Bash Exploit

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)
https://access.redhat.com/node/1200223

Well I read this article whilst I was at work. Upon getting home I started up my Fedora machine and ran the following check to see if I was vulnerable.

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

I was vulnerable. But that is what I expected. Knowing that the fix might take a little time I added the suggested workaround to my firewall script.

Workaround: Using IPTables:

A note on using IPTables string matching:

iptables using -m string --hex-string '|28 29 20 7B|'

Is not a good option because the attacker can easily send one or two characters per packet and avoid this signature easily. However, it may provide an overview of automated attempts at exploiting this vulnerability.

In full knowledge that this vulnerability was/is going to get exploited I was monitoring my firewall logs. I had set the rules to log and drop the packets. Note that the work around says it can be bypassed. A couple of hours with the rule in place and nothing unusuall was being logged and I was carrying on as normal. All of a sudden 4-5 packets were caught by the rule. My system was shutdown seconds later. I susspect that this is some opportunistic scanning taking place, however I am not taking any chances until a patch is ready.

On the plus side it has given me the opportunity to boot and update my Windows machine.

Chromebook to Ultrabook

Over the weekend I spent some time removing ChromeOS from an Acer C720 and replacing it with Fedora 20. Although I still need to add a few more tweaks to the setup I have ended up with absolute bargain. I purchased the C720 as a refurbished model, this was to save a few pounds and to get a 32GB SSD rather than the 16GB version available from the Google Play store. The Fedora install and handful of applications I needed only take up around 5GB of space leaving plenty to work with. Battery life is excellent. General desktop usage easily manages 6-8 hours, streaming video/using the wifi would appear to reduce this somewhat. So for £165 inc delivery (plus a weekend of setup time) I can say I am very happy with my purchase.

Cooling Things Down

Summer is approaching and the weather is getting slowly warmer. This brings with it the annual problem of having a computer in the bedroom kicking out heat and making it too warm. Another issue that had been causing me some bother for a few years is the power settings on my graphics card, a Radeon HD6850, when running Linux. I use the open source radeon driver as keeps improving overtime and has enough of the performance of the closed source official driver for my needs. The one thing that has been lacking in my particular case has been the dynamic adjustment (radeon.dpm) of the card to keep it running cool. I have been forced to manually set the card to a low power state each time I reboot the machine. Failing to do this means the card boots up running full speed and quite happy to warm the place up. The downside is that I am always in the low power state and any tasks that might make use of a bit of extra power never get it unless its specifically enabled.

Today was time for a bit of research and a test. I had a Radeon 7850 in my other machine and decided to swap them over. It means that I have a weaker card for gaming on Windows but I don't play that many games and out of the two machines it is the one next due an upgrade. So has it made a difference? The simple answer is yes. I found that after rebooting the Linux machine with the HD7850 that it had automatically switched to using the dynamic adjustments and all was working well, one problem solved.

The heat output was the thing I really wanted to improve and I am pleased to also report a successful change (results below). I am happy with a slight decrease in temperatures along side the enabling dynamic adjustment. I continued to experiment and discovered that it can get even better. I have 2 24" Dell monitors and these can both kick out a bit of heat. Whilst I like a dual screen setup I often switch to just one (mainly to boot the Windows machine on the other). Driving just a single monitor I have noticed a further drop in temperatures (results below). This apparent temperature drop with a single monitor was not noticed when using the HD6850.

Test Conditions:
- Ambient Temperature: 22C
- System settled on normal desktop, no user activity.
- 2 connected displays @ 1920x1200

Before (HD6850 in Low Power Mode):
- GPU Temp: 65.0C
- CPU Temp: 41.4C

After (HD7850 radeon.dpm=1 balanced profile dual display):
- GPU Temp: 47.0C
- CPU Temp: 37.1C

After (HD7850 radeon.dpm=1 balanced profile single display):
- GPU Temp: 39.0C
- CPU Temp: 36.0C

An upgrade to some slightly newer, better driver supported hardware can result in a gpu temperature drop of around 18-26C (depending on setup). It might not make a huge improvement in room temperature alone, but it is a step in the right direction.

Kivy

This week whilst thinking about how to represent an idea as a GUI application I ran into the limits of GTK3. I had a look around at matplotlib and pygame as possible work arounds but neither suited what I had in mind. It was then that I discovered Kivy.

Kivy - Open source Python library for rapid development of applications
that make use of innovative user interfaces, such as multi-touch apps.

Having had a look at some of the demo interfaces that have been created it looks like a really powerful tool. The only limitation appears to be your imagination. In addition the multi-touch aspect is appealing in the longer term as touch interfaces become more prevalent. Once I can get it fully installed/working on Fedora I will be experimenting with it a little.

Tmux – Solving The Problem Of Window Names

I was lucky enough to get a book on using tmux for Christmas. Following through the examples I noticed that I was not getting the expected behaviour when attempting to set window names.

Commandline

1
$ tmux new-window -n console

What this should do is create a new tmux window and within it a window called "console". What I was getting was a tmux window containing a window named after my command prompt e.g. 'bob@computer ~'. This was bothering me so I set about researching the problem, unluckily for me its not one that is that common. By chance I located a post linking to a RedHat bug report https://bugzilla.redhat.com/show_bug.cgi?id=969429. The report outlines a problem regarding a change in terminal escape codes and highlighted an identical problem with screen as I am having with tmux. I checked the escape codes in my .bashrc file, nothing wrong there. Next stop was /etc/bashrc.

/etc/bashrc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  if [ -z "$PROMPT_COMMAND" ]; then
    case $TERM in
    xterm*|vte*)
      if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
          PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
      elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
          PROMPT_COMMAND="__vte_prompt_command"
      else
          PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
      fi
      ;;
    screen*)
      if [ -e /etc/sysconfig/bash-prompt-screen ]; then
          PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
      else
          PROMPT_COMMAND='printf "\033k%s@%s:%s\033\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
      fi
      ;;
    *)
      [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
      ;;
    esac
  fi

/etc/bashrc contained the above code section. It comprises two different sections for different terminals, each has its own prompt with different escape codes. The but report highlighted that the problem lay with the 033k escape code where as 033]0 worked. I should only be using the problematic escape code if I am using a screen terminal. So which am I using?

Commandprompt

1
$ echo $TERM

The result from running the above command in my gnome-terminal was "xterm-256color". This was expected and what I assumed I was using. Running it from inside a tmux session I got "screen-256color". Tmux using a screen terminal is pointing back to the problematic escape code. Time to go back to the .tmux.conf and check my settings.

.tmux.conf

1
2
# Use 256 term colours
set -g default-terminal "screen-256color"

There is my problem line, I have set it to use the screen terminal, oops.

.tmux.conf - Correct

1
2
# Use 256 term colours
set -g default-terminal "xterm-256color"

By using the xterm-256color terminal I correct the problem with the escape code. Rerunning my initial tmux command tmux opens with a window named 'console'. Problem solved.

Aims for 2014

Time for a look back at what I intended to do last year.

  • Read an ebook on my Kindle Paper-white. - I have managed to read several and it's in regular use.
  • Contribute to some open source projects. - Failed
  • Continue to develop my wireless sensor system. - Mostly failed, a little progress made but not much.
  • Buy a new soldering iron/station. - I have an ERSA Icon Nano
  • Decorate and carpet my lounge. - Success - It now looks lived in.Still needs curtains.
  • Document more of my projects on this website. - Mostly failed, a few notes were uploaded but not much else.
  • Use my Raspberry Pi for something interesting. - Barely looked at it.
  • Clear clutter out of my garage. - Cleared once then got full again.
  • Finish networking between lounge and bedroom. - Completed as part of decorating.
  • Write an android application for my tablet or phone. - I wrote a calculator script for use at work but it's in html rather than an app.

So 2013 was mixed, some things achieved some not.
Time to see if I can complete some of last years goals in 2014.

  • Contribute to some open source projects.
  • Put more time into electronics projects (Raspberry Pi/Wireless Sensor System).
  • Get curtains for lounge.
  • Clear out Garage (again).
  • Write an android application for my tablet/phone
  • Pay off student loan.
  • Carpet master bedroom.
  • Build a Gaming PC and/or Steam Box
  • Repave Back Yard
  • Use a Linux desktop environment other than Gnome 3 for at least a month

Another to do list, but as before it will be a good year if I can cross a few of them off.

Fedora 19 – Initial Impressions

I have just upgraded both my laptop and desktop machines to Fedora 19. Having had a few issues with the past couple of releases this upgrade has been almost flawless. The only issue I have noticed so far is some missing fonts/images for the grub 2 bootloader but everything works otherwise.

The biggest improvement from my point of view is in graphics performance. I have an ATI card running the opensource radeon driver. I had noticed stuttering during video playback on Fedora 17 & 18. This release however it has vanished and smooth video has returned. So far so good.

Update:

/boot/grub2/themes/system/DejeVuSans-10.pf2 not found
/boot/grub2/themes/system/DejeVuSans-12.pf2 not found
/boot/grub2/themes/system/DejeVuSans-Bold-14pf2 not found

/boot/grub2/themes/system/theme.txt not found

The boot message about grub not finding the fonts or theme is due to the starfield theme nolonger being the default. Install grub2-starfield-theme and then it works as before. The default for new installs appears to be a plain console theme.