I was asked, what is the correct way to drop privileges in Linux.
So here is a list of things I usually do, when implementing unprivileged sub process:
fork
in some cases you would also want to do these:
clear the environment(leave only the required variables)
close all file descriptors(except the ones you need)
clear memory regions that are [...]
If you need to SNAT local processes over a specific interface(for example a tunnel) there are a few things you have to do and this artical describes the required steps.
= Sysctls =
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
More specific, you need to disable the rp_filter over the interface you are receiving the traffic. For tunnels this usually is [...]
At the office we have this joke, that the shortest program, that produces “Segmentation fault” is:
$ echo Segmentation fault (core dumped)
Segmentation fault (core dumped)
We had this joke, after a collegue of ours debugged that exact program for 20min, before he realized that it actually printed sefgault
However, one of the collegues decided to challenge [...]
My new expensive toy just came to life
localhost#show version
Arista DCS-7050QX-32-F
Hardware version: 02.11
Serial number: JPE1523XXXX
System MAC address: 001c.73XX.XXXX
Software image version: 4.14.5FX.2
Architecture: i386
Internal build version: 4.14.5FX.2-2328441.4145FX2
Internal build ID: 5f369972-3e94-403c-aee9-dd4cfba34d46
Uptime: [...]
If you want to do A/B split testing with nginx, you usually are directed to the split clients module.
However, most of us don’t have this module compiled into their nginx installations and this usually results in using our code to do the actual A/B spliting.
Here is how you can do that, without the addition of [...]
I’m using bird on my routers for a few years now, and every time I setup a new router I add these shell functions to help me monitor and debug network issues:
function bgp_states {
for i in $(birdc show protocols|sed ’s/\s\+/|/g’|grep BGP); do
a=(${i//|/ })
[...]
I was featured at PerlAdvent calendar 2016 with my article about controlling Linux Containers with Perl
The PerlAdvent calendar is a very nice way to countdown the days till Christmas
Since CentOS 6.x is an old distro it lacks newer GCC and thus you can’t use things like stack protector and some of the PAX security stuff
What you can do however, is to install the SCL repo and from there the devtoolset-4:
# yum install centos-release-scl.noarch centos-release-scl-rh.noarch
# yum install devtoolset-4 devtoolset-4-gcc-plugin-devel.x86_64
The above will install gcc [...]
After yum or apt-get upgrade you are left with services that need to be restarted in order to start using the new libraries you have just upgraded.
Sometimes you know what to restart but if you haven’t done upgrade in a while it is highly possible that you can miss a service.
The following simple two liner [...]
Yesterday I had a very interesting conversation about congestion control and how it affects long lived connections.
So I decided to do a very simple comparison. I created a 100MB file(dd if=/dev/zero of=test-file bs=1M count=100).
Scalable:
test-file 100%[==============================================>] 100.00M 5.13MB/s in 23s
2016-02-28 19:40:55 (4.35 MB/s) - ‘test-file’ saved [104857600/104857600]
Illinois:
test-file 100%[==============================================>] 100.00M 4.20MB/s in 24s
2016-02-28 19:21:57 (4.13 [...]
