My Blog

Bash "Shellshock" vulnerability: fixing unsupported Ubuntu releases

A few months after Heartbleed hit everyone (see discussion in my http://www.doc.ic.ac.uk/~dcw/ webpage), now we have a severe security vulnerability (CVE-2014-6271) in practically all versions of Bash, the Unix Bourne Again Shell.

You can check whether bash on a particular machine is vulnerable or not by running the following in a bash shell:

 env x=’() { :;}; echo vulnerable’ bash -c ‘echo hello’

If it prints:

  vulnerable

  hello

then you’re vulnerable.  We’re big Ubuntu users where I work, so we’re rolling out security updates on supported Ubuntu distros, and building our own experimental bash packages on unsupported distros (don’t get me started on Ubuntu’s “You Must Only Run Supported Distros” creed).

Perl thought for the day: why do many Perl advocates now recommend against using tried and tested CPAN modules in favour of new-fangled ones?  Several well-known Perlers (most obviously Stevan Little, Moose author) go out  of their way to look down on pre-2005 modules, and class backwards compatibility as a force holding Perl back.  A key benefit of Perl from my perspective is that I don’t have to reinvent my knowledge every few years - I can do so if I like, not if I don’t.  But I don’t have to; my investment in Perl is safe.

Started writing a followup Professional Software Development article about my datadec tool (which generates an ANSI C module to implement a set of Recursive Data Types of your choosing), may take a few days to get this written.  When it’s finished, it’ll be linked in on my PSD page:

  www.doc.ic.ac.uk/~dcw/PSD/

Released an ElasticSearch Tutorial showing a way of using our private cloud to create a fleet of short-lived (Ephemeral) cloud VMs to run a distributed computation as an experiment.

Eric Raymond has recently written a guide called The Lost Art Of Structure Packing which describes how C compilers (portably) lay out fields in structures, with padding to preserve alignment constraints etc. (Thanks to Latency McLaughlin of LinkedIn for sharing this link).

Stimulated by a LinkedIn discussion a few weeks ago, I’ve just finished a new article in my occasional Practical Software Development pages: Article 7: Import Cool Features #1: Simulating OO in C

Really like Matt Trout’s talk on"Architecture Automation: One Alligator at a Time" from YAPC NA in 2013:

  https://www.youtube.com/watch?v=3xQqLNBeokc

LinkedIn (Plain Old C group) update: Unions in C

Yesterday, I added a (long) explanation of using Unions in C for implement variant record/inductive data types on the LinkedIn Plain Old C discussion group.  Link here:

https://www.linkedin.com/groups/union-in-C-1627067.S.5904592360947355652

Just experienced Ubuntu bug 1347147 in kerberos propagation hang

Just building a new kerberos slave KDC (Key Distribution Centre) on Ubuntu 14.04LTS, and experienced a bug - when propagating a large kerberos database from the master to the new slave the kdb5_util load hangs.

My colleague Giuseppe Mazza reported this about a month ago to the kerberos mailing list, now it’s confirmed as a kerberos/gcc/Ubuntu bug that’s been fixed in 14.10 unstable as described here:

https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1347147

Apparently the bug is caused by a broken GCC pointer alias optimization in gcc-4.8 and 4.9, but also some kerberos library support code could have been written using different macros to avoid the problem.

Updated kerberos packages don’t seem to have yet been released for Ubuntu 14.04, and as this was biting us, as a temporary workaround, I grabbed the package sources for “krb5” 1.12.1+dfsg-7 (latest version) from 14.10, and rebuilt them locally on an Ubuntu 14.04 box.  Manually installed them on our experimental slave KDC, now kdb5_util load finishes in under a second!

My first blog post

Ok, let’s try this out. I’m going to add blogs about random computing/programming/systems administration stuff here.