Operating Systems 2019F Lecture 21

From Soma-notes
Jump to navigation Jump to search

Video

The video from the lecture given on November 22, 2019 is now available.

Notes

Lecture 21
----------

questions about the assignment?
assignment 3 due sunday evening

please do course evaluations!

A lot of problems, weird errors come from running out of disk space.

To clean up a disk, you'll probably have to deal with logs (esp. if you have something like the kernel printing lots and lots of messages)

But...logs aren't just text files
* old style log files are text files
* systemd introduced binary logs (similar to Windows)

So you may need to delete both

To delete text log files
* if it has a number at the end (and is or is not compressed), you can just
  delete it
* but if it doesn't have a number at the end, you'll have to delete *and* have the logging program close and reopen their log file
   - say, by sending SIGHUP or just killing and restarting the process, or just reboot


Key idea of Linux kernel rootkit
* load kernel module
* module patches system call table so custom code is run
* custom syscall code does bad things, then calls real system call


When the kernel processes a system call, it looks up the system call handler in a system call table
  * system call 5 => 5th function in table

To change what system call is made, you patch the table

You could try patching the entire system call handler, but that is much harder and in general not feasible from a module

Kernel developers know bad guys want to mess with the system call table
 - so there are protections in place that have to be circumvented
 - main protection: table is marked read only
 - so you have to get around this

If you do even the slightest thing wrong, you'll corrupt the kernel
so, you may need to reboot for every time you try new code
 - you can't decide whether an old bug is messing up your new code or not,
   unless you reboot


Contrast this with eBPF and trace
 - did you ever have to reboot?

note the safety/functionality tradeoff


Assignment 4 will not be graded by the TAs, it will be on cuLearn
 - but general questions will be posted as will be solutions
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Operating_Systems_2019F_Lecture_21&oldid=22543"