Rustcon Asia 19 Linux From Scratch In Rust - Mssun.me
Linux From Scratch in RustMingshen Sun2019.04.20RustCon Asia, Beijing
Intro Linux From Scratch (LFS) is a project that provides youwith step-by-step instructions for building you owncustom Linux system, entirely from source code. Why/Can/How we do LFS entirely in Rust?!2
whoami Senior Security Research in Baidu X-Lab, Baidu USA System security, mobile security, IoT security MesaLock Linux, MesaPy, Rust OP-TEE TrustZone SDK,TaintART, Pass for iOS, etc. mssun@ GitHub https://mssun.me!3
Why LFS in Rust? Cause we are in a Rust conference! Yes, it's fun!!4
Why LFS in Rust? Cause we are in a Rust conference! Yes, it's fun! Memory-safety in userspace CVE-2017-13089 wget: Stack-based buffer overflow in HTTP protocol handling A stack-based buffer overflow when processing chunked, encoded HTTP responseswas found in wget. By tricking an unsuspecting user into connecting to a maliciousHTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. https://bugzilla.redhat.com/show bug.cgi?id 1505444 Proof-of-concept: https://github.com/r1b/CVE-2017-13089!5
Why LFS in Rust? Cause we are in a Rust conference! Memory-safety in userspace Capabilities and "pitfall" of system programming inRust!6
Linux nUtilitiesFile managerDNS DaemonShellLinuxKernelNetworkutilitiesDaemon managerTime manager!7
Security of Linux nUtilitiesFile managerDNS DaemonShellLinuxKernelNetworkutilitiesDaemon managerTime managerAttacker!8
Linux Distros A Linux distribution (often abbreviated as distro) isan operating system made from a software collection,which is based upon the Linux kernel and, often,a package management system.Security and Safety? Server: CentOS, Federa, RedHat, DebianDesktop: Ubuntu Gentoo Hardened: enables several riskmitigating options in the toolchain, supportsPaX, grSecurity, SELinux, TPE and more.Mobile: Android Kernel hardening patches Safety? No.Embedded: OpenWRT, Yocto User space? GNU.Enthusiast: Arch Linux, GentooMisc: ChromeOS, Alpine Linux!9
Basic Components of LFSin Rust bootloader syslinux Linux kernel Linux 4.9.58 init minit getty mgetty login mlogin iproute2 giproute2 coreutils uutils-coreutils!10MesaLockLinuxMesaBox
MesaBox MesaBox is a collection of core system utilities written inRust for Unix-like systems. Like the well-known BusyBox and Toybox sets of utilitiespopular on embedded devices, MesaBox seeks toprovide a fully functioning command-line environment.!11
le VersiontarLSBBeginning StagespingNetworkingSimple VersioncatPOSIX/GNUCompletechmodPOSIX/GNUMostly Complete (missing initPOSIXSimple VersionshPOSIXSignificant ProgresssleepPOSIXComplete!12
Add New Tools?Name and descriptionconst NAME: &str "dummy";pub const DESCRIPTION: &str "A dummy utility to demonstrate the framework";type DummyResult T ::std::result::Result T, DummyError ;#[derive(Fail, Debug)]enum DummyError {#[fail(display "oh no, something wrong")]SomethingWrong}Use failure for error handling!13
Add New Tools?clap for command lineargument parsingfn create app() - App 'static, 'static {util app!(NAME).arg(Arg::with ay hello in verbose mode"))}pub fn execute S, T (setup: &mut S, args: T) - Result () whereS: UtilSetup,T: ArgsIter,{let app create app();let matches app.get matches from safe(args)?;let options DummyOptions::from matches(&matches);let output setup.output();let mut output output.lock()?;let mut dummyer Dummyer::new(output);start the tool with inputdummyer.dummy(&options)?;argumentsOk(())}!14
One more interesting feature in MesaBox It can be used as a library.Use "head" to handle TcpStream.!15
Packages of MesaLock Linux brotli: compression tool written in Rust busybox: busybox tool set for testing only exa: replacement for ls written in Rust fd-find: simple, fast and user-friendly alternative to find filesystem: base filesystem layout gcc-libs: GCC library, only libgcc s.so is used giproute2: ip tool written in Go glibc: glibc library init: init script ion-shell: shell written in Rust linux: Linux kernel
Packages of MesaLock Linux mesalock-demo: some demo projects mgetty: getty written in Rust micro: modern and intuitive terminal-based text editor in written Go minit: init written in Rust ripgrep: ripgrep combines the usability of The Silver Searcher withthe raw speed of grep, written in Rust syslinux: bootloader tokei: count your code, quickly, in Rust tzdata: timezone data uutils-coreutils: cross-platform Rust rewrite of the GNUcoreutils uutils-findutils: rust implementation of findutils xi-core: a modern editor with a backend written in Rust xi-tui: a tui frontend for Xi
Add New Packages? build.yml name, version, description, license,url, skip check source, prepare, build, install mkpkg will automatically build andpackage tools!18
Rust in System Programming The nix library is very useful. unistd.h, mount.h, fcntl.h, stdlib.h handle PTY, network interface, users/groups, ioctl,mount, kmodSignal in Rust is unsafe. SIGUSR1, SIGUSR2, SIGTERM, SIGQUIT,SIGINT, SIGHUP, SIGTSTP, SIGSTOP.!19
Rust in System Programming Rust standard library only provides APIs with high-levelabstraction. std::net v.s. socket2/net2 v.s. libpnet v.s. libcYou have to use libc in the end.!20
Rust in System Programming Handling string for CLI in Rust is very difficult. String, &str CString, &CStr OsString, &OsStrLow-level system operation in Rust is very difficult. E.g., netlink: used to transfer information between thekernel and user-space processes.!21
Rust in System Programming ptrace-based codecoverage profiling toolllvm-gcov-basedcode coverage profilingtoolTesting and code coverage in Rust are non-trivial tasks. Integration test framework for CLI: assert cmd, assert fs tarpaulin: a code coverage reporting tool for the Cargo buildsystem gcov: a source code coverage analysis and statement-bystatement profiling tool!22
Quick Start docker run -it mesalocklinux/mesalock-linux Live ISO Docker image rootfs x86 64, arm in the near future
Contributing https://github.com/mesalock-linux/mesalock-distro You can get involved in various forms: Try to use MesaLock Linux, report issue, enhancement suggestions, etc Contribute: optimize development process, improve documents,closing issues, etc Contribute to core packages: improving minit, mgetty, giproute2, etc Writing applications using memory safe programming languages likeRust/Go, and joining the packages Auditing source code of the projects and related packages You are welcome to send pull requests and report issues on GitHub.
Thank you!
Linux Distros A Linux distribution (often abbreviated as distro) is an operating system made from a software collection, which is based upon the Linux kernel and, often, a package management system. Server: CentOS, Federa, RedHat, Debian Desktop: Ubuntu Mobile: Android Embedded: OpenWRT, Yocto Enthusiast: Arch Linux, Gentoo Misc: ChromeOS, Alpine Linux
Linux in a Nutshell Linux Network Administrator’s Guide Linux Pocket Guide Linux Security Cookbook Linux Server Hacks Linux Server Security Running Linux SELinux Understanding Linux Network Internals Linux Books Resource Center linux.oreilly.comis a complete catalog of O’Reilly’s books on Linux and Unix and related technologies .
Other Linux resources from O’Reilly Related titles Building Embedded Linux Systems Linux Device Drivers Linux in a Nutshell Linux Pocket Guide Running Linux Understanding Linux Network Internals Understanding the Linux Kernel Linux Books Resource Center linu
Perfection PC Perfection PC Inc. Philips Philips Electronics Planar Planar Systems Inc PLEXON Plexon, Inc. Pogo Linux Pogo Linux, Inc. Pogo Linux Altura M2 Pogo Linux, Inc. Pogo Linux Velocity -D50 Pogo Linux, Inc. Pogo Linux Verona 330 Pogo Linux, Inc. Pogo Linux Vor
Yes. Oracle Autonomous Linux, which is based on Oracle Linux, is 100% application binary compatible with IBM's Red Hat Enterprise Linux. This means that applications certified to run on Red Hat Enterprise Linux can run on Oracle Autonomous Linux unmodified. Oracle Linux binaries are provided for patching and updating Red Hat Enterprise Linux
Official Kali Linux Documentation This PDF has been autogenerated on docs.kali.org - Apr 7, 2013 00. Introduction to Kali Linux What is Kali Linux ? Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution. Kali Linux Features Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development .
2 LXC DOCKER MICHAEL LESSARD A bit of history - Virtualization and containers Chroot (version 7 Unix, 1979) FreeBSD Jails (FreeBSD 4, 2000) Linux vserver (Linux, Oct 2001) Para-virtualization Xen (Linux, 2003) Solaris zones (Solaris 10, 2004) OpenVZ (Linux, 2005) Full virtualization KVM (Linux, 2007) Linux Containers - LXC (Linux 2.6.29 2009)
Chapter 23 – Linux Security. 2 Outline Introduction Linux Security Model Linux File-System Security Linux Vulnerabilities Linux System Hardening Application Security Mandatory Access Controls. 3 Introduction Linux –Unix like computer OS that uses Linux kernel created by LinusTorvaldsin 1991 evolved into a popular alternative to Win and MAC OS has .
Welcome to the Southern Trust's Annual Volunteer Report for 2015//2016. This report provides an up-date on the progress made by the Trust against the action plan under the six key themes of the draft HSC Regional Plan for Volunteering in Health and Social Care 2015-2018: Provide leadership to ensure recognition and value for volunteering in health and social care Enable volunteering in health .
