I was a bit taken back today after stumbling across this pdf by Dr. Wolf-Fritz Riekert http://share.ieservices.de/downloads/documents/Wordpress_Flowplayer_Plugin_pash-m_recent_version.pdf
Google translated version
Seems my plugin and the code therein has been the subject of a study, after perusing the google translation of the document I can see some very interesting concepts on how to improve the plugins integration with wordpress itself, I have sent an email Dr. Wolf-Fritz Riekert, asking if I can take his concepts and apply them to my code, so have a read and check back for version 2.1.0.0 soon,
Also of note the authors at Flowplayer.org have also granted me permission to use the latest verison of flowplayer, this will be rolled into 2.1.0.0
Remember to request features please use my Trac system.
Update:Dr. Wolf-Fritz Riekert has gotten back to me, this study is in fact the work of a group of students, the project leader of which was Martin Wörz, of ieservices.de, I’ll be liaising with him over the concepts in the study.
Tags: study, wordpress
No Comments »
For security newer distros of RHEL and their derivatives an mounting /tmp with the noexec option.
Now if you have ever had to clean up a compromised web app you can see why this makes a lot of sense, and if not here’s a quick example.
Yours/Clients web app becomes compromised, running kernel has a buffer overflow that can lead to privilege escalation, attack writes out their code and compiles in /tmp, then runs said app from /tmp creating a pseudo root level shell, aka you’ve just been root kitted.
However there are legitimate reasons for using /tmp to compile, well I say legitimate, what I in fact mean is things like pecl, which you use to install extensions like APC require this …
workaround:
1
| export TMPDIR='/a/paTh/your/user/can/write/to' |
Failing that:
service httpd stop
DO NOT ALLOW ANY WEBAPP ACCESS WHILE NOEXEC IS IN USE!
1
2
3
| mount -o,remount,rw,exec /tmp
pecl install apc
mount -o,remount,rw,noexec /tmp |
DO NOT REMOVE THE NOEXEC OPTION IN /ETC/FSTAB PERMANENTLY YOU WILL REGRET DOING SO
Tags: bad, interpreter, Linux, php
No Comments »
Redhat bug 537535
Take for instance this code saved as test.php.png
Low and behold this will render out the entire post array! and will interpret the php itself, now lets be clear here the proper use of selinux and directory structures to prevent UGC from being allowed to be access directly and / or run arbitrary code would of prevented this, however as is often the case the setup is such that the preventative conditions could not / are not deployed.
At any rate this bug comes courtesy of the apache AddHandler directive,
1
| AddHandler x-httpd-php .php |
The statement above seems to ‘loose’ match the .php extension meaning a file simply only contain .php anywhere in it’s filename to be interpreted as PHP.
The suggested work around for this is as follows:
1
2
3
4
5
| #Workaround for bug here: https://bugzilla.redhat.com/show_bug.cgi?id=537535
<FilesMatch \.php$>
SetHandler x-httpd-php
ForceType text/html
</FilesMatch> |
Note this does not effect the AddType directive, after testing on the same version using:
1
| AddType application/x-httpd-php .php |
Is not effected by this ‘bug’.
Tags: 537535, Apache, dual extension, php, vulnerability
No Comments »
Posted by: Buzz in php
In some situations using a double quotes string is required i.e. “this\nstring\nappears\over\nmany\nlines” …
However in 99% of cases it is used without even thing about in implications of doing so … PHP will infact evaluate any string wrapped in double quotes, this adds a processing overhead, but it seems people do not actually reliase how much in comparrison to using single quotes for the same string.
Take for example this code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| <?PHP
/**
* double-quotes-are-bad.php ~ D.Busby (Saiweb.co.uk)
**/
$start = microtime(true);
$var = "This is a stiring it may not actually have anything to be parse within"
. " However the issue remains that infact php will attempt to evaluate every char"
. " In this string, which in this example may not be so bad, as it's just one string"
. " In one file, buit imagine what happens when every string in your webapp uses double quotes";
$end = microtime(true);
$len = strlen($var);
$res = round($end-$start,10 );
echo $len.' Chars evaluated in '.$res.' seconds'."\n";
$start = microtime(true);
$var = 'This is a stiring it may not actually have anything to be parse within'
. ' However the issue remains that infact php will attempt to evaluate every char'
. ' In this string, which in this example may not be so bad, as it\'s just one string'
. ' In one file, buit imagine what happens when every string in your webapp uses double quotes';
$end = microtime(true);
$len = strlen($var);
$res2 = round($end-$start,10 );
echo $len.' Chars evaluated in '.$res2.' seconds'."\n";
$speed = round((1 - $res2/$res) * 100 ,2 );
echo 'Single quotes are '.$speed.'% faster'."\n";
?> |
Now I am running this on a live server, that is serving in excess of 100 pages a second, take a look at the output:
320 Chars evaluated in 1.40667E-5 seconds
320 Chars evaluated in 3.0994E-6 seconds
Single quotes are 77.97% faster
320 Chars evaluated in 1.28746E-5 seconds
320 Chars evaluated in 3.0994E-6 seconds
Single quotes are 75.93% faster
320 Chars evaluated in 1.3113E-5 seconds
320 Chars evaluated in 2.1458E-6 seconds
Single quotes are 83.64% faster
320 Chars evaluated in 1.19209E-5 seconds
320 Chars evaluated in 2.861E-6 seconds
Single quotes are 76% faster
320 Chars evaluated in 1.3113E-5 seconds
320 Chars evaluated in 2.861E-6 seconds
Single quotes are 78.18% faster
320 Chars evaluated in 1.3113E-5 seconds
320 Chars evaluated in 2.861E-6 seconds
Single quotes are 78.18% faster
The improvement is consistently in excess of 75%, so the moral of the story? don’t use “” if you do not need to!
Thanks to everyone along the way who’ve discussed and proven development methods along the way with me, and sorry it’s taken so long to get them written up.
4 Comments »
Posted by: Buzz in php
Call to undefined function imagettfbbox()
Either you do not have php GD installed (check your phpinfo(); and see if GD has laoded with TTF support)
Or if you are compiling from source add: –with-gd –with-freetype-dir=/lib64 –with-ttf=/lib64 –enable-gd-native-ttf
to your configure line.
Note: you’ll need gd-devel and freetype-devel libs installed, and im using /lib64 as im running a 64bit OS.
No Comments »
Posted by: Buzz in Linux, python
Following on from Linux – Generating file manifests and then checking them I was always getting the same questions …
How long left on the manifest Buzz ?
How long left on the verification Buzz ?
And I HATE having to turn around an say … I don’t know …
The problem with the usual command line method is that it give no indication of progress, and by extension no indication that it was infact running and not ‘hung’ …
As such I have now added the ‘manifest’ command set to the Sysadmin toolset
The manifest command take two data types, the first is a folder path from which to build the file manifest from, the manifest itself is also compatible with the “md5sum –check” function.
The second is the path to the manifest itself, in this case the manifest command will verify each file against it’s entry in the manifest:
At each point the command give you an indication of it’s current status, however this does come at a small cost, the script has no concept of the size of you console and as such will always render out the same number of character meaning if you console is not wide enough it will not render correctly, in the videos I have the console on a high resolution monitor as can be seen each video itself is 900 pixels wide.
This process is CPU intensive (20-45% on one core of a intel core2duo 2.8GHZ) and uses around 140KB of memory.
Tags: cli, indication, indicator, Linux, manifest, md5, progress, python, sysadmin
No Comments »
Posted by: Buzz in Linux
I had a major issue facing the iconv functionality of the sysadmin toolset namely due to rushed coding.
When loading a file to be re-encoded the entire file was loaded into the buffer, encoded as whole and written out to the new file, this of course meant the memory usage was roughly double the size of the file to be converted plus any overheads to do with the encoding itself.
Today I had need to convert a 1.3GB sql file, needles to say the script was crashing out with a memory error.
As such I have now completely re-written the function it now processes the file in 1kb ‘chunks’, moving the load to the CPU, this process is now very cpu intensive the the memory overhead is minimal (during test processed the 1.3GB file using 113kb of memory!!!).
Also I have now added BOM (Byte order mark) detection:
Tags: BOM, charset, conversion, iconv, python
No Comments »
Posted by: Buzz in Windows
laurent gaffie has produced a proof of concept remote BSOD affecting windows vista /7.
It is advised at this time to block all NETBIOS and SMB trafic on your network as there is currently no patch available.
Read the entry here: http://seclists.org/fulldisclosure/2009/Sep/0039.html
At the time of writing this entry I tested this on a Windows Vista VM (fully patched).
MS – Security Advisory
No Comments »
This issue has come about whilst having to migrate a positively huge number of files, and have to check the integrity of the transfer.
Build the manifest
1
| find /path/to/folder -type f -print0 | xargs --null md5sum > /path/to/manifest |
- -type f : This flag tells find to only return files
- -print0: This flag tells find to null terminate strings, this allows us to take files with spaces
- –null: This flag tells xargs to accept null terminated strings
- NOTE: PUT THE MANIFEST OUTSIDE THE FOLDER YOU ARE INDEXING!
Checking the manifest
1
| md5sum --check /path/to/manifest | grep FAILED |
The above will return all failed checks, if you want a simple count (maybe for automated reporting) just add | wc -l
FAQ
How big is the manifest?
This depends entirely on the length of your filepaths, taking UTF-8 as an encoding example each char is 8bits or 1byte, each manifest line consists of the md5hash, a space and the filepath as the filepath length varies there is no exact way to estimate the filesize of the manifest.
However each line is always 32 + 1 + len(path) bytes.
The more sub directories you have the larger the manifest size will be.
How long does the manifest take to build?
This depends on the number of files you have to index, along with any other factors such as network shares, in test runs 2819 files indexed in 1.493 seconds.
1 Comment »
Posted by: Buzz in flowplayer, php
Finaly it is ready and in a state I am happy to release it.
Features
- Complete code re-write, much more efficient and easier to update
- Flowplayer 3.1.1
- License detection, will only use the commercial version if you enter a license!
- Playlists
- Better wordpress API integration, all settings now stored in wordpress no more config files!
- Same admin interface
(Videos from Apple.com)
Tags: flowplayer, wordpress
1 Comment »
|
Entries (RSS)