The Ruby Reflector

If you enjoy this article, subscribe (via RSS or e-mail) and follow me on twitter.

tl;dr

This article is going to explain how a recent privilege escalation exploit for the Linux kernel works. This exploit affects CentOS 5 and 6 as well as other Linux distributions. Linux kernel version 2.6.37 to 3.8.9 are affected by this exploit. I will explain this exploit from the kernel side and the userland side to help readers get a better understanding of how exactly it works.

• Topics: Linux kernel, 64-bit, Linux distribution, RSS, Programmer

…2.2TB Virident FlashMAX II as the cache storage device. EXT4 is the filesystem, and CentOS 6.4 the operating system, although the pre-release modules I received from Virident required the use of the CentOS 6.2 kernel, 2.6.32-220, so that was the kernel in use for all of the benchmarks on both systems. The benchmark tool used was sysbench 0.5 and the version of MySQL used was Percona Server 5.5.30-rel30.1-465. Each test was allowed to run for 7200 seconds, and the first 3600 seconds …

• Topics: MySQL, Virident, SSD, HDD, Percona Server

…creation performed very slowly as the number of threads in a process increased. This bug is present on CentOS 5.3 (and earlier) and other linux distros as well.

It is also very possible that this bug impacted research done before August 15, 2008 (in the best case because Linux distro releases are slow) on building high performance threaded applications.

Digging this thing out was definitely one of the more interesting bug hunts in recent memory.

Hopefully, my long (and insane) story …

• Topics: Linux kernel, RSS, 2003, CPUs, GNU Compiler Collection
• time to bleed by Joe Damato: A closer look at a recent privilege escalation bug in Linux (CVE-2013-2094)

…know it works like a champ under Ubuntu, Debian, RedHat, CentOS, and Windows Server. Now we've collaborated with the smart folks over at Joyent to bring Server Monitoring (aka nrsysmond) to SmartOS.

The Scoop on SmartOS

SmartOS unites extraordinary technologies to create a high performance cloud infrastructure: OpenSolaris, ZFS, DTrace, Zones and KVM Linux. These technologies are combined into a single operating system, providing a highly multi-tenant and …

• Topics: Joyent, SmartOS, Relic, VM, Node.js
• High Scalability: Sponsored Post: Joyent, Membase, Appirio, CloudSigma, ManageEngine, Site24x7
• Rails on Edge: The Ruby Hoedown
• pingles: Virtualisation, Levels of Abstraction and Thinking Infrastructure
• MySQL Performance Blog: Percona Server and XtraBackup available on Solaris
• I can't code! Now what?: Rails can't scale alone.
• Zerosum Dirt(nap): Oregon

…Percona Server rpm packages couldn't be built on RHEL 5 and CentOS 5. Bug fixed # 1144777 ( Ignacio Nin ).

When mysqldump was used with --innodb-optimize-keys option it produced invalid SQL for cases when there was an explicitly named foreign key constraint which implied an implicit secondary index with the same name. Fixed by detecting such cases and omitting the corresponding secondary keys from deferred key creation optimization. Bug fixed # 1081016 ( …

• Topics: Percona Server, MySQL, Debian GNU/Linux, InnoDB, Perl
• New Relic: More on Managing Real World Rails Apps at Massive Scale: An Interview with Joshua Warchol, Vice President of Technology at Fanzt
• High Scalability: Sponsored Post: Fitbit, OLO, Amazon, aiCache, Aerospike, Percona, ScaleOut, New Relic, Logic Monitor, AppDynamics, ManageEngine,

Currently we wait 10 seconds for a runit service's supervise/ok named pipe. On slower systems ( cough CentOS 5.x) this 10 second wait is not long enough. This commit updates the embedded runit cookbook that ships in omnibus-chef to match the indefinite block used in the current version of community cookbook:

https://github.com/opscode-cookbooks/runit/blob/1.1.0/libraries/provider runit service.rb#L151-L153

Improvements:

Maximum on PostgreSQL shared_pages on machines where installed …

• Topics: PostgreSQL, Nginx, Ruby on Rails, Chef, S3
• Rails Envy » Home: Rails Envy Podcast - Episode #097
• Global Nerdy: ClearFit's Looking for a Rails Developer
• Peppy Heppy - Home: Ruby 1.9.2, Encoding UTF-8 and Rails: invalid byte sequence in US-ASCII
• Ruby Inside: The Mega April 2012 Ruby and Rails News Roundup
• A Fresh Cup: What's New in Edge Rails #56
• DevInterface Blog: How to install PostgreSQL and psycopg2 on Osx Snow Leopard

On CentOS, use RPM directly. sudo rpm -Uvh https://opscode-omnitruck-release.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.6-1.el6.x86_64.rpm

The package just puts the bits on disk (in /opt/chef-server ). The next step is to configure the Chef Server and start it. sudo chef-server-ctl reconfigure

This runs the embedded chef-solo with the included cookbooks, and sets up everything required - Erchef, RabbitMQ, PostgreSQL, etc.

Optionally, run the Opscode Pedant test suite. This …

• Topics: Chef, API, Domain name system, Ubuntu, RabbitMQ
• Opscode Blog: Turn it to 11: Upgrading From Chef 10
• paperplanes: The Virtues of Monitoring

…Ruby on Rails) previous versions 3.2.11, 3.1.10, 3.0.19 and 2.3.15 Tested on Centos 6.3 i386 with: RoR 3.2.10 passenger 3.0.19 GrayLog2 0.9.6 Description : This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This module has been tested across …

• Topics: Ruby on Rails, Ruby, XML, 2.x, Application software
• New Relic: The Who and What of GoGaRuCo 2012
• giant robots smashing into other giant robots: This Week in Open Source
• Ruby Inside: This Week in Ruby: Ruby 2.0 Refinements, Cost of GC::Profiler, and BritRuby Cancelled
• Heroku: Sunsetting the Argent Aspen Stack
• A Fresh Cup: Double Shot #1033
• Signal vs. Noise: Learning Rails at The Starter League

RHEL 5 / CentOS 5 / ScientificLinux 5: (Note: these packages depend on EPEL .) rpm -Uvh http://passenger.stealthymonkeys.com/rhel/5/passenger-release.noarch.rpm

RHEL 6 / CentOS 6 / ScientificLinux 6: yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm

Step 2: use Yum

From there you can use Yum to install packages. For example, try one of these: yum install nginx-passenger

or yum install mod_passenger

or yum install passenger-standalone …

• Topics: Phusion Passenger, Nginx, Apache HTTP Server, Yum, Ubuntu
• Brightbox Ruby Blog: Passenger 3.0.14 and NGINX 1.2.2 packages for Ubuntu
• 赖洪礼的 blog: Phusion Passenger for Python?
• Article RSS Feed: August 2011 Meeting
• Simone Carletti's Blog: How to restart God when you deploy a new release via Capistrano
• News Feed: Recommended: Phusion on Building a More Efficient Ruby 1.8 Interpreter (Rerun)
• has_many :bugs, :through => :rails: Ruby on Rack #1 - Hello Rack!

…Redis instances. Each of these has has 2x E5530 processors and 2-4 disks with 4×1G network interfaces.

Storage

We have around 400TB / 9 nodes of Isilon 36 and 72NL storage. We serve all of the user uploaded content off this storage with backups to S3.

OS Choice

Database servers run RHEL or Centos 6 while application and utility servers run Ubuntu LTS .

• Topics: 2X, Database, SSDs, 37signals, Ubuntu
• Opscode Blog: Summer Events
• New Relic: Velocity 2012: Hop Onboard the Data Nerd Express
• High Scalability: Stuff The Internet Says On Scalability For June 29, 2012 - The Velocity Edition
• Global Nerdy: Mobile Developer News Roundup for Tuesday, June 26, 2012