Admin Magazine #25: Secure Programming Techniques
In February this year this article came out in the UK, EEUU and Australia. Its main focus is on the different modern protections available for GNU/Linux distributions to prevent malicious users from exploiting software flaws, like stack overflows and the like. Although it is, indeed, quite a difficult topic, it is relatively easy to pin-point some basic tools and practises to stay a bit more secure whenever writing, compiling or using GNU/Linux software. Apart from introducing the modern protections like NX, PIE, Canary Stack, Full and Partial RELRO, etc, it shows a real example where a bad design and erroneous implementation can lead to a successful exploitation. Concretely, it dissects a dynamic molecular simulation code, written some time ago by a PhD student, where the .got.plt table can be overwritten, thus altering the program’s execution path in a quite dangerous way.
The idea of the article is to remark how important is, on a modern GNU/Linux Box, to be aware of any single old-running code (that is, legacy code or ancient-code), that is still running. This is so because this piece of software, more certainly, will not have any modern protection enabled, therefore exposing the whole system to malicious users. It introduces some external utilities that can be used to locate these programs, and how they can be recompiled by running the Gnu GCC compiler with certain flags to avoid exploitation.
Linux User & Developer #155: Debug your own Linux software like a pro
Last month, this article came out in the UK. This time, its focus is on debugging techniques – by means of using the Gnu Debugger (gdb) along with the objdump utility – part of the binutils package – on a Debian GNU/Linux box to solve two real cases where the software misbehaved or crashed. The main idea is to show how, even when one is just an ICT expert trying to fix common issues, having a debugger’s perspective can indeed save the day!
Two real cases previously discussed in this BLOG have been chosen to illustrate the article. The first one concerns an awful BUG affecting Libre Office when opening a particular Microsoft Excel Spreadsheet. The second real case shows how to fix a double-free corruption error on the ATI Installer program.
You can buy the magazine from the Imagine Publishing Online Shop.
I am currently working on a couple of new ideas for maybe one or two more articles. I do like to write articles that tend to show a different approach for well-known issues. That’s why I write an article after having spent a lot of time working on a particular subject, never before that. So, armed with a couple of pitches, I am now in the process of doing some research and tests … be patient and stay tuned!