Compare commits
5 Commits
b9931a5f17
...
2921288e4e
Author | SHA1 | Date |
---|---|---|
R Tyler Croy | 2921288e4e | |
R Tyler Croy | fe2f93a0be | |
R Tyler Croy | 21722b69ed | |
R Tyler Croy | e3a60fd545 | |
R Tyler Croy | ce68e55d18 |
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
layout: microblog
|
||||
date: 2021-07-17 14:49:37 -0700
|
||||
title: 89157361
|
||||
---
|
||||
Today's screwing around with unix permissions has at least taught me how sudo actually works https://brokenco.de/2021/07/17/how-sudo-works.html
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
layout: microblog
|
||||
date: 2021-07-25 11:41:19 -0700
|
||||
title: e8bd53cf
|
||||
---
|
||||
Electricity is 3-5x more expensive for me to buy than produce. The cost of power in California is bonkers https://brokenco.de/2021/07/25/cost-of-power.html
|
|
@ -15,7 +15,7 @@ resolution. Unfortunately, the syntax can be quite unintuitive for accessing out
|
|||
scope once in those nested scopes.
|
||||
|
||||
Handlebars is a largely declarative templating syntax which uses curlybraces
|
||||
such as `{{var}}` for variable and helper substitution. The `#each` helper is
|
||||
such as `{%raw%}{{var}}{%endraw%}` for variable and helper substitution. The `#each` helper is
|
||||
important for loops, imagine the following data structure:
|
||||
|
||||
```json
|
||||
|
@ -42,7 +42,11 @@ This could be rendered into a list on a page via:
|
|||
</ul>
|
||||
```
|
||||
|
||||
Inside the `#each` block the values of the indexed object become the scope for variable resolution, such that `{{name}}` actually refers to `data.repos[i].name`. This presents problems when the template must refer to outer scope variables, such as `mood`. In the Rust implementation this variable resolution can be accomplished through a path traversal style syntax such as:
|
||||
Inside the `#each` block the values of the indexed object become the scope for
|
||||
variable resolution, such that `{%raw%}{{name}}{%endraw%}` actually refers to
|
||||
`data.repos[i].name`. This presents problems when the template must refer to
|
||||
outer scope variables, such as `mood`. In the Rust implementation this variable
|
||||
resolution can be accomplished through a path traversal style syntax such as:
|
||||
|
||||
```html
|
||||
<ul>{% raw %}
|
||||
|
|
|
@ -0,0 +1,99 @@
|
|||
---
|
||||
layout: post
|
||||
title: How sudo gets root
|
||||
tags:
|
||||
- security
|
||||
- linux
|
||||
- unix
|
||||
---
|
||||
|
||||
Today I fell into a rabbit hole around user and process
|
||||
permissions and had to learn how `sudo` actually worked. For the program I was
|
||||
working on I set out to figure out how to perform something akin to a "user
|
||||
swap" when launching subprocesses. On its face it seems simple enough, my
|
||||
program runs with user id `1000` and I wish to shunt child processes over to
|
||||
run as another user id. `sudo` can do it, so why can't I? "For reasons" is the answer.
|
||||
|
||||
The alternative for this post could be "unix permissions are insane".
|
||||
|
||||
Regardless of whether spawning a child or doing something within the process
|
||||
for modifying "who" is running a program is effectively the same. The program
|
||||
runs with the user id (`uid`) of the caller, so in the case of your shell which
|
||||
is running as you (often `uid` of `1000`) and spawned process will inherit the
|
||||
same `uid` .
|
||||
|
||||
In a C program, I can however reassign my process' `uid` with
|
||||
the `setuid(2)` system call:
|
||||
|
||||
> **`setuid()`** sets the effective user ID of the calling process. If the
|
||||
> calling process is privileged (more precisely: if the process has the
|
||||
> **CAP_SETUID** capability in its user namespace), the real UID and saved
|
||||
> set-user-ID are also set.
|
||||
|
||||
(In Rust this function is helpfully exposed via [the nix crate](https://docs.rs/nix/0.22.0/nix/unistd/fn.setuid.html).)
|
||||
|
||||
My normal shell user is _not_ the `root` user and therefore in just about every
|
||||
program I execute, they cannot use `setuid(2)` to change to **any other user
|
||||
id**.
|
||||
|
||||
If processes spawned by my user cannot assume other user ids, how the heck does
|
||||
`sudo` do it?
|
||||
|
||||
Based on the man page excerpt above, it's easy to assume that perhaps the
|
||||
process has the `CAP_SETUID` capability? Per-file capabilities are a Linux-ism which exposed to user-land via libcap:
|
||||
|
||||
> Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
|
||||
> available in Linux kernels. These capabilities are a partitioning of the all
|
||||
> powerful root privilege into a set of distinct privileges.
|
||||
|
||||
These capabilities _can_ provide the desired `setuid` functionality, but they
|
||||
can also be dangerous and lead to vulnerabilities. [This blog
|
||||
post](https://steflan-security.com/linux-privilege-escalation-exploiting-capabilities/)
|
||||
has a simple demonstration of using `CAP_SETUID` to gain root on a machine. We
|
||||
can check whether the `sudo` binary has this capability with the `getcap`
|
||||
program, which is not always in the distribution's default packages:
|
||||
|
||||
❯ sudo getcap `which sudo`
|
||||
|
||||
❯
|
||||
|
||||
Unfortunately it looks like `sudo` has no special file capabilities,
|
||||
fortunately there is _one_ other way to for a program to run with `root`
|
||||
privileges, but if you don't know where to look, good luck finding it!
|
||||
|
||||
The file system contains a little bit more information about an executable
|
||||
referred to as the "setuid bit". Using `chmod` you take a binary that you own,
|
||||
set the "setuid bit" and then whenever _any_ user runs the binary, it will run
|
||||
as your user. Naturally if a binary is owned by root with the setuid bit set,
|
||||
any caller of that binary will run the binary **as root**.
|
||||
|
||||
This is exactly what sudo does, which you can check just by exampling the file mode:
|
||||
|
||||
❯ ls -lah `which sudo`
|
||||
-rwsr-xr-x 1 root root 181K May 27 07:49 /usr/bin/sudo
|
||||
❯
|
||||
|
||||
Note the `rws` at the beginning of the mode string, this means read (`r`),
|
||||
write (`w`), and setuid (`s`) are all set at the user level on the file.
|
||||
Additionally the executable (`x`) bits allow all users within the `root` group,
|
||||
and _everybody else_ to execute the file.
|
||||
|
||||
Sudo basically starts out as `root` and then will read its configuration file
|
||||
and validate/drop permissions as necessary. Since the program is running with
|
||||
the `root` level privileges, it can easily call `setuid(2)` type functions and
|
||||
change to _any_ user on the system.
|
||||
|
||||
Should you wish to explore _exactly_ how sudo works, the [source code is on GitHub](https://github.com/sudo-project/sudo).
|
||||
|
||||
---
|
||||
|
||||
There is effectively no user hierarchy in Unix-inspired systems, there is
|
||||
_root_ and then there is everybody else. Unfortunately for my hacking this
|
||||
means I cannot have a user (`1000`) launch a process with a "lateral" user
|
||||
permission such as uid `1001`. I would first need to escalate privileges in
|
||||
some manner from `1000` to `root` and then drop back down again to `1001`.
|
||||
|
||||
If you ever see a program that "drops privileges" such as Docker, Nginx, or Systemd, just
|
||||
remember that in there is no dropping privileges without first escalating to
|
||||
`root` in a Unix-inspired system!
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
layout: post
|
||||
title: The cost of power in northern California
|
||||
tags:
|
||||
- opinion
|
||||
- solar
|
||||
---
|
||||
|
||||
|
||||
From my perspective one of the most important steps to address climate change
|
||||
is investment in cleaner power generation. Imagine my displeasure when I
|
||||
started doing the math on some of my recent power bills. Where I live Pacific
|
||||
Gas and Electric (PG&E) is the predominant utility company but fortunately I am
|
||||
also able to purchase electricity from [Sonoma Clean
|
||||
Power](https://sonomacleanpower.org/). Nevertheless, I still receive a bill
|
||||
from PG&E which is the owner/operator of most if not all of the transmission
|
||||
and generation capacity in the region. In Northern California there is no love
|
||||
lost for PG&E, which has been found responsible for negligence leading to
|
||||
numerous wildfires, gas pipeline leaks, and explosions. Much of this negligence
|
||||
has been due to postponing of forfeiting maintenance in order to recognize
|
||||
higher profits. To add insult to injury, it seems like they skim a healthy
|
||||
margin off of residential producers/consumers as well.
|
||||
|
||||
In 2019 I installed solar panels on my roof, and then waited for over six
|
||||
months for "permission to operate" because the transformer the house connects
|
||||
to was too old. That's another story, but a common one among a long list of
|
||||
deferred upgrades by the company. Once we gained permission to operate, our
|
||||
rate plan switched over to "time of use" with [Net Energy
|
||||
Metering](https://news.energysage.com/net-metering-2-0-in-california-everything-you-need-to-know/).
|
||||
In essence, I pay a variable energy price depending on pre-set off-peak and
|
||||
peak energy rates, and my solar generation can offset the cost of non-solar
|
||||
power used.
|
||||
|
||||
This "time of use" type plan has [rates
|
||||
defined](https://www.pge.com/en_US/residential/rate-plans/rate-plan-options/time-of-use-base-plan/time-of-use-plan.page?)
|
||||
for winter and summer periods. The current summer rates for me result in **$0.35**
|
||||
per kilowatt/hour (kWh) off-peak, and **$0.42** per kWh during the peak period from
|
||||
4pm to 9pm.
|
||||
|
||||
It is quite obvious why peak power costs more, there's a *lot* more demand in
|
||||
the summer afternoon for air-conditioners, etc. I would hazard a guess that the
|
||||
peak doesn't start earlier because of a surplus of solar power as the sun is
|
||||
directly overhead from 12-2pm.
|
||||
|
||||
The power generation prices that **I** am paid however for generation are
|
||||
**$0.07** for off-peak and **$0.13** for peak generation per kWh. That means I
|
||||
have to generate _three times more power_ during peak and _five times more
|
||||
power_ during off-peak in order to break even.
|
||||
|
||||
I am a retail consumer of electricity but a wholesale producer.
|
||||
|
||||
---
|
||||
|
||||
In 2020 California's largest production of electricity was from natural gas
|
||||
power plants [according to a California Energy Commission
|
||||
report](https://www.energy.ca.gov/data-reports/energy-almanac/california-electricity-data/california-electrical-energy-generation).
|
||||
photo-voltaic solar (panels) were the _second_ largest class of electricity but
|
||||
only produced 1/3 as much energy. California imported almost as much from other
|
||||
states as our own natural gas facilities produced, 81gWh compared to our 92gWh.
|
||||
|
||||
In my opinion solar and wind production need to grow and the best way to
|
||||
encourage that behavior is with better rates for clean energy production and
|
||||
poorer rates for carbon-producing ones. The California Public Utilities
|
||||
Commission has the power to influence this behavior, but who knows whether
|
||||
they're willing to step up.
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
layout: tag_page
|
||||
title: "Tag: solar"
|
||||
tag: solar
|
||||
robots: noindex
|
||||
---
|
|
@ -0,0 +1 @@
|
|||
Today's screwing around with unix permissions has at least taught me how sudo actually works https://brokenco.de/2021/07/17/how-sudo-works.html
|
|
@ -0,0 +1 @@
|
|||
Electricity is 3-5x more expensive for me to buy than produce. The cost of power in California is bonkers https://brokenco.de/2021/07/25/cost-of-power.html
|
Loading…
Reference in New Issue