Ahhh . . . But that's the thing about Linux and other Free and Open Source Software - there areno secrets.You can have the entire source code, so there are no hidden "easter eggs" and no hidden surprises. Or are there?
The Big, Big Secret:
Look around you - if you can see devices like a personal video recorder, an ADSL modem/router, a VoIP phone, then the chances are you're using Linux, since many of these devices are powered by embedded Linux distributions. For example, in my office, I have a NetGear DG834 ADSL wifi router and Snom 320/360 IP phones, which are based on embedded Linux. The DG834 is quite "hackable" - there's a well-known trick for getting to the command prompt - so I can use Linux commands when problem-solving. The Linksys WRT54G router has been hacked to an even greater extent - there are complete replacement Linux distributions for it, offering improved features.
Many personal video recorders, such as the TiVo and theTopfield TF5000, run Linux, as do media centre devices. In many cases, these have been extended in various ways. You can even install Linux on an iPod, and do useful things with it.
That this is possible is due to the fact that Linux is open source; device developers can take the Linux kernel and cut out unnecessary subsystems, compiling it to produce a small image that will fit in the ROM. You don't need SCSI drivers? Take them out! You don't need any disk support at all? Rip it all out! And, of course, it helps that Linux has been portable across many different processors for a long time, so whether the device is based on a MIPS or Hitachi processor, you can still target it. In addition, becauseof the terms of the GNU Public Licence, if those hardware developers write driver code, they are required to release the source code, so that we can all benefit. This has worked well for all concerned - more than a few Linksys routers have been bought specifically because of their ability to run modified code.
But Linux is working for you, even when you're not using smart devices that use it internally. If your ISP provides you with an email account, the chances are your mail is delivered to and retrieved from a Linux server (or perhaps BSD, it's true). When you access popular web sites, the pages are often provided from a web accelerator operated by companies like Akamai and running on Linux. And of course, if you search the web using Google, you're using a massive cluster of Linux boxes.
So, the big secret? You're using Linux. Whether you knew it or not.
Interesting Links:
http://www.toppy.org.uk/ - A forum for Topfield PVR owners. http://www.batbox.org/wrt54g-linux.html - Linux on the Linksys WRT54G http://www.linuxdevices.com/articles/AT5690634012.html - Audio / video devices with Linux inside http://www.linuxdevices.com/articles/AT9615003856.html - Linux-based IP telephones
Stuff You Never Noticed: Easter Eggs
Firefox
The Mozilla project has long been engaged in battle with Microsoft, and for a while, there, it looked as though Internet Explorer was set for world domination. However, success is foretold, and you can see it revealed by typing "about:mozilla" in the Firefox URL bar. You can also see a list of contributors - literally a cast of thousands - by typing "about:credits".
Gnome
Gnome has had various eggs hidden in it over the years - for example, in Red Hat 8, pressing Ctrl+Alt+Shift and clicking on the desktop three times would display a scrolling list of credits, while in Red Hat 9, it displays "There is no easter egg", accompanied by loud noise. In both cases, it does this by invoking /usr/libexec/redhat-credits, which you can replace with a link to some other program that you find convenient. It doesn't seem to work in later distributions, though.
However, I checked this next egg with Gnome 2.10.0 on Fedora Core 4. On the main menu, select "Start Application", then in the dialog, type in "free the fish" (without the quotes) and click on "Run" or press Enter. A fish will appear and swim around the desktop. It's been in Gnome for many years now
OpenOffice.org 2.0
In OpenOffice.org 2.0, there's an entire game hidden away; it's in OpenOffice.org Calc. Open a new worksheet, and in any cell, type in the formula:
=game() and press Enter. You should see "say what?" in the cell. Now, type in this formula:
=game("StarWars") and press Enter. You should be rewarded with a Space Invaders-style arcade game. And yes - this egg works on Windows, too.
Use the Source
For the programmers amongst us, there's some amusement to be found in the source code.The Linux kernel source, for example, contains periodic outbursts (and occasional bad language) as the coders rail against design flaws, undocumented changes and the general perversity of hardware. There's comments about brain damage, unnatural acts with chainsaws and other signs of the pain developers go through to bring you a stable operating system.
There are also some dates in the kernel source, in the file include/linux/reboot.h. These are magic values which are required in order to use the _reboot() system call, and they are actually dates, expressed as a number of seconds since the Unix epoch (January 1, 1970):
/* * Magic values required to use _reboot() system call. */ #define LINUX_REBOOT_MAGIC1 0xfee1dead #define LINUX_REBOOT_MAGIC2 672274793 #define LINUX_REBOOT_MAGIC2A 85072278 #define LINUX_REBOOT_MAGIC2B 369367448 They can be converted back into a human readable date with a single line of Perl code:
[les@sleipnir les]$ perl -e 'print scalar localtime(672274793),"\n";' Mon Apr 22 08:59:53 1991 [les@sleipnir les]$ Linux Torvalds announced Linux to the world on Aug 25th 1991, and April 22nd is probably when he started work on it. I'll leave the other dates for you to work out.
Speaking of Perl: Inside every Perl programmer, there's a philosopher trying to program his way out, and so the source code for Perl is full of wit and wisdom too, such as /* Bad news travels fast. Faster than data. . . */ and this gem from Paul Szabo (at Sydney Uni): "/* Cannot always hide the truth; security must not depend on doing so. */
Lost Secrets
The commonest type of lost secret is a password, and sometimes, it's the root account password. After all, on some systems, you only log in occasionally, and you wouldn't write a password down, would you?
So what can you do if you find yourself unable to log in as root on one of your systems - but you need to do so, urgently? The answer is to reboot the system, changing the way it boots, so as to get you to a command prompt straight away. Normally, Linux systems load the kernel, which then loads a program called init, which has the job of starting up all the other system startup scripts and then living on to be the mother of all processes on the system. However, you can override this by editing the boot command line in GRUB.
At the boot menu, press Escape to stop the default selection from counting down and booting, then select the kernel you want and then press 'e' to edit it. You will see usually see three lines of options at this point - something like this:
root (hd0,0) kernel /vmlinuz-2.6.15-1.1833_FC4 ro root=/dev/hda5 rhgb initrd /initrd-2.6.15-1.1833_FC4.img The second of these is the kernel command line - press down-arrow to select it and press 'e' again to edit it. The cursor will be placed at the end of the line, and you should add
init=/bin/bash then press Enter to get back to the boot screen, and then 'b' to boot with that command line. The system will load the kernel as usual, but after that it will stop at a bash shell prompt. Because the system startup scripts have not been executed, only the root filesystem may have been mounted, and it may have been mounted read-only. You will have to mount any other required filesystems manually, but once that has been done you should be able to edit /etc/passwd and edit out the asterisk in the password column for the root account - this normally indicates that the password is stored in /etc/shadow, and by removing it you are setting a blank password. Shut down and reboot, and you should be able to log in as root - but remember to set a new password!
Obviously, this trick can be used to break into a Linux system given access to the console. So, if you need to ensure that it can't be accessed this way, you should set an MD5 password on the GRUB configuration, and also set a BIOS password to prevent an attacker booting from CD-ROM.
Keeping Secrets
When vulnerabilities are discovered in network daemons, the attacker often needs to know exactly what version the target is running, so that he can run an exploit which will deliver a payload to just the right address in memory. The diversity of different distributions, versions, compilers and hardware platforms in the Linux world make life rather more difficult for the attacker, and provide an extra level of "security by obscurity" (something one should never depend upon, but which is nice to have).
So, always edit out any banners which reveal which distribution and version you are running. The /etc/issue and /etc/issue.net files, for example, will often give away the distribution, as well as the kernel version and hardware architecture, if you were silly enough to run a telnet daemon - which, fortunately, you're not. Similarly, an attacker can can query the specific version of the BIND DNS server you are running, with a command like
dig @bifrost.lesbell.com.au version.bind CHAOS TXT which will, by default, tell the attacker your BIND version number and let him choose an exploit to run against it. So, edit /etc/named.conf and, in the options section at the top, add a line that reads:
version "surely you must be joking"; Feel free to be quite rude here; there's no reason why someone should be querying this, so if they're offended, they deserved it.
When you need to connect to your own network from a remote location, but keep network traffic like passwords, contents of data files, etc. secret, then there's an easy way to do it using my favourite Swiss-Army-Knife security tool: Open SSH
The trick is to run a PPP connection through an SSH encrypted session. You'll recognise PPP as the protocol that's usually used to transport IP over dial-up modem connections - in that case, pppd is connecting to a tty device in the form of a serial port like /dev/ttyS0, but in fact, it will work with any kind of tty or pseudo-tty (pty). And we can connect a local pty to a remote one via an encypted SSH session.
You'll need the following things:
/usr/sbin/pppd updetach noauth silent nodeflate pty "/usr/bin/ssh root@remote-gw /usr/sbin/pppd nodetach notty noauth" ipparam vpn 10.0.0.1:10.0.0.254 If you're using password authentication, you'll be prompted for the root password on the remote system, and then the VPN tunnel will be brought up. The ifconfig command should now reveal a new ppp0 device, on the address 10.0.0.1, and you should be able to ping 10.0.0.254 through it. Now you can add a route to your network via 10.0.0.254 - for example, I would use:
route add -net 192.168.168.0 netmask 255.255.252.0 gw 10.0.0.254 You should now be able to reach all the services on your home network, although depending on the configuration at that end, you may have to do a little futzing with the routing tables there to be able to reach the network where you're now sitting. I call this my "VPN on a piece of paper", since absolutely no software other than standard Linux components needs to be installed at either end.
Page last updated: 04/Jul/2006 Back to Home Copyright © 1987-2010 Les Bell and Associates Pty Ltd. All rights reserved. webmaster@lesbell.com.au