chmod "+s"

Purpose of this blog is to just break this loooog Sannata mode. Many people might be aware of this, but for those who dont know can read.

We all know the basic file access permissions on linux. Access permissions can be set per file for owner, group and others on the basis of read (r), write (w) and execute permissions (x).

Linux processes run under a user-ID. The effective user-ID is the one that determines the access to files. So we can set user or group ID on execution using chmod command with 's' bit

>chmod 4755 suidtest
or
>chmod u+s suidtest

This causes the file to be executed under the user-ID of the user that owns the file rather than the user that executes the file. Same thing is applicable for group ID.

As you can see this is a very powerful feature especially if root owns the file with s-bit set. Any user can then do things that normally only root can do. A few words on security. When you write a SUID program then you must make sure that it can only be used for the purpose that you intended it to be used. Always set the path to a hard-coded value. Never rely on environment variables or functions that use environment variables. Never trust user input (config files, command line arguments....). Check user input byte for byte and compare it with values that you consider valid.

Here is the sample program with output.

1)

#!/bin/sh

#suid.sh: Print user information

echo " effective user-ID:"

id -un

echo " real user-ID:"

id -unr

echo " group ID:"

id -gn

2)

/*suid.c*/

#include

#include

int main(){

/*secure SUID programs MUST

*not trust any user input or environment variable!! */

char *env[]={"PATH=/bin:/usr/bin",NULL};

char prog[]="/tmp/suid.sh";

if (access(prog,X_OK)){

fprintf(stderr,"ERROR: %s not executable\n",prog);

exit(1);

}

printf("running now %s ...\n",prog);

setreuid(geteuid(),geteuid());

execle(prog,(const char*)NULL,env);

perror("suid");

return(1);

}

Now, with root user do

'gcc -Wall suid.c'

'chmod u+s a.out'

Here is the output

vinitd@orchid:/tmp> whoami

vinitd

vinitd@orchid:/tmp> ./a.out

running now /tmp/suid.sh ...

effective user-ID:

root

real user-ID:

root

group ID:

users

vinitd@orchid:/tmp>

--Note: It is possible to switch off Suid when mounting a file system. If you find the option "nosuid" in /etc/fstab then this Suid feature is switched off. For details have a look at the man-page of mount.

Nothing Technical About IT !!

As the caption suggests, there's nothing technical about this post. But could not help but put this up over here!

Received the image alongside in a mail, and loved it for no apparent reason ;-) !!

MS enthusiasts (Lele chill, I do not mean your MS), please excuse me, and do not hold this against me :-) !!






P.S.: Why has this blogspace gone into sannaTa mode ?

Sujay Lele

Hi all,
My name is Sujay and I have done my under-graduation in IT from VIT,Pune. I worked for two years at Kernel Solutions Pvt Ltd, a startup working in file systems. Right now I am doing my Masters in Computer Science at New York University (NYU). My research interests include File systems (and anything related to FS) , Operating Systems and Networks. I am involved in a research group working in wide area storage systems at NYU.

I will keep posting all the interesting stuff I do / I hear (technical of course :)) here at NYU.

Keep Blogging

Sujay

Vivek Bhandwalkar

Hi,
I'm Vivek, I am from Pune. I completed my graduation (Engineering in Information Technology), from Vishwakarma Institute Of Technology, Pune. I started my professional career with Calsoft Pvt. Ltd and now working with Symantec from last couple of months.

I hope, all those bright bulbs will try to spread their light of experience and domain knowledge in form of discussions.

Thanx,
Vivek

Pravin Gawale

Hello and welcome..!!!

I am Pravin Gawale,

Originally from Dhule and settled in Pune since five years. I graduated from Vishwakarma Institute of Technology, Pune. in B.E., Information Technology.

My career has started with Aftek Limited, Pune. and have been working on WINDOWS CE 5.0. an Embedded RTOS. My work involves Board Support Package(BSP) development, porting for various Hardware platforms and extensive Device Driver Development for Embedded devices like MMC, USB, Flash, File systems etc. to name a few.

Also I love working with Windows Device Driver and Windows Socket Programming which have been a major part of my graduation projects.Recently I have enrolled for Masters of Business Science (MBS) in Pune University.

Protocol is a very innovative and structured idea which provides knowledge sharing platform to all members.I would like to thanks Chetan for the same...

so,

Let us find & lead the way to derive protocol......

Software Versioning

Over the last few months, I have been co-handling the release procedure for our builds. This task primarily stemmed from the fact, that I was involved with the design of the *build* infrastructure for our product(s). I realised an interesting thing about versioning a software, which is said to be closely tied with "Software Engineering" (SE) principles, a publicly despised subject in our graduation curriculum.

(What I mean by versioning a software is, regarding the x.y.z string that you normally see in a software package you use, following the name of the software, e.g. Firefox 2.0.0.4, and how do you decide when to change one of these digits.)

One does not need much of SE knowledge, in order to come up with a versioning scheme. This can be dictated solely by common-sense. In layman terms, what I mean is, that SE principles will tell you what processes to follow when you release a software build, but they do not tell you which of those digits to change, and by how much. An example versioning scheme:

I number all my releases in the x.y.z format. My first release is 1.0.0. Now, all my immediate minor bug fixes, like typos, formatting changes, etc. will go into version 1.0.1. Following minor bug fixes will go into version 1.0.2, and so on. This essentially means that there will be no functionality changes in any of the 1.0.x versions of my software.
A slightly more critical change will go into version 1.1.0. This may include changes like support for a new browser, changes in the GUI layout, etc. Once again, minor bug fixes will keep going into versions 1.1.x. So, the functionality in 1.0.x and 1.1.x still does not vary, but still I can say that my 1.1.x release works better than my 1.0.x release.
Now, when I do a major feature addition (/removal) in my software, I will change my version to 2.0.0. These changes may be on the lines of addition of new capabilities, support for a new OS, a new platform, a rehaul in the design of the software, etc. And the changes in the smaller numbers mentioned above continue for version 2.0.0.

Now, this mechanism of changing these numbers can change based on many factors. The foremost criteria that I came across, is the kind of upgrade procedure that you follow and support (as will be agreed by Sujay), and vice-versa. Continuing with the example:

In this scheme, it is obvious that a customer should be allowed to upgrade to any of the versions where the last digit changes, i.e. from 1.0.3 to 1.0.4 or 1.0.5.
Also, since 1.1.0 does not have any functionality modifications, she should be allowed to upgrade even if the second digit changes, i.e. from 1.0.x to 1.1.x.
However, since versions 2.0.x involve a major change in the way things work, upgrading can prove to be a headache, and may even result in data loss, all the more so if the upgrading mechanism itself undergoes a change.

Now, if your upgrading mechanism does not follow these rules, then your versioning system is reduced to only a series of numbers to distinguish between different builds. And if you want you upgrading system to be able to jump from any release to any higher release, then again your versioning system should be designed to allow that.

Other factors that may come into play when you design a versioning system for your software may be:

• the source code repository being used,
• the number of products which come under the same versioning system,
• the number of configuration options for a single release, etc.

Some of the common versioning mechanisms currently in use are:

• Date - e.g. Wine 20040505 (released on 05/05/2004)
• Year - e.g. Windows 98, Windows 2000, MS Office 2003
  
• Alphanumeric - e.g. Windows XP, Windows ME
• Even number releases - e.g. kernel 2.4, kernel 2.6 (kernel 2.3, kernel 2.5 are for development)
• Floating point - e.g. Perl 5.8.7 is actually Perl 5.008007
  

Mirroring

Lets share our knowledge on this one...

Currently I am trying to implement the mirroring. When I thought of implementing it, one thing just came across my mind, which one to implement 1) Volume mirroring 2) Disk mirroring - which are essentially the two types of implantation.

I started with Volume mirroring (with the help of Mayur).
Here are some points which one should keep in mind while implementing the same
(from Windows point of view...considering DDK kit)

Assumption
Source and target Volumes should be consistent

Ways to proceed
FIRSTLY do full format on source and target volumes
ELSE you need to write syncing code

Handling WRITE request
EITHER create a new IRP and redirect it to target volume (but this will require a sound knowledge on drivers)
OR just manually write the data on target volume using the information available in IRP (meta-data)

2nd inning
Now if you are thinking of handling write request manually then people will suggest that to let you original WRITE requests to complete, in mean time log the necessary information on scratch-pad (NOTE: scratch-pad info should be complete enough so that later on you can create your READ request for the same data-buffer using your info) Generate a READ request and write the retrieve data on the target volume. This will not hamper any performance as you are not wasting much time in WRITE request (you just log necessary information on scratch-pad thats all) and much important is, if write fails you can just remove the scratch-pad entry in contrast to other approach where default WRITE request may fail and then you are in trouble :-)your another WRITE request to target volume may have completed successfully.

Now your target volume is replica :-) So try to implement the things....in case of doubts post your opinion...

QoS for servers

guys now this is something to which you must reply & discuss..

currently i am analysing what can be QoS(quality of service) requirements of a server. Server can be web or database or anything.. Basically QoS helps in differentiating the kind of services offered to different clients.

pls comment on this, I am trying to list out some quantifiable requirements which clients ask for or essential ones... (sometimes some of these terms sounds boring, but delivering such things with the software is most critical & beneficial work...)

The major requirements for supporting QoS in software server are as follows:

• Performance:
• Throughput – min, peak, allowed burst, reward function for achieving throughput between [min, peak], penalty function for throughput < min
  
• Response time / latency – distribution or percentile.
• Availability: Probability that a service is available.
• Duration for which service should be available.
• Time-to-repair (TTR).
• Accessibility: Probability measure denoting the success rate or chance of a successful service instantiation at a point in time. Requires scalable system.
• Integrity / Transactional QoS
• Reliability: Capable of maintaining the service and service quality. The number of failures per month/year represents a measure of reliability.
• Security: Providing confidentiality and non-repudiation by authenticating the parties involved, encrypting messages, and providing access control.
  

Omkar

Hello folks,
I am Omkar Gosavi.

I am from Pune. I have completed my Engineering in Information Technology, from Vishwakarma Institute Of Technology, Pune.

I started my professional career with Concepts Systems Pvt. Ltd. based in Pune. I worked there on a Java project ( Antivirus patch Auto-update) and did some work on the concepts web-site. Then after few months, I joined InMage Systems Pvt. Ltd in Hyderabad. Now it has been more than an year with them. InMage works on a data-recovery product using Continuous Data Protection(details for which can be found on the website).

During this 1 year I have been working on the dataprotection part of the product which involved coding in C and C++.

I am really pleased with the idea of this "K" bar for discussions. Looking forward for such wonderful discussions.

Thats all folks.

Thanks,
Om

Welcome to Virtual World (Server Virtualization)

lets start with some technical stuff....

sometime back I started working on one of the popular Virtual Machine Monitor(VMM) / hypervisor called xen. Basically there are various kinds of Virtualization like 1) Virtual Memory 2) Linux IP virtual Server 3) Application Virtualization 4) Server / Software Virtualization out of which xen does the last i.e. Server Virtualization.

Let’s see some of the basic terms in Server Virtualization.
Virtual Machine (VM) – This is an artificial environment created which simulates all the hardware resources needed by an operating system. The OS running in such environment is called as guest OS. Guest OS has a virtual view of the underlying hardware.
Virtual Machine Monitor (VMM) / hypervisor – This is the interface between the guest OS and
underlying hardware. Through VMM all the administrative tasks like adding a new guest OS,
allocation of resources to each of guest OS is done. Some examples of VMM are – Vmware, Xen
Host OS – The native OS running on the given hardware is called as Host OS. The VMM is
installed on Host OS. This OS has all the privileges on given hardware. We can have VMM running directly on hardware without any host OS which is called as Bare Metal Environment.

In simpler terms, the actual physical resources are divided into logical partitions. Each of the
logical partition is allocated to some guest OS. Each guest OS runs independently on given
partition. For Host OS, guest OSes are like the normal processes running on it. But with a major
difference that every guest OS has resource guarantees. This is the similar case as that of real
time systems where resource guarantees are associated with the processes.

Capabilities of Virtual Machines

• Workload Isolation or Workload Consolidation
  
• Workload Migration
• OS debugging
• Running Legacy Applications

Types of Virtualization
These types are based on the nature of guest OS.
Para-Virtualization: In this scenario, Guest OS requires some modification to run in
Virtual Machine environment. Reason behind this is that the OS are made with
assumption that they are having all privileges on the hardware. But in case of Virtual Machines, guest OS doesn’t have rights to run all the privileged instructions on the given
hardware. So to resolve this case, there are two alternatives. One is to have support from
processor, otherwise change the privileged part of code(which possible in open source OS only). Guest OS runs in ring 1 of x86 family processors which do not support virtualization.
Full Virtualization: In this type, unmodified OS can run in Virtual Machine. This is
actually achieved by any of the following two ways. One way is Hardware (processor) support for Virtualization. X86 family started give support from Intel-VT & AMD-V which released in 2005 and 2006 respectively. Other way is Binary Translation the one adopted in VMware. Vmware tries to track the all the instructions issued by guest OS & whenever a privileged instruction comes in, VMware translates it. But some people argue that this is a costlier solution.

this was just overview of world of Virtual Machines (hereafter we'll use this term. don't confuse it with Java Virtual Machines)

Any queries and/or suggestions & clarifications about any mistake I done while writing are most welcomed ( rather I will say reply is MUST :) )

Blog Bar......

As per Sayesha's terminology, let's call this place as "K" bar, where some nice foods for thought along with rich old drinks will be served. So here everybody can contribute to make our customers fully satisfied by keeping them always "talli".......

So stay tunned....... :)

Heloo World!!!

When any baby says "Hello world" as his/her first word rather than "mommy" or something then assume that one more programmer gonna get added in the pool.....

Myself Vinit Dhatrak, am also a part of this traffic, started contributing to the industry from Calsoft Pvt Ltd. But I no longer belong to it, as I joined Evergrid Pvt Ltd. recently.

I think this is really nice place to post our thoughts, also nice discussions also can happen. I ask everybody to put anything crap here, flood this area and utilize what blogspot is providing us.

Go ahead!!!!

Mayur Thigale

Hi, I am Mayur Thigale.

I am originally from Ahmednagar. I completed my graduation (Engineering in Computer Science), from Vishwakarma Institute Of Technology, Pune.

Currently, I am working with a startup called InMage Systems.Pvt. Ltd. We are working on a continuous data protection product (details for which can be found on the website). Earlier I worked with Colayer Web Conversations.

I worked in Colayer Web Conversations for 6 months and in InMage Systems for a year.
During these one and half years , my work has involved a large amount of coding in C,C++ .

I think this is enough.

Thanks,
Mayur

Opening Toast

Welcome to Protocols....

First, I want to thank to Chetan for executing this Idea and want to congratulate to all my team-mates, finally we have started a long Journey with a small Step...

Hi, I am Aniket Lakade.

I am from a small town called Walchandnagar (Pune district), but persisted in Pune from last 6-7 years. I have completed my graduation (2006) in Information Technology Engineering from Vishwakarma Institute of Technology (VIT), Pune.

I started my professional life with Persistent Systems (PSPL). Currently, I am working on a Data-ware house project. Mainly I deals with Planner & Optimizer area for the project from Netezza.

Besides this, I also have an interest in systems area. I usually play-around with Windows Device driver stuff.

Thats all Milord :-)

Rahul Gundecha

Hi everyone,
I am Rahul Gundecha.

(first of all thanks to Chetan for appreciating and executing the idea.
And also thanks for citing me with my brainchild :D )

I am from Ahmednagar (Maharashtra State). I was in pune for completing B.E. (Bachelor of Engineering) in I.T. (Information Technology) from Vishwakarma Institute Of Technology, Pune.
Then for a year, I worked in Mahindra British Telecom, Pune. I was involved in development work on open source java technologies like struts, hibernate (and also little bit of ofbiz, spring...).

& now I am in IIT Bombay (in Aamachi Mumbai) doing M.Tech. in Computer Science and Engineering. I joined here in July 2006.

About my one year stay in IIT, I have lot many things to say... This is really great place to be in. I met many excellent people in the field of Computer Science. You can go through list of professors and students herein IIT bombay. Being an IITian is experience of lifetime and I am very HaPpY to be a part of it.

In this one year I done some (mini?) projects for the courses(/subjects) I registered for. Usually we have a project or a termpaper or a seminar or combination of these things in each of the course. I will just briefly list out the projects I done.
(course name - project name)
1) Performance Evaluation of Computer Systems and Networks - Study of Prioritized Treatment of Specific OSPF Version 2 Packets. coding in C
2) Implementation techniques in DBMS - Query de-correlation for PostGreSql. coding in C
3) QOS In Networks - Simulation of RED for TCP traffic. coding in C++
4) QOS In Networks - Term paper on Admission Control in 802.11e
5) Embedded Systems - Developed kernel patch to rtlinux for "Handling Sporadic Tasks in Off-line Scheduled Distributed Real-Time Systems". coding in C.
6) R&D project - “Measurement-based Evaluation of Virtualization Platforms”. Virtualization Platform used is open source solution xen.
Apart from this, there were some assignments (~ mini-projects), seminars in many of the courses. And I had nice experience of being Teaching Assistant for the course Computer Programming & Utilization which involved guiding and evaluating a batch of 22 students for C, C++ stuff.I will end up this technical stuff herein, will continue later..

In all its a hectic life here, but really cooooool :) I am truely Njoying my 2 year stay in this heaven.

I guess this is all I wanna say,
(for some personal details you can visit my page)

thanks for reading :P
-rahoooooooool

Chetan Pathak

Hi, I am Chetan Pathak.

I am originally from Mumbai, but have settled in Pune for almost the last 7 years now. I completed my graduation (Engineering in Information Technology), from Vishwakarma Institute Of Technology, Pune.

Currently, I am working with a startup called Kernel Solutions Pvt. Ltd. (Packetgeneral Networks). We are working on a security related product (details for which can be found on the website), which is based on a technology related to File System Stacking.

This is the first place that I joined after I completed my graduation (2005), which gives me a total working experience of about 2 years now. During these 2 years at KSPL, my work has involved a large amount of coding in C, Perl and shell scripting. I also have some basic knowledge in HTML coding, and also quite some experience in testing.

This mixed profile of mine shows, that being a part of a startup, I "have had the opportunity / had to face the burden" of not being only in the _dev_ team, or only in the _QA_ team (or not being part of either, for that matter :-p).

I have also been involved in guiding a few final year projects (since almost as soon as I was done with mine).

That is pretty much what I have to confess :-)

(For further non-technical details, go here).

The Opener

I am writing this under the guise of the administrator of this blog, as labelled by the "blogspot" people, on the "Settings" page. However, my duties as an _administrator_ end at that. The creation of this blog was originally the brainchild of Rahul Gundecha, which was simply seconded and executed by me.

The description for this page pretty much sums up the purpose of this blog. However, I do not want to start off with any technical stuff. So, I thought it would be nice if each member can just introduce himself, which will help to serve two important purposes:

• Mark the entry of a new member on the posting list.
• Have a record of where each member was, in his career path, at the point of time when he joined in.

I think that is enough of being _administrator_y.

Happy blogging to the members, and happy reading to the readers !!