Clawfinger memories 2018

This is from 25 years DDB show in Alkmaar, Netherlands.

Posted on December 25, 2018 at 8:57 pm by sergeyt · Permalink · Leave a comment
In: Life

ROP interactive guide for beginners by Vetle Økland

Just yesterday came on a post on reddit that pointed me to an amazing “Interactive Beginner’s Guide to ROP”. It’s nicely worded and has a couple of puzzles which I, as a total newbie, found very exciting. Leaving the solutions below for a later me…

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x00\x00\x00\x00\x0e
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x00\x00\x00\x00\x0e
Posted on December 19, 2018 at 10:44 am by sergeyt · Permalink · Leave a comment
In: Security

Where GREP came from – Brian Kernighan

Posted on July 6, 2018 at 10:27 pm by sergeyt · Permalink · Leave a comment
In: Apple, FreeBSD, HP-UX, Linux, Solaris

When the past meets the future

The subject says it all.

Posted on June 9, 2018 at 6:24 pm by sergeyt · Permalink · Leave a comment
In: Life

Upgrading to MySQL 8? Think of the default authentication plugin

As explained in a post at mysqlserverteam.com the default authentication plugin has been changed from mysql_native_password to caching_sha2_password. And that would certainly break all PHP-based applications because at the time of writing PHP doesn’t support caching_sha2_password. Please, keep an eye on the related request #76243. Once it’s implemented it would be possible to switch to caching_sha2_password but till then use “default_authentication_plugin = mysql_native_password” in your my.cnf file or start mysqld with –default-authentication-plugin= mysql_native_password.

Posted on May 15, 2018 at 10:15 am by sergeyt · Permalink · Leave a comment
In: MySQL

“WT_CONNECTION.open_session: only configured to support 20020”

Frankly speaking, the explanation provided in SERVER-30421 and SERVER-17364 is a bit vague and “hand wavy” to me but at least there are steps that could help mitigate it:

  1. Decrease idle cursor timeout (default value is 10 minutes):
    In mongodb.conf:

    setParameter:
      cursorTimeoutMillis: 30000
    

    Using mongo cli:

    use admin
    db.runCommand({setParameter:1, cursorTimeoutMillis: 30000})
    
  2. Increase session_max:
    storage:
      wiredTiger:
        engineConfig:
          configString: "session_max=40000"
    
Posted on February 22, 2018 at 9:26 am by sergeyt · Permalink · Leave a comment
In: MongoDB

Changing Oplog size or when root role is not enough

Managing MongoDB sometimes involves increasing Oplog size sine the default setting (5% of free disk space if running wiredTiger on a 64-bit platform) is not enough. And if you’re running MongoDB older than 3.6 that requires some manual intervention described in the documentation. It’s pretty straightforward even if it requires a node downtime as part of the rolling maintenance operation. But what is more important is that the paper glosses over the fact that to be able to create a new oplog just having “root role” is not enough.

> db.runCommand({ create: "oplog.rs", capped: true, size: (32 * 1024 * 1024 * 1024) })
{
	"ok" : 0,
	"errmsg" : "not authorized on local to execute command { create: \"oplog.rs\", capped: true, size: (32 * 1024 * 1024 * 1024) }",
	"code" : 13
}

Granting an additional “readWrite” role on “local” db fixes the problem:

db.grantRolesToUser("admin", [{role: "readWrite", db: "local"}])

As stated in SERVER-28449 that has been done intentionally:

This intentional and is due to a separation of privileges. The root role is a super-set of permissions affecting user data specifically, not system data, therefore the permissions must be explicitly granted to perform operations on local.

So, please, keep that in mind and don’t flip out =)

Posted on February 2, 2018 at 9:34 am by sergeyt · Permalink · Leave a comment
In: MongoDB

Yandex internal CTF 2017

This year CTF at Yandex brought not only the excitement and sleepless nights but a bunch of awesome swag.

Posted on December 6, 2017 at 7:40 pm by sergeyt · Permalink · Leave a comment
In: Life, Linux, Security

No video during the flight

Don’t know what version of Linux they were running but looks like one of the following code paths triggered the issue:

static int pca953x_read_regs(struct pca953x_chip *chip, int reg, u8 *val)
{
	int ret;

	ret = chip->read_regs(chip, reg, val);
	if (ret < 0) { dev_err(&chip->client->dev, "failed reading register\n");
		return ret;
	}

	return 0;
}
static int pca953x_read_single(struct pca953x_chip *chip, int reg, u32 *val, int off)
{
	int ret;
	int bank_shift = fls((chip->gpio_chip.ngpio - 1) / BANK_SZ);
	int offset = off / BANK_SZ;

	ret = i2c_smbus_read_byte_data(chip->client,
				(reg << bank_shift) + offset);
	*val = ret;

	if (ret < 0) { dev_err(&chip->client->dev, "failed reading register\n");
		return ret;
	}

	return 0;
}
Posted on November 13, 2017 at 10:09 am by sergeyt · Permalink · Leave a comment
In: Life, Linux

Things to keep in mind about HTTP/2

This talk is just unbelievably helpful.

Posted on September 21, 2017 at 9:52 am by sergeyt · Permalink · Leave a comment
In: Uncategorized