Marcus Folkesson

Embedded Linux Artist

TIL - suid_dumpable

TIL - suid_dumpable TIL, Today I Learned, is more of a "I just figured this out: here are my notes, you may find them useful too" rather than a full blog post Ever notice that you can't get a coredump from a process running with extra privileges like capabilites or setuid? This is related to a previous post [1] about some restrictions that is applied to such processes. I suggest to read that post first to get the context.

Protected FIFOs and regular files

Protected FIFOs and regular files Since version 4.19 [1], Linux has the default behaviour to prevents opening of regular files and FIFOs that is not owned by the user in world writable sticky directories. Example on such directory is /tmp/ which usually has the sticky bit set. This may sound obvious, but what is not so obvious is that this restriction also applies to the root user. You can therefore end up in a situation where e. cover

Restoring a power hammer

Restoring a power hammer I have bought myself a power hammer - something that I have wanted for a long time. It is a Abno nr1, a swedish made 25kg spring hammer. It has been unused for many years and is in need of a little restoration. The last Abno hammers were manufactured in the sixties, so it is at least 60 years old. I've seen 60 year olds in worse condition than this, although there are parts that need improvement. cover

Writing a clocksource driver for Linux

Writing a clocksource driver for Linux Today we are going to write a clocksource [1] driver for Linux! A clocksource in a Linux system is one of several parts of the kernel timekeeping abstractions. The clocksource is the the timeline of the Linux system and is the one you go to whenever you issue the command date. To do this, the clocksource should provide a monotonic, atomic counter that is as accurate as possible. cover

Writing a UART driver for Linux

Writing a UART driver for Linux Today we are going to write a UART driver for Linux! UART (Universal asynchronous receiver-transmitter) is on of the most common device-to-device communication protocols that almost every SoC or microcontroller has hardware support for. Most SoC has several UART ports, but sometimes that is not enough as in this case. Background I'm working in a project where we have an ARM SoC connected to an FPGA on the AEMIF interface. cover

Include code from a file with Hugo

Include code from a file with Hugo First of all, all credit goes to Marcus Olsson [1] who pretty much wrote this Hugo Shortcode [2] which I only have made some small changes to. I also refer to his post [3] for a good explaination on how it works. Background I prepare for some bigger posts with a lot of code examples where I only want to show fragments of a whole file. cover

TIL - make pacman-pkg

TIL - make pacman-pkg TIL, Today I Learned, is more of a "I just figured this out: here are my notes, you may find them useful too" rather than a full blog post v6.11 of the upstream kernel makes it really easy to do kernel devlopment on Arch Linux with the new make pacman-pkg target [1]: commit c8578539debaedfbb4671e1954be8ebbd1307c6f Author: Thomas Weißschuh <linux@weissschuh.net> Date: Sat Jul 20 11:18:12 2024 +0200 kbuild: add script and target to generate pacman package pacman is the package manager used by Arch Linux and its derivates. cover

"You are the primary manager for this project"

"You are the primary manager for this project" Yes I'm. But also: THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. cover

Restrictions that comes with capabilities

Restrictions that comes with capabilities I debugged an interesting problem this weekend related to which impact capabilites could have on a running process in a Linux system. I already knew that there are some security restrictions for applications that setuid/setgid or have capabilities set. One example is that LD_LIBRARY_PATH is silently ignored for an application with capabilities. You are simply not allowed to link in whatever you like for priviliged applications - which is a good thing. cover

TIL - strace and capabilites

TIL - strace and capabilities TIL, Today I Learned, is more of a "I just figured this out: here are my notes, you may find them useful too" rather than a full blog post strace [1] is a terrific tool to trace system calls and signals for a specific command. The fact that programs using the setuid bit do not have the effective user ID priviliges when being traced was something I already knew, but that the same was true to capabilites [2] was new to me.