SELinux is the way to go, if you wanna seek pleasure in confinement ;). SELinux is a real cool thing, which gives you the power to confine applications on your desktop. Its always one of my fantasies to have a system, where software only does what it is supposed to do. And SELinux is one such system, where you’ve to precisely define what all an application requires (i.e. its specification), e.g. if it needs to output something on user’s console, it needs write access to user’s (t|p)ty*, etc. Since December, 2007, I’m practicing confinement using SELinux on my Gentoo Hardened box running standard SELinux policy from refpolicy-20071214 sources. And I’ve also started a SELinux policies project named sepolicies to host my SELinux policies. Currently the project has SELinux policies for 4 applications, namely backuppc, ctrlproxy, gw6c, and pdnsd. Anyone interested in contributing to SELinux policies can communicate with me. I’m abbe on #selinux in irc.freenode.net. Anyways, happy confinement :)
20080115
Wanna seek pleasure in confinement
20080111
intel.com DNS admins suck bigtime
[wahjava@laptop ~]$ dig +trace www.intel.com ; <> DiG 9.5.0a6 <> +trace www.intel.com ;; global options: printcmd . 514004 IN NS C.ROOT-SERVERS.NET. . 514004 IN NS D.ROOT-SERVERS.NET. . 514004 IN NS E.ROOT-SERVERS.NET. . 514004 IN NS F.ROOT-SERVERS.NET. . 514004 IN NS G.ROOT-SERVERS.NET. . 514004 IN NS H.ROOT-SERVERS.NET. . 514004 IN NS I.ROOT-SERVERS.NET. . 514004 IN NS J.ROOT-SERVERS.NET. . 514004 IN NS K.ROOT-SERVERS.NET. . 514004 IN NS L.ROOT-SERVERS.NET. . 514004 IN NS M.ROOT-SERVERS.NET. . 514004 IN NS A.ROOT-SERVERS.NET. . 514004 IN NS B.ROOT-SERVERS.NET. ;; Received 228 bytes from 172.18.33.125#53(172.18.33.125) in 1 ms com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. ;; Received 491 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 923 ms intel.com. 172800 IN NS ns1.intel.com. intel.com. 172800 IN NS ns2.intel.com. intel.com. 172800 IN NS ns3.intel.com. intel.com. 172800 IN NS ns4.intel.com. ;; Received 167 bytes from 192.35.51.30#53(F.GTLD-SERVERS.NET) in 1022 ms www.intel.com. 60 IN CNAME www.intel.com.edgesuite.net. . 113388 IN NS C.ROOT-SERVERS.net. . 113388 IN NS D.ROOT-SERVERS.net. . 113388 IN NS E.ROOT-SERVERS.net. . 113388 IN NS F.ROOT-SERVERS.net. . 113388 IN NS G.ROOT-SERVERS.net. . 113388 IN NS H.ROOT-SERVERS.net. . 113388 IN NS I.ROOT-SERVERS.net. . 113388 IN NS J.ROOT-SERVERS.net. . 113388 IN NS K.ROOT-SERVERS.net. . 113388 IN NS L.ROOT-SERVERS.net. . 113388 IN NS M.ROOT-SERVERS.net. . 113388 IN NS A.ROOT-SERVERS.net. . 113388 IN NS B.ROOT-SERVERS.net. ;; Received 280 bytes from 143.183.152.22#53(ns3.intel.com) in 1001 ms
Forget the latency of my internet connection, but WTF is this TTL of 60s for www.intel.com. Are they running their servers on Dynamic IP boxes, hmm… Even DNS records of more popular sites like www.google.com and www.yahoo.com has TTL of 300s.
[wahjava@laptop ~]$ dig +trace www.google.com ; <> DiG 9.5.0a6 <> +trace www.google.com ;; global options: printcmd . 513848 IN NS L.ROOT-SERVERS.NET. . 513848 IN NS M.ROOT-SERVERS.NET. . 513848 IN NS A.ROOT-SERVERS.NET. . 513848 IN NS B.ROOT-SERVERS.NET. . 513848 IN NS C.ROOT-SERVERS.NET. . 513848 IN NS D.ROOT-SERVERS.NET. . 513848 IN NS E.ROOT-SERVERS.NET. . 513848 IN NS F.ROOT-SERVERS.NET. . 513848 IN NS G.ROOT-SERVERS.NET. . 513848 IN NS H.ROOT-SERVERS.NET. . 513848 IN NS I.ROOT-SERVERS.NET. . 513848 IN NS J.ROOT-SERVERS.NET. . 513848 IN NS K.ROOT-SERVERS.NET. ;; Received 260 bytes from 172.18.33.125#53(172.18.33.125) in 1 ms com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS L.GTLD-SERVERS.NET. ;; Received 504 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 701 ms google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 168 bytes from 192.54.112.30#53(H.GTLD-SERVERS.NET) in 957 ms www.google.com. 604800 IN CNAME www.l.google.com. l.google.com. 86400 IN NS a.l.google.com. l.google.com. 86400 IN NS b.l.google.com. l.google.com. 86400 IN NS c.l.google.com. l.google.com. 86400 IN NS d.l.google.com. l.google.com. 86400 IN NS e.l.google.com. l.google.com. 86400 IN NS f.l.google.com. l.google.com. 86400 IN NS g.l.google.com. ;; Received 276 bytes from 216.239.36.10#53(ns3.google.com) in 1059 ms [wahjava@laptop ~]$ dig +trace www.l.google.com ; <> DiG 9.5.0a6 <> +trace www.l.google.com ;; global options: printcmd . 513825 IN NS K.ROOT-SERVERS.NET. . 513825 IN NS L.ROOT-SERVERS.NET. . 513825 IN NS M.ROOT-SERVERS.NET. . 513825 IN NS A.ROOT-SERVERS.NET. . 513825 IN NS B.ROOT-SERVERS.NET. . 513825 IN NS C.ROOT-SERVERS.NET. . 513825 IN NS D.ROOT-SERVERS.NET. . 513825 IN NS E.ROOT-SERVERS.NET. . 513825 IN NS F.ROOT-SERVERS.NET. . 513825 IN NS G.ROOT-SERVERS.NET. . 513825 IN NS H.ROOT-SERVERS.NET. . 513825 IN NS I.ROOT-SERVERS.NET. . 513825 IN NS J.ROOT-SERVERS.NET. ;; Received 292 bytes from 172.18.33.125#53(172.18.33.125) in 1 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 494 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 387 ms google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 170 bytes from 192.31.80.30#53(d.gtld-servers.net) in 966 ms l.google.com. 86400 IN NS a.l.google.com. l.google.com. 86400 IN NS b.l.google.com. l.google.com. 86400 IN NS c.l.google.com. l.google.com. 86400 IN NS d.l.google.com. l.google.com. 86400 IN NS e.l.google.com. l.google.com. 86400 IN NS f.l.google.com. l.google.com. 86400 IN NS g.l.google.com. ;; Received 258 bytes from 216.239.32.10#53(ns1.google.com) in 351 ms www.l.google.com. 300 IN A 72.14.235.99 www.l.google.com. 300 IN A 72.14.235.104 www.l.google.com. 300 IN A 72.14.235.147 ;; Received 82 bytes from 66.249.93.9#53(d.l.google.com) in 949 ms
[wahjava@laptop ~]$ dig +trace www.yahoo.com ; <> DiG 9.5.0a6 <> +trace www.yahoo.com ;; global options: printcmd . 513788 IN NS J.ROOT-SERVERS.NET. . 513788 IN NS K.ROOT-SERVERS.NET. . 513788 IN NS L.ROOT-SERVERS.NET. . 513788 IN NS M.ROOT-SERVERS.NET. . 513788 IN NS A.ROOT-SERVERS.NET. . 513788 IN NS B.ROOT-SERVERS.NET. . 513788 IN NS C.ROOT-SERVERS.NET. . 513788 IN NS D.ROOT-SERVERS.NET. . 513788 IN NS E.ROOT-SERVERS.NET. . 513788 IN NS F.ROOT-SERVERS.NET. . 513788 IN NS G.ROOT-SERVERS.NET. . 513788 IN NS H.ROOT-SERVERS.NET. . 513788 IN NS I.ROOT-SERVERS.NET. ;; Received 292 bytes from 172.18.33.125#53(172.18.33.125) in 1 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 491 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 386 ms yahoo.com. 172800 IN NS ns1.yahoo.com. yahoo.com. 172800 IN NS ns2.yahoo.com. yahoo.com. 172800 IN NS ns3.yahoo.com. yahoo.com. 172800 IN NS ns4.yahoo.com. yahoo.com. 172800 IN NS ns5.yahoo.com. ;; Received 201 bytes from 192.12.94.30#53(e.gtld-servers.net) in 328 ms www.yahoo.com. 300 IN CNAME www.yahoo-ht3.akadns.net. . 3600000 IN NS A.ROOT-SERVERS.net. . 3600000 IN NS B.ROOT-SERVERS.net. . 3600000 IN NS C.ROOT-SERVERS.net. . 3600000 IN NS D.ROOT-SERVERS.net. . 3600000 IN NS E.ROOT-SERVERS.net. . 3600000 IN NS F.ROOT-SERVERS.net. . 3600000 IN NS G.ROOT-SERVERS.net. . 3600000 IN NS H.ROOT-SERVERS.net. . 3600000 IN NS I.ROOT-SERVERS.net. . 3600000 IN NS J.ROOT-SERVERS.net. . 3600000 IN NS K.ROOT-SERVERS.net. . 3600000 IN NS L.ROOT-SERVERS.net. . 3600000 IN NS M.ROOT-SERVERS.net. ;; Received 277 bytes from 68.142.255.16#53(ns2.yahoo.com) in 1289 ms
LoL on Intel customers. I’m also one of them :(
From an Emacs Lisp n00b
Emacs Lisp, a dialect of LISP used by Emacs category of Operating Systems, is a cool language to learn. Yesterday, while trying to figure, what to do to test my n00b Emacs Lisp skills, I got this idea. As, I’d used Borland C/C++ IDE for around 5 years during 10+2 days, and I became addicted to its key bindings. Later, when I started using Emacs in 2003, I felt the problem of key bindings, which are totally different, like Alt+W to copy text, and Ctrl-Y to paste text. But that time, I felt lazy to learn Emacs customization stuff, so I decided to learn Emacs keybindings. But, yesterday I decided to implement some of the Borland IDE key bindings to my Emacs, so I hacked following Emacs Lisp code for my ~/.emacs.
;; Author: Ashish Shukla (defun enable-mode-if-disabled (modename) "Enables mode 'modename' if disabled" (if (not (eval modename)) (funcall modename))) (defun compile-current-file() "Compiles current file (only for `emacs-lisp-mode')" (interactive) (if (not (eq buffer-file-name nil)) (if (eq major-mode 'emacs-lisp-mode) (byte-compile-file buffer-file-name)))) (defun execute-current-file() "Executes current file (only for `emacs-lisp-mode')" (interactive) (if (and (not (eq buffer-file-name nil)) (eq major-mode 'emacs-lisp-mode)) (load-file buffer-file-name))) (defun describe-current-word() "Describes `current-word', if it is defined as symbol" (interactive) ;; intern-soft the current-word to see if a symbol exists ;; with this name. (if (not (eq (intern-soft (current-word)) nil)) ;; cool symbol exists, so retrieve the symbol (let ((sym (intern (current-word)))) ;; if it is a 'function' (if (functionp sym) ;; then describe function (describe-function sym) ;; else describe variable (describe-variable sym))))) ;; Borland Turbo C bindings ;; nothing special for C hackers, but Emacs LISP hackers ;; F2 - Save Buffer (global-set-key [f2] 'save-buffer) ;; F3 - Load Buffer (global-set-key [f3] (key-binding (kbd "C-x C-f"))) ;; F5 - Execute currently loaded LISP file (global-set-key [f5] 'execute-current-file) ;; F6 - Switch to other window (global-set-key [f6] (key-binding (kbd "C-x o"))) ;; F9 - Compile currently loaded LISP file to bytecode (global-set-key [f9] 'compile-current-file) ;; not a Borland Turbo C keybinding ;; F7 - Describes current-word in Help window (global-set-key [f7] 'describe-current-word) (enable-mode-if-disabled 'font-lock-mode) (enable-mode-if-disabled 'transient-mark-mode) (enable-mode-if-disabled 'global-font-lock-mode) (enable-mode-if-disabled 'show-paren-mode) (enable-mode-if-disabled 'tooltip-mode) (enable-mode-if-disabled 'line-number-mode) (enable-mode-if-disabled 'column-number-mode) (if (eq window-system nil) (enable-mode-if-disabled 'xterm-mouse-mode)) (mwheel-install) (set-face-foreground 'default "white") (set-face-background 'default "black") (if (eq window-system 'x) (set-default-font "-b&h-luxi mono-medium-r-normal--*-95-100-100-m-0-iso10646-1")) (setq default-tab-width 4)
Anyone interested in learning Emacs Lisp can try out similar stuff. Anyways, happy Emacs-ing ;)
20080103
How Split Debug Symbols work ?
I’ve been using a custom built package for a software since a long time, But it used to crash (reproducible) sometimes, so tonight I thought, it’ll be great to debug the problem, so I checked my package directories to see if I’ve built any -dbg package (I use Gobuntu, a distro based on Debian, so no -debuginfo packages for me :-P ). And I found that I’ve not built any -dbg package, so I quickly added --dbg-package=foo-dbg to dh_strip (yup I use debhelper too) invocation in binary-arch target of debian/rules Makefile, and also added a entry for foo-dbg in debian/control. And, then I built (dpkg-buildpackage -rfakeroot) and installed (dpkg -i) the -dbg package.
Now, I fired gdb, started executing foo, it SIGSEGVed, and I did bt, oops no symbols listed. So, then I joined #gdb on irc.freenode.net, and there bauermann told me that about debug-file-directory option in gdb. I showed that option, and found that it is set to /usr/lib/debug. Then I tried manually loading symbols, using symbol-file option. And symbols are loaded without any problem.
Now, the problem is how to autoload those symbols, so I followed the path of RTFM and then I opened gdb.info, searched for debug-file-directory, and there I found this:
So, for example, if you ask GDB to debug `/usr/bin/ls', which has a link containing the name `ls.debug', and the global debug directory is `/usr/lib/debug', then GDB will look for debug information in `/usr/bin/ls.debug', `/usr/bin/.debug/ls.debug', and `/usr/lib/debug/usr/bin/ls.debug'.
and this:
A debug link is a special section of the executable file named `.gnu_debuglink'.
And then I did objdump -x /usr/bin/foo |fgrep debuglink to see if it has .gnu_debuglink section, oops, its not present. So, I installed the newly built package, as I’ve only installed -dbg package earlier. And now again I did objdump -x /usr/bin/foo |fgrep debuglink, and this time its present.
So I fired gdb again, and started executing foo, and now this time when it SIGSEGVed, I’m able to get the symbol names, and the line no. where it segfaulted. So gdb rocks :)
