Browsing the archives for the linux category

sudo loses environment variables

Jun 25, 2008
admin
HPUX, Solaris, UNIX, linux

Tricky. When a user uses sudo to “su” to another user, certain environment variables will not remain.

From the man page:

Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. sudo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a pathname, it too is ignored. Additionally, if the LC_* or LANGUAGE
variables contain the / or % characters, they are ignored. If sudo has been compiled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as well. The list of environment variables that sudo clears is contained in the output of sudo -V when run as root.

  • Share/Bookmark
No Comments
Tagged ,

Increasing socket buffer size in Linux

Feb 26, 2008
admin
linux

Got error message:
2008-02-25 16:53:21.944 Tangosol Coherence AE 3.2.2/371 (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.

Add this to /etc/sysctl.conf and reload with “sysctl -p”:

# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

Check current values with “sysctl net.core.wmem_max”

RHEL 3

  • Share/Bookmark
No Comments

Port redirection using iptables

Feb 14, 2008
admin
firewall, linux

A user did not have root access, but wanted his web server to appear to be listening on port 80. Came up a nice way to redirect port 80 requests to another port, where he ran his web server.

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8070
 
  • Share/Bookmark
No Comments
Tagged , , , ,