Say I’m having the following configuration on a unix system:
usr : grp (User usr is of group grp). In addition I have group gurus.
And I’m running ls -l and get the following output:
-r--rw--w- 1 usr gurus
Does usr have a write permission of this file? i.e does the ‘other’ class means “the whole world” or “not an owner nor a group member”?”
The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices–as soon as attackers find out a server or camera or baby monitor is running linux, they instantly know volumes about how it works. They know that commands like
sudo are big juicy targets and they know that shell access will bring with it gobs of useful tools like
RRI6e29 commands instead of
ls? Imagine a hacker that somehow gained remote root access–what are they even going to do if they don’t know any commands?
Implementation would be fairly easy for compilers. Take the simplest case of “rename this function and all calls to it.” You could give an OS compiler and an application compiler the same randomized names and they’d be able to talk to each other. But even if the application has poor security and is vulnerable to bash injection, such attacks would be fruitless.
Obviously this technique can’t be used in all scenarios. Setting aside scenarios like servers maintained by human sysadmins, it seems to me that any device or server managed by automation is a prime candidate for this defense.
I guess the question(s) needs to be a bit more concrete:
- Is OS obfuscation as described used widely and I just haven’t encountered it?
- If not used widely, what are the practical or technical barriers to usage?
How different is reverse engineering windows applications from unix based applications? Would learning one be very different from the other.
When did Unix move away from storing clear text passwords in passwd? Also, when was the shadow file introduced?
i’d like to run a script, say convert.py (which converts binary to ascii, but outputs to stdout) on 30 or so *.gz files, but instead of output going to screen, it goes to a *.txt file, similar to so: convert.py jonny.gz > jonny.txt how would i do it with a for loop or find command? thanks
Is the server running locally and accepting connections on Unix domain socket “/var/run/postgresql/.s.PGSQL.5432”? – – –
My Os is windows 10 and I am using a jupyter notebook from anaconda prompt.
When I type !pwd it works, When I type !ls -l it works, But when I want to chain the commands and output them to an output file e.g. !(pwd; ls-l) > out.txt it says: “pwd: unknown option — l Try ‘pwd –help’ for more information.”
Does anyone know how to chain these commands and output them to a file?
Thank you in advance
Hypothetically if there were an OS named YAOS(yet another OS) written in ALWAC (Another language with another compiler), assuming ALWAC is assembly optimized of course. Would ALWAC be comparable to C in performance, given that C is the fastest language that there is.
To rephrase the question: Would it be a good idea to write a language specifically for a kernel plugin like Symbian OS, Purity OS or Nutanix OS to speed up the development without compromising C like performance? A language native to an OS/kernel module, if you will. I mean, C came after Unix, historically, which is what raised this doubt.
I am doing a failover activity between 2 data centers.
In 1 data center, 1 Oracle database on Linux is replicating data to 1 SQL Server database on Windows using a replication tool.
There is storage level replication for the Windows server, so during the failover activity, the entire VM will failover with the same name, except with a different IP address.
The source is sending a SYN to the (new) target, but there is no evidence that the data packet is reaching the target, and there is no SYN/ACK being sent back.
How can I troubleshoot connectivity to find out if the problem is with Network firewall, Unix server, or Windows server?
(all teams say that there’s no issue from their side)
Should I log into both servers and run telnet with IP and port, or is there a better way?
Recently I try to install mysql on my MacBookPro,but can’t start server with logs:
[ERROR] Can't start server : Bind on unix socket: No such file or directory [ERROR] Do you already have another mysqld server running on socket: /tmp/mysql.sock ?