God’s Own Kitchen by Rashmi Bansal

I had read two other books from Rashmi Bansal which i had liked. Based on my opinion about previous books, read this book too and i was not disappointed. Book is about “Akshaya Patra” program by ISCON temple. For all who have not heard about Akshaya Patra, it’s a program which sponsors meal in government schools and places near factories throughout India. It was started in Bangalore for 1000+ school children and has reached 1.5 million meals a day spread across India. Author has explained about the program from day 1 when it was started in year 2000 for about 1000+ children’s and how it could scale to 1.5 million meals per day till now. There will be social and financial problems for any organization and Akshaya Patra has also gone through this. Serving thousands of meals everyday with only money raised from charity is a challenge and Akshaya Patra has gone through financial crisis at times. In one such circumstance, instead of stopping the meal program, they have taken a brave effort to take loan and continue the program which is notable. After initial struggle, state governments recognized the effort of the organization and are contributing to the program by providing raw material/ingredients for meals which has reduced the cost per meal. With the money raised from charity and support from state governments, Akshaya Patra is able to continue serving meals day after day without a break.

Serving 1.5 million meals a day is a remarkable achievement. Surprisingly, each meal cost is 6 Rs/- only inclusive of transportation cost of taking the meal to schools and other locations. Most of the people working in ISCON are volunteers and do not take any salary for the job. This also contributes for low cost of meals. To sponsor a child meal for an entire year it cost’s around 1000 Rs/-. Government of Karnataka and Tamilnadu have started Amma Canteen and Indira Canteen which serve meals at low cost couple of years back. But Akshaya Patra is doing it from year 2000. This is something which all state governments can replicate to provide good food at low cost.

I am very much impressed with the program and it’s mission. I will be doing my part my contributing to Akshaya Patra. I urge others also to contribute for the program too with this writing. If you are convinced about the program, you can contribute to the mission of Akshaya Patra at click of a mouse @ https://www.akshayapatra.org/ .

Advertisements
Posted in General Books | Leave a comment

OS command injection/remote command execution

Following are few examples of OS command injection/remote command execution
Eg#1
/* following program mimics cat command in unix which prints the content of file */
#include
#include
#include
#include

int main(int argc, char **argv) {
char cat[] = “cat “;
char *command;
size_t commandLength;

commandLength = strlen(cat) + strlen(argv[1]) + 1;
command = (char *) malloc(commandLength);
strncpy(command, cat, commandLength);
strncat(command, argv[1], (commandLength – strlen(cat)) );

system(command);
return (0);
}

/* compile and execute the program */
// contents of the directory are printed

$ ./catWrapper Story.txt
When last we left our heroes…

/* now execute, with following command line agrument */
$ ./catWrapper “Story.txt; ls”
When last we left our heroes…
Story.txt doubFree.c nullpointer.c
unstosig.c www* a.out*

$ ./catWrapper “Story.txt;rm -rf *”
When last we left our heroes…
// all files files and folders under current directory are deleted

$ ./catWrapper “Story.txt & rm -rf /tmp/1” /* deletes content under directoy/files /tmp/1 */
$ ./catWrapper “Story.txt && rm -rf /tmp/1” /* deletes content under directoy/files /tmp/1 */
$ ./catWrapper “Story.txt | rm -rf /tmp/1” /* deletes content under directoy/files /tmp/1 */

EG#2
Consider the following program

#include
#include
#include
#include

int main(int argc, char **argv) {

char* home=getenv(“APPHOME”);
char* cmd=(char*)malloc(strlen(home)+strlen(INITCMD));
if (cmd) {
strcpy(cmd,home);
strcat(cmd,INITCMD);
execl(cmd, NULL);
}

}

In this example, the attacker can modify the environment variable $APPHOME to specify a different path containing a malicious version of INITCMD. Because the program does not validate the value read from the environment, by controlling the environment variable, the attacker can fool the application into running malicious code.

Eg#3
/* Following PHP code is vulnerable to command injection */
<?php
print("Please specify the name of the file to delete");
print("

“);
$file=$_GET[‘filename’];
system(“rm $file”);
?>

If user provides the following input
http://127.0.0.1/delete.php?filename=bob.txt;id

Along with deleting the file, id command is also executed and the output is displayed to user.’id’ command can be replaced by any other command also.

Remediation:
One of the methods to avoid OS command injection is to sanitize the input provided by user before executing them i.e validate the argument provided by user by checking against only allowed character making sure, user argument does not contain any invalid characters.

Following are few of the characters which can be used in command injection
&,&&,|,||,;,^,>,>>,<,<<, enviornment variables

cmd1|cmd2 : Uses of | will make command 2 to be executed weather command 1 execution is successful or not.
cmd1;cmd2 : Uses of ; will make command 2 to be executed weather command 1 execution is successful or not
cmd1||cmd2 : Command 2 will only be executed if command 1 execution fails
cmd1&&cmd2 : Command 2 will only be executed if command 1 execution succeeds

OS command injection can be done in 'C' with system and exec system calls

References and more information can also be found below
1. https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)
2. https://www.owasp.org/index.php/Command_Injection
3. https://www.thesecurityfactory.be/command-injection-windows.html

Posted in C Section, General Tech Discussion | Leave a comment

Application Security

Application security
Applications deployed are vulnerable to various kind of attacks from hackers. As such when applications are designed/coded, care should be taken to avoid any such attacks. QA team should also consider writing test cases to validate for any such known attacks. Following are the most common type of attacks

1. OS command injection/remote command execution
In this type of attack, arbitrary commands are executed in remote host. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application.
2. Code injection
In this type of attack, code specific to programming language is interpreted/executed by the application and as such is limited to programming language used.
3. SQL injection
This type of attack consists of insertion of SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system.
4. Cross site scripting XSS
In this type of attacks malicious scripts are injected into trusted or legitimate web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

More on each above topics to follow soon.

Posted in C Section, General Tech Discussion | Leave a comment

Sticky bit

Sticky bit on files
Sticky bit can be set on files for faster loading of program which in turn reduces the delay in execution of the binary. When a process executes a file that has its sticky bit set, the kernel does not release the memory allocated for text when it later detaches the region during exit or exec, even if the region reference count drops to 0. the kernel leaves the text region intact with inode reference count 1, even though it is no longer attached to any process. When another process execs the file, it finds the region table entry for the file text.
The process startup time is small, because it does not have to read the text from file system. If the text is still in momory, the kernel does not do any I/O for the text; if the kernel has swapped the text to a swap device, it is faster to load the text from swap device than from the file system.

As per some articles, this feature is is of no use because, with the evolution of technology, fast memory access techniques evolved which kind of obsoleted the requirement of sticky bit for for faster loading of programs.

Eg:
[root@iwf1114163 testdir]# touch testfile
[root@iwf1114163 testdir]# ll
total 0
-rw-r–r– 1 root root 0 Sep 3 11:14 testfile
[root@iwf1114163 testdir]# chmod +t testfile
[root@iwf1114163 testdir]# ll
total 0
-rw-r–r-T 1 root root 0 Sep 3 11:14 testfile
[root@iwf1114163 testdir]# chmod -t testfile
[root@iwf1114163 testdir]# ll
total 0
-rw-r–r– 1 root root 0 Sep 3 11:14 testfile
[root@iwf1114163 testdir]# chmod 1544 testfile
[root@iwf1114163 testdir]# ll
total 0
-r-xr–r-T 1 root root 0 Sep 3 11:14 testfile
[root@iwf1114163 testdir]# chmod 555 testfile
[root@iwf1114163 testdir]# ll
total 0
-r-xr-xr-x 1 root root 0 Sep 3 11:14 testfile
[root@iwf1114163 testdir]# chmod +t testfile
[root@iwf1114163 testdir]# ll
total 0
-r-xr-xr-t 1 root root 0 Sep 3 11:14 testfile

For setting the sticky bit either of the following command can be used
chmod +t testfile
chmod 1544 testfile

To remove the sticky bit
chmod -t testfile
chmod 544 testfile

If both execute bit and sticky bit are set, ‘t’ will be the permission bit
If only sticky bit is set, ‘T’ will be the permission bit

——–t Sticky bit and other execute bit are both set.
——–T Sticky bit is set and other execute bit is not set.

Sticky bit on directories
The sticky bit is a permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. This special permission prevents a user from deleting other users’ files from public directories such as /tmp
/tmp directory in unix has sticky bit set. Any user can create files under this directory. But only root or owner of the file can delete/rename the files under this directory.

Eg:
[root@iwf1114163 /]# mkdir tmp3
[root@iwf1114163 /]# chmod +t tmp3
[root@iwf1114163 /]# ls -l tmp3
drwxrwxrwt 2 root root 6 Sep 3 11:22 tmp3
[root@iwf1114163 /]# cd tmp3
[root@iwf1114163 tmp3]# su nan1
[nan1@iwf1114163 tmp3]$ touch nan1-file
[nan1@iwf1114163 tmp3]$ ll
total 0
-rw-rw-r– 1 nan1 nan1 0 Sep 3 11:23 nan1-file
[nan1@iwf1114163 tmp3]$ exit
exit
[root@iwf1114163 tmp3]# su nan2
[nan2@iwf1114163 tmp3]$ rm nan1-file
rm: remove write-protected regular empty file ânan1-fileâ? y
rm: cannot remove ânan1-fileâ: Operation not permitted
[nan2@iwf1114163 tmp3]$

If both execute bit and sticky bit are set, ‘t’ will be the permission bit
If only sticky bit is set, ‘T’ will be the permission bit

——–t Sticky bit and other execute bit are both set.
——–T Sticky bit is set and other execute bit is not set.

References
1. http://www.thegeekstuff.com/2011/02/sticky-bit-on-directory-file/
2. The design of the unix operating system by Maurice J.bach
3. https://docs.oracle.com/cd/E19683-01/806-4078/secfiles-69/index.html
4. http://foralllinux.blogspot.in/2013/04/set-setuid-setgid-and-sticky-bit-in.html

Posted in Unix and Unix Internals | Leave a comment

Three Thousand Stiches

by Sudha Murty
What a wonderful book. Every chapter of the book is an interesting read. Most of the content in book is about Infosys foundation and the work done by it. Most of us think, running an NGO/charitable organization is a easy task but Sudha madam has explained the difficulties of running the organization. Couple of chapters are on personal life of author, which are also interesting.
Book is about the real life difficulties/problems/issues which most of us many not be aware of or cannot imagine can people/life be so cruel but that’s the reality i think.

I am sure whoever starts reading the book wil complete it without leaving any chapter. This is the first book of the author i have read which has inspired to read more books of the author.

Happy Reading!!!

Posted in General Books | Leave a comment

Executing commands on windows host from unix host

Many a times we may need to execute commands in host#2 from host#1, where in host#1 and host#2 can be windows or unix hosts. In this post I will be providing information on how to run commands from unix host (host#1) which gets executed on host#2 which can be a windows or unix host.

If host#2 is a unix host sshpass command be used on host#1 to execute commands on host#2. sshpass can be downloaded here
If host#2 is a windows host, winexe command can be used to host#1 to execute commands on host#2. Winexe can be downloaded here.

Both sshpass and winexe will be installed in host#1 and nothing needs to be installed in host#2. Commands gets executed on host#2 and any output will be displayed in host#1 which can be used for any further processing.

Posted in General Tech Discussion | Leave a comment

Zero to One

by Peter Thiel with Blake Masters. This book is all about startups.
What is zero to one ?. Creating something which does not exist is zero to one. Replicating an existing thing is one to N which is a wonderful concept. Startup’s always work form 0 to 1 and as such the name of book. Author has explained various things about how startup operate, how do they build product with minimum value proposition, releasing the product to market and various other stuff. Book also has some details about past 1998-2000 dot com boom where in everyone was willing to join a startup or start his own and what eventually led to the .com burst.

Author has explained couple of important things about founders and co-founders of company. Choosing co-founders while starting a company is very crucial. If the frequency of the founders does not match, company will cease to exist in future because of difference in opinion between founders. If one is joining a startup again it’s important to analyze the founding members to avoid undue risk in future. Also explained in detail are salary of founders and stock options provided to founders and employees and what could be worth of the stocks in future.

Overall a good book to read.

Posted in General Books | Leave a comment