Saturday, October 22, 2016

Dirty Cow (CVE-2016-5195)

Dirty Cow is a newly discovered, but already a decade aged,  vulnerability which is present in almost all Linux distributions including your likely favorite Kali Linux. 


It is referenced as CVE-2016-5195 and called Dirty Cow as it is a race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.(RedHat)


Solution:


Depending on your distribution, I think this vulnerability must have been fixed already. I will mention how to overcome it only on the latest Ubuntu release 16.04/10 LTS (check the bug) where new packages are released and the easiest way to get them is to update your sources.list file

sudo apt-get update

and then upgrade:

sudo apt-get dist-upgrade

Reboot your system so that the changes take effect.

Tuesday, July 26, 2016

Beyond design patterns

I came this morning across this issue posted on StackOverflow. The OP tries to build up a simple Tkinter GUI.

What is both funny and interesting to highlight is that the simplicity of the goals to fulfill became unexpectedly a little bit tricky or even complicated to fix because the OP relies on the MVC and Observer -the later one being often consequently a key component of the former-

The problem in itself can be resolved in 6 quick dirty lines of code on the fly.  I am not here to tell you design patterns are worthless,  but as a general rule of thumb I learned from my own experience, do not use them unless if really needed otherwise you would, probably, uselessly stumble in struggling to comply to them instead of effectively trying to implement the solution to the actual problem. Put it bluntly: be pragmatic!

As I deeply believe that the way we program reflects our state of mind, emotions,  personality and daily life attitude, I think one must wonder on the rule mentioned above especially by those who tend quickly and blindly to follow the mainstream way of thinking, believing or behaving without daring to put ahead their self confidence to think about what matters on their own.

This attitude would lead you to bear your own stuff, to develop your own design pattern and thus express better who you are through  dozens of thousands of apparently boring lines of code.

Thursday, March 3, 2016

Printing data in MySQL format using Python


(I originally posted what follows as an answer to a question on StacOverflow that remained unanswered during 2 years)

The aim is is to have Python output that looks in MySQL format:

mysql> SHOW COLUMNS FROM begueradj FROM begueradj;
+-----------------+-------------+------+-----+---------+-------+
| Field           | Type        | Null | Key | Default | Extra |
+-----------------+-------------+------+-----+---------+-------+
| Reg_exp         | varchar(20) | NO   |     | NULL    |       |
| Token           | varchar(20) | NO   |     | NULL    |       |
| Integer_code    | int(2)      | NO   |     | NULL    |       |
| Attribute_value | varchar(2)  | NO   |     | NULL    |       |
+-----------------+-------------+------+-----+---------+-------+

It is good to see the world as a set of objects, so my solution will be done in a class where we need to save the connexion parameters to MySQL server within a Python dictionary in the class consutructor  __init__(self):

self.config = { 'user':'begueradj',
                'passwd':'begueradj',
                'host':'127.0.0.1',
                'db':'begueradj',
               }
 
Of course, one needs to change these parameters to his ones.
Of course, trying to do a hack by yourself is not necessarily the best idea. For my solution, I opted for the use of texttable which you can install by:
  • First download the compressed module.
  • Uncompress the file and change the directory to it.
  • Finally, type this command: sudo python setup.py install
After executing the MySQL query (self.sqlquery = """SELECT * FROM begueradj"""), you will need the MySQLCursor.description Property to get the columns' names in a tuple format:
# Get columns' names
self.columns = [i[0] for i in self.cursor.description]
Note that is useful to transform the tuples to lists as texttable module works on lists.

Python program:

I commented almost each line of my program solution below:
'''
Created on Mar 3, 2016

@author: begueradj
'''
import MySQLdb
import texttable

class Begueradj:
    """ Display MySQL table's content along with
    table's columns name as in pure MySQL format.
    """
    def __init__(self):
        """ Initialize MySQL server login parameters.
        Try to connect to communicate with MySQL database.
        """
        self.config = {'user':'begueradj',
                       'passwd':'begueradj',
                       'host':'127.0.0.1',
                       'db':'begueradj',
                       }
        # Try to log to MySQL server
        try:
            self.dbconnexion = MySQLdb.connect(**self.config)
        except MySQLdb.Error:
            print "Database connexion failure!"

        # Read the content of the MySQL table
        self.sqlquery = """SELECT * FROM beg"""

    def begueradj(self):
        """ Display MySQL table data.
        """
        self.cursor = self.dbconnexion.cursor()
        self.cursor.execute(self.sqlquery)

        # Get columns' names
        self.columns = [i[0] for i in self.cursor.description]

        self.tab = texttable.Texttable()
        self.tablerow = [[]]

       # Fetch all the rows from the query
        self.data = self.cursor.fetchall()

        # Must transform each tuple row to a list
        for r in self.data:
            self.tablerow.append(list(r))

        # Get the number of columns of the table
        self.tab.add_rows(self.tablerow)
        # Align displayed data within cells to left
        self.tab.set_cols_align(['l','l','l','l'])
        # Once again, convert each tuple  row to a list
        self.tab.header(list(self.columns))
        # Display the table (finally)
        print self.tab.draw()

        # Don't forget to close the connexion.
        self.dbconnexion.close()

# Main program
if __name__=="__main__":
    b=Begueradj()
    b.begueradj()

Demo:

enter image description here

Saturday, January 23, 2016

Simple Java persistence application for beginners (JEE, Spring MVC, Maven)

I posted  a very simple application on GitHub to help JEE beginners to grasp the main concepts of Java persistence by highlighting how to manipulate some basic operations. The application is in its version 1.0 but I am not planning to enrich it as it is not that important for me.

Link: https://github.com/begueradj/JPAlibSpringMVC