Links

• wikipedia.org: List of Unix utilities
• Real and Effective IDs
  • A process also carries around an effective set of gids called the group vector.  This effective gid is then just the primary effective gid and the ones from this vector provide additional effective gids to the process for determining access control.
  • Invoking a setgid application does not alter the group vector.
  • sudo typically resets it to that of the target users groups too unless you pass in the -P option to preserve the group vector.
  • setuid
    • On most platforms, only real programs (i.e. binary code) can be setuid and it's ignored on scripts (i.e. those with a shebang line) because interpreters are usually not written with security in mind.
  • setfsuid
• Do not trust file descriptors 0, 1, 2
• tempfile: Creating a One-shot File
  • Use mkstemp.  Opening a file with O_EXCL ensure that the kernel does not follow symlinks (mkstemp does this.)
  • Lost in Legacy Space? Use a private directory!
    • Use mkdtemp
  • Rule of thumb:  In a setuid or setgid application, drop privileges before creating a temporary file in a hostile directory.
• Man pages
  • http://www.manpagez.com/man/1/COMMAND/
• Tools
  • fpm: effin' package management
    • It helps you build packages quickly (Packages like RPM and DEB formats).
    • Presentation with speaker notes
  • pv
• API
  • posix_fadvise

Passing file handles / descriptors between processes

• See Passing open handles / "kernel black magic"
• python-passfd
  • This simple extension provides two functions to pass and receive file descriptors across UNIX domain sockets, using the BSD-4.3+ sendmsg() and recvmsg() interfaces.

What shell am I using?

cat /proc/$PPID/cmdline