Prefetch Technologies // Keeping your cache lines cozy

Archive

Posts from 2005

Printing HTTP headers with curl

webOct 18, 2005 1 min read

When debugging web applications, most adminstrators will review the HTTP request and response headers for errors. This information can be retrieved with Firefox's HTTP Live headers plugin, ethereal, or with curl's "-v" (make the operation more talkative) option: The ">" and "<" characters are used to indicate the direction the requests are sent and received. The curl(1) manual page indicates that the "-i" (Include protocol headers in the output) option should print protocol headers, but for some reason it only prints the HTTP response headers: When I get more time, I will have to go wandering through the curl source code to see why.

$ read more →
earlier

Solaris 10 rpcbind runs with reduced privileges

securityOct 17, 2005 1 min

While messing around with ppriv(1m) today, I noticed that rpcbind(1m) was modified to run with reduced privileges in Solaris 10: The !proc_exec and !proc_exec privilege settings are super cool (the "!" means a privilege has been revoked). These privilege reductions should reduce the chance of fork()'ing a process and exec()'ing shell if a buffer overflow is found in rpcbind (which has historically been a security nightmare).

$ read more →

Printing the certificate issuer with ssl-cert-check

developmentOct 16, 2005 1 min

I modified ssl-cert-check this weekend to print the certificate issuer along with the certificate expiration date: Hopefully this will make renewals easier for folks using ssl-cert-check.

$ read more →

Determing inode usage

storageOct 16, 2005 1 min

While reading through the Solaris df_ufs(1m) manual page today, I came across the "-o" option: This will print the total number of inodes along with the number of inodes that are currently in use. Nifty!

$ read more →

Disabling directory indexing with Apache

webOct 16, 2005 1 min

If you have visited a website and been greeted with a list of files instead of a webpage, the web server is configured to use directory indexes. Directory indexes can be helpful for users who need to locate unknown files, but pose a considerable security threat, and are often used by unscrupulous individuals to locate sensitive data (e.g., passwords, quicken files, product designs, etc.). Due to the security issues associated with directory indexes, I prefer to disable them on the Apache web servers I support. This is easily accomplished by negating the "Indexes" option in the httpd.conf Directory and Location stanzas, or by overriding the Indexes option in an .htaccess file: If an .htaccess file is used to override the web server directory indexing default configuration, the web server will need to be configured to allow overrides…

$ read more →