Tuesday, July 14, 2020

VPN fishing

Recently I encountered an interesting scenario where a link I clicked on a link in an email local to our VPN opened a public website. Link was similar to

        swarm/changes/674362

Now, I was expecting some diff of files described in the mail but I found completely different stuff and I checked whether I am connected to the VPN or not. As you might expect, I was not. Some time later I thought we can use this to trick people to get their credentials for swarm. If you got the credentials, and if they are same as the NT credentials, (... think of the bad things you can do on your own)

A simpler explanation with Alice and Bob

1. Alice (A bad girl) has set up a public website with DNS name "xyz" which mimicks a site in VPN which both Alice and Bob can access (It's not mandatory that, Alice should have access to it)

2. Alice sends an email to Bob which contains a protected url as below

            xyz/foo/bar

3. Here it is assumed that, xyz is a site available in VPN as well as on the internet.

4. If Bob is connected to VPN and opens the URL, he will hit the local (present in the VPN) site and things will go well

5. If Bob is not connected to VPN he will connect to the public website (URL in the address bar will still be same) and he will enters his credentials to access /foo/bar and will be compromised.

How can one protect themselves?

   - Orgs can WARN their employees when they visit public sites (or block these sites) whose DNS names match the local site DNS names.

at No comments:
Labels: , ,

Thursday, July 2, 2020

Building HBase 1.3.1 with JDK 8

HBase is a opensource NoSQL store built on top of Hadoop HDFS filesystem. Read more about it here

Building HBase 1.3.1 with JDK 8 will bring out some new problems (Well there are some other issues as well). This blog post is to help people who are walking on the same way as I am.


Assumptions

1. You have installed JDK 8
2. HBase uses maven for builds, you should have installed maven.
3. The sources are already downloaded and are present in /home/xyz/hbase

mvn install won't work?

No, you will hit some compilation issues and some shell script failures.

Compilation error
[ERROR] Failed to execute goal org.codehaus.mojo:findbugs-maven-plugin:3.0.0:findbugs (default) on project hbase: Unable to parse configuration of mojo org.codehaus.mojo:findbugs-maven-plugin:3.0.0:findbugs for parameter pluginArtifacts: Cannot assign configuration entry 'pluginArtifacts' with value '${plugin.artifacts}' of type java.util.Collections.UnmodifiableRandomAccessList to property of type java.util.ArrayList -> [Help 1]

Shell script failure
[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.4.0:exec (concat-NOTICE-files) on project hbase-assembly: Command execution failed.: Process exited with an error: 1 (Exit value: 1) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.4.0:exec (concat-NOTICE-files) on project hbase-assembly: Command execution failed.

Ok how do I solve them?

1. Edit the file /home/xyz/hbase/pom.xml and make the following changes.

     Before
        ...
        <plugin>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>findbugs-maven-plugin</artifactId>
          <version>3.0.0</version>
          <!--NOTE: Findbugs 3.0.0 requires jdk7-->
        ...

     After
        ...
        <plugin>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>findbugs-maven-plugin</artifactId>
          <version>3.0.4</version>
          <!--NOTE: Findbugs 3.0.0 requires jdk7-->
        ...


2. Edit the file /home/xyz/hbase/hbase-assembly/pom.xml and make the following changes. New versions of bash seems to not accept the extra line at the end

     Before
        ...
            <argument>bash</argument>
            <argument>-c</argument>
            <argument>cat maven-shared-archive-resources/META-INF/NOTICE \
                `find ${project.build.directory}/dependency -iname NOTICE -or -iname NOTICE.txt` \
            </argument>
        ....
     After
        ...
            <argument>bash</argument>
            <argument>-c</argument>
            <argument>cat maven-shared-archive-resources/META-INF/NOTICE \
                `find ${project.build.directory}/dependency -iname NOTICE -or -iname NOTICE.txt`
            </argument>
        ...


-madhusoodan
at No comments:
Labels: , ,

Wednesday, July 1, 2020

Building JDK 8 on Fedora 31 (GCC 9.2.1)

This blog lists out the steps to build JDK 8 on Fedora 31. I had some compilation problems while building it, so you may find this useful.

1. I was building the openjdk 8u, so we have to clone it from the public repo

    $ hg clone http://hg.openjdk.java.net/jdk8u/jdk8u

2. This will just bring some source and scripts which are necessary to get the actual JDK and hotspot sources.

3. To get the actual sources, run the utility shell script

    $ ./get_source.sh

4. Configure the build for your system

    $ bash configure

5. Add below options if you want debug symbols

    $ bash configure --with-debug-level=slowdebug

6. Set the environment variable to resolve the compilation errors

    $ export CFLAGS="-Wno-return-type"

7. Run the build

    $ make

Little more info

gcc version

$ gcc --version
gcc (GCC) 9.2.1 20190827 (Red Hat 9.2.1-1)
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
at No comments:
Labels: , ,
Subscribe to: Posts (Atom)