CoW – Linux way of creating processes

Linux operating systems is one of THE most popular operating systems and continue to lead the embedded operating systems markets. In this blog, I would like to give an overview of a design decision in Linux and it is one of the reasons why I see Linux not only as Software but also as an Art. The kernel developers thought leadership is unquestionable. I am great fan of Linux Kernel DevelopersJ. Without bogging you down, let me come to the point directly.

UNIX operating systems create processes using the system call fork () and overlay (load) a binary/executable image using exec () system call. The system call fork () does not have a parameter and the system call exec () few parameters to load a program from a permanent storage (File System). Practically, the system calls fork () and exec () are twins; fork () is the elder brother and exec () is the younger one. Let us first see the functionality of “fork”. As you may know a process is program in execution that has a state such as data, heap, stack, pending signals, open files and environment variables. When you want to execute something, let us say running a command “ls” from the shell, the “shell” process typically calls fork (). When the fork () is successful, the kernel creates another process which is copy of the process. So each successful call to fork () returns twice – once in the called process (aka parent process) and second time in the newly created process (aka child process). As a standard, all the operating systems copy the address space of parent process and create another address space. There is a overhead involved while creating fork’ ing a process.

Shortly after the process is created, either parent or child process is loaded with some other program. Typically, one of the system calls in “exec” family of system calls is used. When “exec” is executed, the entire address space of the called process is recreated. So there is considerable amount time spent in this “double creation”. Surely, there is some kind of optimization can be done to gain substantial performance.

In Linux, fork () does not copy the address space but just simply creates the kernel data structures needed to the new process. Now, both the parent and child process uses the same address space and the entire address space is marked read-only. So, both the parent and child process can continue to read the process address. When any one process tries to write to a page (memory page), the kernel duplicates the address space and creates the address space. But this is unlikely to occur. Another scenario is the loading a new program into memory. When this occurs, the kernel any way creates a fresh address space and starts to execute the loaded program. By this approach, the “double creation” is avoided. The deferring the duplication of address space has given a performance and sometimes procrastination helpsJ.

The functionality of fork () is called CoW – Copy on Write. So from next time, when you see a Linux box and a running process think about

But you have two process after fork (), which process will be scheduled first? Yes, Linux is a masterpiece.

Spirit of Open Source

Having worked in a software company for the past five years, now I am able to appreciate the spirit of open source. When I mean open source, I don’t necessarily mean free software. Open Source is much more than free software. Free does not carry any meaning in terms of monetary benefits (though Open Source provides profitability). Free implies to the freedom of using it, modifying it and of course helping others by redistributing it. Though these are somehow enforced through open source licenses, there is one thing that is not enforced but followed by heart by the community. By community, I mean all the developers and users of any open source Software.

If you are in a computer geek or a software engineer, you might be used at least one OSS. More and more vendors are moving towards open source to capture their market or to make their products better. When they come in, they advertise that they are for open source. But once they become stable, they try to stand on top of the spirit of open source. Yes, they see open source legally. In short run, they may gain popularity but that is mirage and they are quite satisfied with the mirage as it bears more fruits than they expected.

But there many people who are totally vendors unbiased and develop open source with noble thoughts. These people understand, respect and nurture open source. They propagate and advocate open source. They release so many versions of their software under open source licenses. The most popular operating system, Linux, is one of the best examples.

Security - Now the programmers panorama

The days of access list, VPNs, IDS/IPS and Firewalls are gone. Dont get me wrong. Those are still great technologies to protect you assets but the world now moves towards another cycle. It goes to the place where it started. Thanks to Web 2.0 adoption. People collaborate using Internet for many things. Just like this blog. Web application deployment is marching much faster than the expectation and almost we are in the verge of IP Address depletion. Without Internet, the world may stop for a while (and every software engineer need to relearn problem solving and need to take an elective on how to work without search engines. Some will end up doing a PHD on this)

Web applications, a little door to a mighty businesses, now gaining attention from attackers. It is not only due to value of the asset or amount of profitability. It is very very simple to attack a web application. I have recently went through couple of books on Web Application security. Though I did not go through it in detail, the methods and tools are simple to use and you need to be a geek to do all the fancy stuff.

Oh God. Some of the web application security forums say "90% of web sites have vulnerabilities". It is true to a major extent. For the past two weeks, I have been trying to find a web site that is doing one thing, yes it is just one thing better. I am taking about Input Validation. If you need a single toolkit to safeguard you blog, orkut, bank account just try to find whether the input validation is done properly. It is the worst culprit than CSS, SQL Injection and authentication.

There are few great books on Software Security and I particularly enjoyed reading the book "Web Application Hacking Exposed". You may need to check amazon reviews before buying one and investing time. After reading the book, you find that the best way to defend against attackers is to write a solid code, to follow software engineering best practices, to do code review, to run static analysis, to do pen.test. Sometimes, you ll also feel like hacking your application to keep attackers under your toe.

Yes, it is your feeling, action and passion makes a better software and not the tools. Tools just help you to achieve your destiny fast.

OS Fingerprinting - Most Fulfilling Talk

Today, Rajkumar and I gave a talk on Operating System Fingerprinting. Rajkumar, the main speaker of the talk started and talked about security mind set. He narrated various reconnaissance attacks. He then explained about OS Fingerprinting and active fingerprinting. During his speech he talked about TCP/IP implementation differences in many popular and infamous operating systems like Windows XP, Linux and Solaris. He also demonstrated active OS fingerprinting with NMAP.

The second part of the session, I started with an overview on Buffer overflow to emphasis why OS Fingerprinting is essential. Then explained POSFP with a real incident took place in this world. We also discussed positive aspects of OSFP like Network Auditing.

That was one of our most fulfilling talks in Network Security. The audience were great and totally it was wonderful feeling.

Security - Art, Passion and Character

Having Worked in Network Security for three years, I got addicted to attacks and VD. Though not a veteran, I would proudly say that I am Security Enthusiast. For studying or mastering security one needs to know internals of how things work. Security is not a technology or a silver bullet. In a broader perspective, security is way of life, place that cannot be achieved in this Information/Internet era.

Whenever, I get a chance to get connected with security aspects of life, I tuned myself. Rajkumar (colleague of mine) and I were browsing through some websites. Most of the websites have logic bombs in them. As far as a web application is concerned, it needs to take one thing seriously. Linux geeks used to say “Do onething. Do it well” and it greatly applies to Web. For web application, the quote should be “Do validation properly. Do it well”. Coming to back those web applications, they did something fundamentally wrong. We never tried XSS, SQL Injection and stuff like that. We simply played with input fields. Havoc…

Based on that we came out with a paper that talks about web application security. Personally, we don’t prefer to preach others. This paper is just a guideline for make better software. The time has come to build security in the product. No more, the security is a plug-in.

We will be presenting our paper in “Step Auto”, an International Conference on Software Testing, Process and Automation. More in the conference.