Free neck pain software for linux

stephanie is a program for hardening OpenBSD for multiuser environments.

Mmmmm, OpenBSD. Functional, secure, free. With an emphasis on security and integrated cryptography, it carries an excellent reputation for plain old "you-just-cant-hack-this-ness". Not perfect, but nothing is, at least theyre not wearing suits and lying to you.

There are a few roles where i believe OpenBSD fits perfectly. One of these is in multiuser environments, where you have large numbers of possibly malicious users with local access. Here the OpenBSD teams commitment to auditing and fixing code provides a level trust in the environment which is hard to find elsewhere. Also, their efforts to provide integrated cryptography means setting up secure access is easy. So, lets take advantage of the freely available source and tailor it to our specific needs.

Details:

In Phrack 54, route|Mike Schiffman wrote a series of patches for OpenBSD 2.4 for Trusted Path Execution (TPE). Stephanie brings a modified version of these up to speed for OpenBSD 2.8 - 3.0, along with some additional features. A trusted path is one where the parent directory is owned by root and is neither group or other writeable. The TPE works off an internal list of trusted user ids. If a given user tries to execute a file not in a trusted path, and their user id is not in the kernels trusted list, they are denied execution privileges. In real terms, this means they cant download, compile and run krad-sploit.c.

In addition to the TPE, a series of privacy patches came along too. Originally supplied as patches for the individual utilities, these are now implemented through kvm(3), and honour trusted users (ie, trusted users are allowed to see all system information). As a practical example, this means that untrusted users will only be able to see information about processes they own, and the stat tools (netstat, iostat, vmstat, etc) will generally be broken for them. It has been pointed out that by going through trying to kill every possible process id you can find other users processes, but you cant really gain any information on them, so this is not really a great concern.

The original TPE patches had one known way of bypassing the execution restrictions, which was using shell redirection to allow arbitrary interpreted language scripts to be run (perl, sh, etc). This has been fixed up, but could possibly be a big pain in the ass, so please pay attention. When an interpreter is invoked, like most things, it creates a new process group with a job count of one. When a series of commands are connected via the | character on the command line, all the commands belong to the same process group and the job count represents the number of commands eg ps -ax | grep something | awk {print $1} has a job count of three, and the ps, grep and awk processes all belong to the same process group.

The one exception to this is when a user logs in, where we find their shell has its job count set to zero. So how can we use this to prevent shell redirection for a given set of programs? We need to be able to distinguish between ordinary commands and interpreters. At the moment this is done by setting the immutable flag on them. So, in kern_exec(), if we find an untrusted user executing something with the immutable flag set and a job count greater than zero, we flag the process as being potentially dodgy. Then in other system calls we disallow read()ing from fd 0 (stdin) and things like dup2(0, n) if the process has been flagged.

There are two main disadvantages to this. First is the system will need to be brought down to single user mode if the interpreter needs to be patched, and secondly, people will have a hard time suing to an untrusted user. Of course, when a user has shell, they can still type any commands that could otherwise be placed in a shell script, but at the least, this will raise the bar a bit.

Finally, Stephanie brings restricted symbolic links, ala the openwall patches for linux. As time permits, im still working on adding additional features, and will add bits of the openwall stuff i like. The basic goal is to add an extra layer of security without being a monumental pain in the ass to legitimate users, so some things wont be there. I havent added the additional hard link restrictions of the openwall patch, but will do something about this later as time permits.

Installing:

Step by step instructions are presented in the install guide which comes with the source. Read it all first, but its reasonably straight forward. It would be a good idea to read the original article (local copy) if you havent already.

Its distributed under the original two clause BSD license, mess with it all you want, but dont get cranky at me if it breaks something.

You can also read the tpe_adm(8) man page online.

Clorox is shared memory for AJAX applications. Clorox provides data structures that look exactly like ordinary JavaScript objects but that actually make AJAX RPC calls behind the scenes to fetch data.
Since many web applications can be thought of as viewers over structured data (grids of map cells, arrays of email messages, etc), and RPCs and callback functions are a pain, this abstraction makes writing applications much easier. Additionally, Clorox makes it simple to define data caching and prefetching policies to boost performance.
No new languages: Clorox applications are 100% JavaScript, and they play well with other toolkits.
Clorox is a new way of writing highly-interactive web applications. Its based on a single observation: that many web applications serve as viewers over structured data. Email clients display lists of messages. Mapping applications display grids of map cells. Search auto-complete applications display nodes in a trie containing completion strings. Today, such applications are often written using AJAX. Clorox argues that we can make these applications both higher performance and easier to write by exploiting the underlying logical structure of their data, a structure which is ignored by AJAX. (Note that the logical structure of the data is entirely separate from their physical representation on the server.)
In place of the asynchronous, RPC-based abstraction furnished by AJAX, Clorox provides the illusion of synchronously-accessed data structures shared between the web browser and web server, which is to say, it provides a shared memory abstraction. These data structures look exactly like ordinary JavaScript objects on the client side, allowing programmers to focus on what they do best (writing compelling web applications) without worrying about data locality, message reordering, callback functions, or data prefetching. Additionally, to free programmers from concerns over locking, Clorox allows multiple operations on these data structures to be grouped into atomic actions.
Clorox applications are 100% JavaScript: application programmers write JavaScript code which is processed by the Clorox compiler into more JavaScript. Clorox applications can thus run on any modern web browser without the need for special plugins, and your code will never be locked up in some proprietary format.
We think the best way to learn to use a new piece of software is by playing around with it, so the rest of this document will explain how to build a sample application using the Clorox system.
Enhancements:
- A small bug was fixed to correct a problem with dim() methods.
- The homepage URL was updated.

Universal Module Player or UModPlayer, is a audio module "tool-chain", providing you functions to work with modules like playing, exporting, getting information, and more.
Universal Module Player works in UNIX-like platforms, including Linux, Mac OS X, FreeBSD, Solaris...
It uses the Custom LibModPlug audio library, an improved version of the well-known LibModPlug library, supporting more than 20 formats and giving you high playing quality. It uses LibSDL to handle multiplatform sound support.
Main features:
- You can play the supported formats and seek to any order in the song. You have pause, timer, display, and other standard features.
- You can view the pattern notes while playing.
- You can specify noise reduction, megabass, surround, reverb sound options specifying the grade and the delay of most of the options.
- You can create, save and edit playlists to play a selection of modules.
- You can read and export to a file the song builtin message, the song instrument names and the song sample names.
- Each user of your UNIX box can save all the sound options.
- And much more!
Supported Formats
Supported file formats on both Little Endian (Intel x86, etc.) and Big Endian (PowerPC, SPARC, MIPS, Motorola 68000, etc.) platforms:
Impulse Tracker (IT), Scream Tracker (STM), Scream Tracker 3 (S3M), Extended Modules (XM), Amiga Modules (MOD), OktaMED (MED), Oktalyzer (OKT), Unreal Modules (UMX), Composer 669 (669), DigiBooster Pro Modules (DBM), PolyTracker (PTM), and Farandole (FAR)
Additional file formats supported only on Little Endian platforms (support for Big Endian is on development):
MultiTracker Modules (MTM), AFM, AMS, DMF, DSM, DigiTracker (MDL), MadTracker 2.0 (MT2), PSM, ULT
Exporting Formats
You can export or convert any of the above formats to the following file types:
Impulse Tracker (IT)
WAVE Audio File (WAV)
Audio Interchange File Format (AIFF)
Raw Pulse Code Modulation (PCM)
Enhancements:
- Buffer length fixes.
- Playlist commands were a pain. Now we use the first letter of the command name. Also, pressing ENTER does not quit, the user has to explicitly specify to quit pressing q
- Hopefully fixed AIFF exporting bug.
- New section in the README about LibAo configuration, and some misc. rearrangements.

Religion is a Perl module that can generate tracebacks and create and install die() and warn() handlers.

This is a second go at a module to simplify installing die() and warn() handlers, and to make such handlers easier to write and control.

For most people, this just means that if use use Religion; then youll get noticably better error reporting from warn() and die(). This is especially useful if you are using eval().

Religion provides four classes, WarnHandler, DieHandler, WarnPreHandler, and DiePreHandler, that when you construct them return closures that can be stored in variables that in turn get invoked by $SIG{__DIE__} and $SIG{__WARN__}. Note that if Religion is in use, you should not modify $SIG{__DIE__} or $SIG{__WARN__}, unless you are careful about invoking chaining to the old handler.

Religion also provides a TraceBack function, which is used by a DieHandler after you die() to give a better handle on the current scope of your situation, and provide information about where you were, which might influence where you want to go next, either returning back to where you were, or going on to the very last. [Sorry - Ed.]

See below for usage and examples.

USAGE

DieHandler SUB

Invoke like this:

$Die::Handler = new DieHandler sub {
#...
};

where #... contains your handler code. Your handler will receive the following arguments:

$message, $full_message, $level, $eval,
$iline, $ifile, $oline, $ofile, $oscope

$message is the message provided to die(). Note that the default addition of " at FILE line LINE.n" will have been stripped off if it was present. If you want to add such a message back on, feel free to do so with $iline and $ifile.

$full_message) is the message with a scope message added on if there was no newline at the end of $message. Currently, this is not the original message that die() tacked on, but something along the lines of " at line 3 of the eval at line 4 of Foo.pln".

$eval is non-zero if the die() was invoked inside an eval.

The rest of the arguments are explained in the source for Religion::TraceBack. Yes, I need to document these, but not just now, for they are a pain to explain.
Whenever you install a DieHandler, it will automatically store the current value of $Die::Handler so it can chain to it. If you want to install a handler only temporarily, use local().

If your handler returns data using return or by falling off the end, then the items returns will be used to fill back in the argument list, and the next handler in the chain, if any, will be invoked. Dont fall off the end if you dont want to change the error message.

If your handler exits using last, then no further handlers will be invoked, and the program will die immediatly.

If your handler exits using next, then the next handler in the chain will be invoked directly, without giving you a chance to change its arguments as you could if you used return.

If your handler invokes die(), then die() will proceed as if no handlers were installed. If you are inside an eval, then it will exit to the scope enclosing the eval, otherwise it will exit the program.

WarnHandler SUB

Invoke like this:

$Warn::Handler = new WarnHandler sub {
#...
};

For the rest of its explanation, see DieHandler, and subsitute warn() for die(). Note that once the last DieHandler completes (or last is invoked) then execution will return to the code that invoked warn().

DiePreHandler SUB

Invoke like this:

$Die::PreHandler = new DiePreHandler sub {
#...
};

This works identically to $Die::Handler, except that it forms a separate chain that is invoked before the DieHandler chain. Since you can use last to abort all the handlers and die immediately, or change the messages or scope details, this can be useful for modifying data that all future handlers will see, or to dispose of some messages from further handling.

This is even more useful in $Warn::PreHandler, since you can just throw away warnings that you know arent needed.

WarnPreHandler SUB

Invoke like this:

$Warn::PreHandler = new WarnPreHandler sub {
#...
};

This works identically to $Warn::Handler, except that it forms a separate chain that is invoked before the WarnHandler chain. Since you can use last to abort all the handlers and return to the program, or change the messages or scope details, this can be useful for modifying data that all future handlers will see, or to dispose of some messages.

This is very useful, since you can just throw away warnings that you know arent needed.

THC-Dialup Login Hacker is a tool for penetrating dialup modems.

All you need is UNIX and minicom. Have fun with this little release!

The internet is not the only door into a network. In this new days, wavelans are becoming popular, in old days, there were dial-in modems. But today, dial-in modems are still present in any company.

While tools for wardialing (scanning phone numbers for modems by dialing every number and checking if theres a carrier) are available for all operating systems for years, there were only a very few tools for trying to guess login/passwords against modem carriers, and they were all for MS-DOS only. Years ago, I wrote such a tool called LOGIN-HACKER, which is still in use by many people, just because theres no real choice.

About 5 years ago I completely moved from MS-DOS to UNIX (Linux and OpenBSD) so executing penetration tests became a pain in the ass for modem login hacking. Finally I wrote some scripts to hack into modem carriers for Unix as well.

To make it flexible and portable, I chose not to write my own terminal program and scripting language, like I did with LOGIN-HACKER. I just use simple Minicom scripts. And they are very effective! Also they could include more commands to interact with the operating system while the script is running, I made it possible, to autodetect almost any prompt, and detect if a login/password, or password only prompt was successfully passed or not.

ogre4j project enables the use of the OGRE (Object-Oriented Graphics Rendering Engine) libraries in Java applications.

The first approach was made by Ivica Aracic aka bytelord (http://www.bytelords.de). Thanks to him for taking the first steps!
The last stable CVS version located at the OGRE SourceForge.net project page is based on his code but the new team is working on a complete new version that will be more powerful (hopefully).

To ease the pain for those who are using OGRE in C++ the usage of ogre4j will be straight forward. Every public interface of the OGRE library will be available through Java Native Interface (JNI) in the Java world.