Go to content Go to navigation Go to search

More sudo goodness

2009-06-10 21:39 -

I’m working on a few projects at Google that require adding things to the sudoers file to permit a role user a very limited set of privileged commands on a very limited set of machines.

Unfortunately, the current way of handling this in anything but the very latest Debian Sid/Ubuntu Karmic is rather poor – one needs to add line by line to /etc/sudoers, removing any outdated entries, and then check the integrity using visudo.

Wouldn’t it be nice if there were a sudoers.d equivalent? Well, there is the #include directive in sudo 1.7.0, but none of the stable shipping debian-based distributions have anything newer than sudo 1.6.9.

Fortunately, Sid and Karmic now have sudo 1.7.0, meaning that it’s now sane to backport their sudo packages to the LTS editions of Ubuntu in use at Google. I’ve done this using prevu for Ubuntu dapper and hardy and verified that the packaging works without modification – just rebuild and deploy.

The bug is located at https://bugs.launchpad.net/hardy-backports/+bug/384100 should some kind souls wish to try the backport and report back on the results :) – instructions on using prevu are at https://wiki.ubuntu.com/Prevu should one not wish to trust me with building sudo binaries ;).

Words?

Mailman-Reencrypt 0.09-prealpha

2007-05-14 09:56 -

I was trying to figure the best way of using a company-owned GPG/PGP key to decrypt inbound confidential communications arriving at a group inbox without giving each user the private key for the company key. The solution had previously been devised by Mr. Bad <mr.bad@pigdog.org> in the form of a Mailman filter named mmreencrypt – however, the script was written in 2000 and Mailman’s APIs have changed in such a manner as to render mmreencrypt incompatible. The idea is to decrypt and immediately re-encrypt to all list recipients’ individual keys.

I’ve devoted some of this past weekend to porting it to work with Mailman 2.1.9; the retitled project is now named Mailman-Reencrypt and is available from http://www.ctyalcove.org/~elizabeth/Reencrypt.py (sig) – it remains under the GPL as a derivative work. I’ve bumped the version number up to 0.09-prealpha from 0.06.

Features:

Bugs:

Words?

OpenID/Typekey and Textpattern 4.0.4

2007-05-11 10:26 -

As it seems that Kurt’s SVN repository has gone down, I found myself in the unenviable position of having to upgrade my 4.0.3 install to 4.0.4 without having the ability to generate a good changeset to re-apply to 4.0.4 after a clean upgrade. I ended up reviewing a couple thousand lines of diffs, paring out Kurt’s work to save it. Currently, the external comment services are somewhat broken, but they are also somewhat working so I’m hopeful that it won’t be too difficult to re-integrate them with 4.0.4, and I’ll host a diff once I have something finalized.

Words? [2]

An urgent message about Windows security.

2006-01-01 23:58 -

From an e-mail sent out to Dabney and Blacker about 24 hours ago, if you read this blog and haven’t heard it elsewhere.

As you may or may not know, there’s an exploit in the wild that will allow an attacker to take complete control of your user account in Windows if you simply view a webpage containing a specially crafted image file created by the attacker. This includes forums, weblogs, websites, and many other places you may commonly visit, where users can post content – it’s not necessarily limited to underworld sites. Internet Explorer will allow the attack without any notification to you that it is happening, or opportunity to block it, while Firefox will display a notice that the website wants to use “Windows Picture and Fax Viewer” to open a file (which you should say cancel/no to). If such an exploit file gets on your machine, and you have Google Desktop Search, you will get infected even if you never open the file. It’s pretty nasty, and can be used for any number of nefarious purposes, including logging your keystrokes, collecting credit card numbers, using your machine to send spam, installing spyware, etc.

The reason for the sudden urgency is that someone has recklessly published code which will allow anyone to create a new .wmf file with random content that runs commands of the attacker’s choosing, and which is entirely different from any other such .wmf files, rendering it very difficult to catch with antivirus software. This means that the infection rate is likely to skyrocket – already, allegedly, “McAfee announced on the radio [Dec. 30] they saw 6% of their customer having been infected with the previous generation of the WMF exploits. 6% of their customer base is a huge number.”

There is no patch from Microsoft available at the present, but there are two steps which will act as a temporary workaround until Microsoft issues a patch. I’ve taken this action on all the Blacker/Dabney lab computers I am responsible for, recommended that the Puzzle Pirates staff take this action, and I recommend that you do the same to your personal computers, as well as avoiding usage of Internet Explorer for the time being:

  1. As an admin user:
    start->run
    regsvr32 -u windir\system32\shimgvw.dll
    (A dialog box will pop up saying that shimgvw.dll has been successfully unregistered)
  2. Download http://handlers.sans.org/tliston/wmffix_hexblog13.exe to your computer. Run it as administrator, and it will prevent the
    vulnerable functions from being called.
  3. Reboot your computer following the preceding two steps.

When an official patch from microsoft is released, you can undo the changes by uninstalling the hotfix from add/remove programs, and doing start-run, regsvr32 windir\system32\shimgvw.dll

Please follow these directions as soon as humanly possible, to prevent your own machine from being compromised, as well as helping stop the spread of the epidemic in general. I personally find it ridiculous that the exploit and vulnerability were announced on December 27th, and Microsoft has still not produced a patch – any exploit triggered without warning by viewing a webpage in Internet Explorer is Really Bad.

With the recent phpBB vulnerabilities as well, I’m worried about a “Perfect Storm” worm situation, in which compromised Windows PC’s compromise phpBB boards and insert malicious .wmf files in the headers/footers, infecting further users, ad nauseum. Granted, this is more sophisticated than most current exploits, which only are confined to reproducing only on either the client or server end, and are placed on the server end by manual cracking techniques. It’s not something I’d put past the black hats, though.

Liz

References:

I’ve written more than a few diaries, and I’ve often been silly or said funny things, but now, I’m being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
bq. This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice – unregister shimgvw.dll and use the unofficial patch. You need to trust us.

Words? [1]

Progress on Sidekick development

2005-12-19 03:27 -

Background information for the non-technically inclined:
I own a T-Mobile Sidekick II/Danger Hiptop. It’s a combination PDA/cellphone designed mostly for text messaging and e-mails, although it’s not half-bad as a phone. It’s why you’ll find me online nearly 24/7, although you may not catch me awake. The Sidekick runs on a Java operating system, and the toolkit to write new applications for it is basically publicly available – but you can only get an unlock code to install un-QAed applications on your device if you’ve made significant progress on an application and tested it using the simulation code they provide on your computer. I’m currently trying to learn about the operating system so I can write my own applications for my own Nefarious Purposes™.

I’ll probably write more about the Sidekick some other time (because I have some pretty glowing things to say about it), but I’m awfully tired after having gotten myself locked into ‘code mode’ for about 12 hours except a break for dinner.

(cross-post to the Danger Developer Zone)

I’m proud to announce the results of my past day’s fiddling around with ant and the SDK.
I’ve created a build_contrib.xml file which meshes with the existing build_common.xml file using the minimum number of changes possible. The build_contrib.xml file allows for you to easily insert targets to be run before and/or after compilation of your source files without the need to modify build_common.xml each time. There is support for folding external libraries into your code at compile-time and at bundling time, as well as automatically running your code through proguard and retroweaver. The result is smaller, harder to reverse-engineer, class files, and the ability to use Java 1.5 language features which can be bytecode-woven to the 1.3 bytecode the bundler expects.

If the external libs directory for a given project, retroweaver or proguard, or even build_contrib.xml are missing, the modifications to build_common.xml will gracefully revert to the old behavior.

You can download the diff file for tools/build_common.xml and the other necessary files at:
hiptop-sdk-contrib-0.9.1.tar.gz
hiptop-sdk-contrib-0.9.1.zip

I do not have a developer key, so I’m unable to verify that the applications work on the real devices, but I’ve put things through their paces in the simulator. Hopefully this saves someone a day or two of head-scratching.

I guess I’ll get onto the real work of doing application development now that I’ve gotten my favorite tools working, and can import the Narya libraries into the test app at build time instead of having to kludge around with having the library tree in the test application source tree. :)

Words?

OpenID and TypeKey support

2005-12-18 16:46 -

I’ve installed the branch. It works, mostly, except a few tweaks I made which I’ll send upstream. If you happen to be reading this and have OpenID or TypeKey, please try it out to verify that it actually works :).

Now, back to what I was supposed to be doing for the past 24 hours, working on porting Narya to the Sidekick/Hiptop...

Words?

Liz, use the Wiki! The Wiki is your friend!

2005-12-18 14:27 -

So I was reading the OpenID Wiki and I found TextPattern consumer/server in the table of software under development. I guess that solves that gripe.
Since Kurt Raschke, the author, uses svk to synchronize things with the upstream Textpattern sources on a semi-daily basis, I think I might just follow his branch entirely. Yarr.

I also fixed the problem with my OpenID authentication booching – for the curious, the solution was this:

RewriteRule ^(.*) /~elizabeth/index.php?s=about

I can’t believe I missed something so simple, but then sleep deprivation isn’t the best brain food.

And while I’m screwing around with the blog, I found instructions for making tilable backgrounds. The internet is truly an amazing resource.

What I did:

Words?

On blog software.

2005-12-18 03:35 -

So far, I’m finding Textpattern quite slick and nice – the hitches I had while configuring it were entirely my own fault due to a desire to use mod_rewrite for uses that were nontrivial to implement:
So I’ve got http://www.ctyalcove.org/~elizabeth/ running, and a LOT of people currently link there. I’d also have liked to have this blog accessible via both the old link and http://elizabeth.caltech.edu – but sadly, this is Pretty Darn Difficult. What I ended up doing was just putting this in the .htaccess file for the directory:

RewriteRule ^(.*) http://elizabeth.caltech.edu/about

and setting the virtualhost config to have the blog rewrites turned on and setting AllowOverride None. It’s annoying, but it’ll do for now.

Getting my old website template imported was a breeze, except I’m now realizing I need to make that left hand banner wrap around on itself at top and bottom ends using some crazy GIMPing so I can set background-repeat: repeat-y in the css, instead of having things look ugly the way they currently do. The text formatting certainly is taking getting used to (since I’m mostly used to wiki syntax and just coding things by hand in XHTML 1.1), but it’s very nice compared to BBCode markup for the various forum packages I’ve used in the past.

Oh, and by the way – draft articles rock my socks – I can start writing something and walk away, and come back to it later, instead of feeling compelled to store everything up in my cranium before pouring it all out.

The one fault that I have with it, which I absolutely, imperatively, will have to fix, is the lack of private posts and user identity management – I should be able to use OpenID to authenticate anyone wishing to post a comment, and to allow only certain people to read certain entries. Perhaps another day, as it seems like a lot of kludging will need to happen. For the curious, if you want a standalone OpenID server (i.e. what you want to run yourself to allow authenticating yourself to other sites) implementation, I recommend Taral/Nand’s implementation, which I’ve merged together and put up here. Hasn’t been updated in a while, but definitely Just Works.

Edit: darn, I know why I’m upset with my ‘solution’ to the mod_rewrite problem. I broke my OpenID because of the redirect, so OpenID sites now think I’m elizabeth.caltech.edu/about instead of ctyalcove.org/~elizabeth, which is uber-annoying.

Words?