Author Archives: Enrico

openssl heartbleed

Posted on January 2, 2019 by Enrico

有用到openssl 需要注意他的漏洞更新,這邊提到的是大約2014年中的一個重大漏洞,屬於implementation flaw,同年的還有ShellShock和POODLE。作為許多軟體的底層元件,在當時影響的層面相當廣泛(參考: https://en.wikipedia.org/wiki/Heartbleed) https://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed/這篇主要描述了openssl heartbleed bug(CVE-2014-0160),主要是利用heartbeat會response echo傳來的訊息,而在程式中沒有做message size boundary check 而依賴在protocol中由client提供的16bits length (存在payload變數), hbtype為message type,因為是16bits 所以最多可以echo 64kb的資料,因此可以從response拿到一些存在heap記憶體的資料,透過大量的request一直malloc free,其中可能可以拿到之前request帶的敏感資訊而進一步攻擊 有問題的點在上面的memcpy 將p1的內容複製到bp,共payload個bytes,而payload又是直接讀取content轉出來 n2a(p, payload) 那一行 測試可參考https://github.com/mpgn/heartbleed-PoCopenssl影響的版本為1.0.1~1.01f,實際拿apache + openssl 1.0.1c來測試就會發現能夠dump server side的記憶體內容

Posted in General | Leave a comment

docker install on CentOS 6.9

Posted on December 28, 2018 by Enrico

在epel-repo有帶1.7的docker yum -y install epel-release yum -y install docker-io #升級成1.9.1 參考 https://www.jianshu.com/p/31248c006c06 curl -sSL -O https://get.docker.com/builds/Linux/x86_64/docker-1.9.1 chmod +x docker-1.9.1 mv /usr/bin/docker /usr/bin/docker-1.7 cp ./docker-1.9.1 /usr/bin/docker docker pull centos:6.9 有問題 先關掉service service stop docker #看起來是必須升級kernel rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm yum … Continue reading

Posted in System Administration | Leave a comment

bash exclamation (!)

Posted on November 27, 2018 by Enrico

在bash處理有帶!的字串要注意他本身有其他功用(history expansion),作為字串夾在double quote時 https://www.gnu.org/software/bash/manual/bashref.html#Double-Quotes Enclosing characters in double quotes (‘”’) preserves the literal value of all characters within the quotes, with the exception of ‘$’, ‘`’, ‘\’, and, when history expansion is enabled, ‘!’. 要注意的是escape !不可用 \ backslash\! 會是 \! … Continue reading

Posted in System Administration | Leave a comment

semaphore整理

Posted on November 19, 2018 by Enrico

In computer science, a semaphore is a variable or abstract data type used to control access to a common resource by multiple processes in a concurrent system such as a multitasking operating system. (In computer science, a semaphore is a … Continue reading

Posted in General | Leave a comment

regex lib

Posted on November 14, 2018 by Enrico

在使用c++11 regex時,需要注意在gcc 4.9.0前 regex的實作是c++0x的特別是CentOS預設的gcc版本是4.8.5,此時可改用boost::regex使用以下 參考: https://stackoverflow.com/questions/12530406/is-gcc-4-8-or-earlier-buggy-about-regular-expressions

Posted in C++ Language | Leave a comment

windows elevate UAC

Posted on November 2, 2018 by Enrico

在windows csharp的程式中,如果要一開始限定執行為administrator系統管理權限,可以在manifest檔註記參考 https://stackoverflow.com/questions/2818179/how-do-i-force-my-net-application-to-run-as-administrator <requestedExecutionLevel level=”requireAdministrator” uiAccess=”false” /> 或是用程式強制重新起始為系統管理權限(放在Main起始處)參考 https://itneverworksfirsttime.wordpress.com/2012/02/27/using-uac-to-request-administrative-privileges-from-c/ 另外實測時,如果是32bit程式,在某些情況會被windows7判定為安裝程式而跳出”This program might not have installed correctly”https://docs.microsoft.com/en-us/windows/desktop/SbsCs/application-manifests可用manifest繞過Program Compatibility Assistant(PCA)https://support.microsoft.com/en-my/help/2545347/excluding-programs-from-the-program-compatibility-assistant-pca

Posted in System Administration | Leave a comment

exit process with delay

Posted on October 22, 2018 by Enrico

在nodejs中處理error發生要結束process時,可使用process.exit,但注意process.exit會立即返回特別是當要寫error log時,有可能還沒寫完就結束process了。這種情況可以利用timer來控制這裡節錄stackoverflow上的一個解法 Exit Node.js process after event loop is empty OR after timeout 以下節錄 如果時間到 event loop不為空,仍然會執行process.exit,中斷未完成的task。當然這邊會有其他的問題,因為通常發生異常必須結束時,會希望取消其他進行中的async task,單純記上error log,但許多async api並沒有取消的方式。

Posted in nodejs | Leave a comment

expressjs send file

Posted on October 19, 2018 by Enrico

在 expressjs傳送檔案可以直接使用res.sendFile或是開啟readable stream再pipe到res fs.createReadStream(fpath).pipe(res) 但在某些情況(例如video播放)這樣的方式太陽春,沒辦法seek (http byte range request) 特別是例如iOS safari browser在播放mp4影片時,會要求伺服器支援byte range request,不然不會播放。Safari Web Content Guide#Configuring Your Server HTTP servers hosting media files for iOS must support byte-range requests, which iOS uses to perform random access in media playback. … Continue reading

Posted in nodejs | Leave a comment

remote deploy with ssh

Posted on October 17, 2018 by Enrico

遠端佈署時,常常更新完檔案要重新啟動服務,使用ssh execute remote command 可以整合在script方便automation ssh $HOST COMMANDssh $HOST COMMAND1; COMMAND2; … scp SCRIPT.sh $HOST:ssh $HOST SCRIPT.sh #將多個command 放在script 以上使用SSH Key-Based Authentication的方式驗證

Posted in System Administration | Leave a comment

moment.js

Posted on October 11, 2018 by Enrico

在js的程式哩,對於時間格式處理解析與驗證可以使用momentjs, 下面簡要整理 處理不同版本js的Date對於字串解析的不一致 var a = new Date(‘2016-01-01’); ES5(解成UTC), ES2015(解成local time) mutable: t.add(1, ‘days’) 這樣會直接影響到t,如果要重複操作時 t.clone().add(1, ‘days’), value可為負數 避免在操作 add傳入小數點 處理timezone相關問題時要注意DST, daylight saving time 儘量使用.format(…)顯示描述轉成字串的格式 moment.utc(), moment().utc() 可以理解成目前是UTC timezone moment距離 x.diff(y) => x減去y 回傳 milliseconds moment.duration(milliseconds number) 再用 asDays()等的function轉單位 解析時間: … Continue reading

Posted in nodejs | Leave a comment