
  2. html2text
]]> Google returns a lot of meaningful results for “sudo without password” and “ssh without password.” I don’t know why googling “su without password” gives no useful info.

To allow a user to become root with su without entering the password, edit /etc/pam.d/su.

For example, in Gentoo (should be the same or similar in other distros) uncommenting the following line allows users in group wheel to su without password:

auth sufficient pam_wheel.so use_uid trust

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Related posts:

  1. SSH without password
  2. html2text

]]> http://en.chys.info/2008/11/su-without-password/feed/ 0 Always start denyhosts with sshd http://en.chys.info/2008/10/always-start-denyhosts-with-sshd/ http://en.chys.info/2008/10/always-start-denyhosts-with-sshd/#comments Fri, 24 Oct 2008 23:32:00 +0000 chys http://blog.chys.info/2008/10/always-start-denyhosts-with-sshd/ Related posts:
  1. Leap year bug crashes Zune
]]> Denyhosts is a small tool that frequently checks SSH daemon logs for incoming requests and put suspective IPs into /etc/hosts.deny.

For some reason, denyhosts was not running in recent days in my machine. (It should be automatically started at boot time, but was not.) Today I restarted it, and 7 IPs were immediately banned. They are from all around the world: 1 from US, 1 from Germany, 1 from Turkey, 1 from Armenia, and the rest 3 from China (respectively Xiamen University, Tianjin Netcom, and Qingdao Guangdian).

I then checked /var/log/messages, and found 5236 attacks in the last 5 days.

Yes, hackers all around the world are doing all kinds of brute-force attacks. Last summer, I found someone was using my anonymous proxy at port 3128, which had been open for just a few hours, to send hundreds of spams.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

Related posts:

  1. Leap year bug crashes Zune

]]> http://en.chys.info/2008/10/always-start-denyhosts-with-sshd/feed/ 0