Thursday, December 24, 2009

Warning: the `gets' function is dangerous and should not be used.

Strange title? Many novice programmers encounter this peculiar statement when they compile their very first string based C programs. Surprisingly, many just decide to ignore it and not a lot of stress is put on students in their programming career about the seriousness of that simple warning.

The basic definition of 'gets' from Wikipedia:

"gets is a function in the C standard library, declared in the header file stdio.h, that reads a line from the standard input and stores it in a buffer provided by the caller.

Use of gets is strongly discouraged. It is left in the C89 and C99 standards for backward compatibility (but officially deprecated in late revisions of C99). Many development tools such as GNU ld emit warnings when code using gets is linked. The programmer must know a maximum limit for the number of characters gets will read so he can ensure the buffer is big enough."

The last line is something that I would like to stress on. Basically a buffer in C is a block of memory allocated for any arbitrary use such as storing a string of characters. A buffer is also limited on size as defined by the programmer. Now imagine a programmer allocates 10 characters in a buffer so our buffer would look like:

size = 10 <====10====>
buffer => [_|_|_|_|_|_|_|_|_|_]Adjacent Memory=>

Now our buffer needs to hold some data like a string of characters. Here is where 'gets' comes in. gets fetches an input from the user and stores it in the buffer. But here is where the problem also comes in. 'gets' job is to get the data and store it in the buffer and not to check how big the data is. Therefore if someone entered a string of 11 characters then we would have a infamous situation called a "Buffer Overflow".

After entering: "Hello World" => 11 characters including the space, the adjacent memory is overwritten.

size = 10 <====10====>
buffer => [H|e|l|l|o|_|W|o|r|l]ddjacent Memory=>
Memory Overwritten----------^

A buffer overflow results in the extra data being written in the adjacent areas of the memory. Now this may cause a problem like a crash but also poses a security threat as malicious users can utilize this flaw to write certain data of their choice to make the application behave in their chosen way. Thus that is why one should avoid the use of 'gets' in their programming and try for more safe operations like 'fgets' which checks the size of data before putting it into the buffer.

Have a safe Merry Christmas!!

Friday, December 18, 2009

Mesa DRI to the rescue!

Following up to my last post, I would say that I have found a replacement for the proprietary catalyst driver and that is the "mesa-dri-drivers-experimental" package. People with Fedora 12 and cards < [ATI R-HD 5xxx] should give them a go. Compiz works flawlessly and video playback has no issues also. I also have not had a crash till now. Driver seems pretty stable given its "experimental" name. Not sure about games though but they should also be fine. Installing the driver is as easy as doing:
# yum install mesa-dri-drivers-experimental
and a reboot. I would recommend them for anyone troubled by the proprietary ATI crap.

ATI Catalyst 9.12 - No F12 Support Yet!




Yesterday ATI released version 9.12 of their catalyst driver suite. This version had been anticipated to be a major jump from 9.11 as far as performance was considered. Also, eager driver starved Fedora 12 (ATI GFX Card) users like me were waiting fingers crossed as 9.11 did not support Xorg 1.75. Well, it seem we have to wait longer as this release also does not support 1.75.

As far as performance goes, Windows users report a significant improvement thus anyone with a ATI card should go ahead and update their drivers.

Monday, December 14, 2009

Sqlite-EXT4 Performance Regression

People using Fedora 11 and beyond (or maybe any other linux distro for that matter) would notice a major loss in performance while working with SQlite if their partitions are formatted to EXT4. Applications like liferea take ages processing new feeds and at the same time, the HDD gets thrashed.

After banging my head at it and countless google searches, I came across a thread that explained the problem cleanly:

http://bbs.archlinux.org/viewtopic.php?pid=498350#p498350

It turns out EXT4 has a feature called "Barriers" and that is where all the extra overhead comes from. A thorough explanation is here and I would suggest a read: http://lwn.net/Articles/283161/

Anyway, for me, performance is more important so I disabled barriers on my root partition. The procedure is rather easy and just requires a file edit

$> su
#> vim /etc/fstab

There should be a line like:

"UUID=blahblahblah-blah-blah-blah-blahblahblahblah / ext4 defaults 1 1
"

Modify the line by changing the 'defaults' to 'defaults,barrier=0' so it becomes like:

"UUID=blahblahblah-blah-blah-blah-blahblahblahblah / ext4 defaults,barrier=0 1 1"

And reboot. This should disable barriers.

NOTE: This will only change the barrier setting on the root partition, if there are other partitions with EXT4 filesystem and you would like to apply the setting to them also, then the fstab file needs to changed for those partitions also.

Thursday, December 3, 2009

0day FreeBSD Exploit in the wild!!!

Users of FreeBSD are being pushed to update their software as a 0day exploit has been surfaced. The exploit gives full root access on any vulnerable system. Also it should be noted that it is a local exploit and not something that can be triggered remotely. The flaw affects versions 8.0 and 7.1 of FreeBSD. A post on the full disclosure mailing list read:
"The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like “ping” or “su”. With a rather simple technique rtld can be tricked into accepting LD variables even on setugid binaries. See the attached exploit for details."
A patch is available and can be taken here: http://people.freebsd.org/~cperciva/rtld.patch

The actual exploit can be taken here: http://seclists.org/fulldisclosure/2009/Nov/371
Note: The exploit's link is provided for testing/experimentation purposes and not for malicious purposes.

Fedora 12 Out!


The next gen version of the Fedora Project's Flagship distro is out... Fedora 12. Code named 'Constantine'. This release brings multiple fixes and features some notably being:
  1. Gnome2.28
  2. XZ Rpm Payloads
  3. Abrt 1.0
  4. Dracut
  5. NetworkManagerIPv6
  6. Volume Control Continued
  7. x86 Support
and much more!... full list is here: http://fedoraproject.org/wiki/Releases/12/FeatureList