Process Anatomy and Security, Thread Scheduling, and Performance Considerations

Today we’ll be talking about the anatomy of a process, as well as the scheduling of execution for for a Userpace Process on the Linux Operating System.

Credit for the following 2 diagrams go to The Linux Documenation Project https://tldp.org

In this first Diagram we see the file layout for a process

In this second diagram we see where things are layed out within virtual memory for a process. If you’ll notice memory is broken up into the code segement and data segment.

CODE SEGMENT

The idea here is the info you aren’t going to change like the algorithm being executed goes in the code segment and it is read only.,

DATA SEGMENT (ALSO CALLED TEXT SEGMENT)

Data will change at runtime and is writable. Seems simple enough, but there is one additional thing I just want to throw in while we’re on this topic to deepen your understanding from a security point of view.

SECURITY IMPLICATIONS: Code should never be allowed to run from the data segment.

PROBLEM:

Here we’ll discuss an example of a data segment vulnerability called a buffer overflow. If an attacker can overflow a buffer beyond what is addressable and basically write to memory it shouldn’t be able to, code injection is possible within the data segment. If the memory is not protected the code injection is successful, and a jump programmed into memory can cause the malicious code to execute (not from code segment, where code should be running from, but from the data segment). This malicious code is referred to as “shellcode”.

If the memory region IS protected, the write attempt will fail and result in a SIGSEGV signal getting generated and the process being closed/crashing. SIGSEGV is an abbreviation for “Segmentation Violation” That generally means the process is trying to write to a segment of memory that it either doesn’t own, or is marked as read only.

SOLUTION:

1.) Write better code. Don’t leave buffers vulnerable to overflow. Do this by Sanitizing and verifying input content, type, size, and format.

2.) NX bit. The NO EXECUTE bit in modern architectures, if enabled says basically “I don’t care what your instructions say, this section of memory is marked as not executable, so I’m not running the code that’s there.”

PROCESS PERFORMANCE

PAGE FAULTS and their relation to working set size.

Credit for this diagram goes to https://GeeksforGeeks.org

Someone else has explained this process better already, so I’ll just link you to that explanation. https://www.geeksforgeeks.org/page-fault-handling-in-operating-system/

The moral of the story is page faults, too many at least, are bad. It means the process is basically getting slowed down and/or context switched out because of memory I/O and disk I/O to get access to the data. If you have a high number of page faults it could mean there are not enough frames allocated to the process (process doesn’t have enough physical memory allocated).

This number of pages loaded and active in the frames of Physical Memory for a process are referenced with differing terminology based on operating system.

A good article on figuring out what we’ll call “working set size” can be found here on that topic from Stanford. https://web.stanford.edu/~ouster/cgi-bin/cs140-winter12/lecture.php?topic=thrashing

To be clear on the wording used here. A frame is a fixed length block of physical RAM. A page is a fixed length block of virtual memory (ie memory on disk)

Adding Custom resolutions in Linux Mint – Cinnamon without manually editing files

First find out where you are starting: black@EliteBookLinux:~$ sudo xrandr -q Screen 0: minimum 320 x 200, current 5440 x 2160, maximum 16384 x 16384 LVDS connected 1600×900+0+1145 (normal left inverted right x axis y axis) 345mm x 194mm 1600×900 59.98*+ 1440×900 59.99 1280×854 59.95 1280×800 59.96 1280×720 59.97 1152×768 59.95 1024×768 59.95 800×600 59.96…

I recently wrote a truly generic template builder/multi-replace tool in Python that I would like to share

I recently wrote a generic template builder/multi-replace tool that I though you guys might find useful if you have any cookie cutter deployments you do. It’s a HUGE timesaver when building multiple devices that are similar. When I say multi-replace I mean it will replace the original value every time it sees it, even if…

Open PhoneServices is coming

The architecture and concept is complete, and some proof of concept code has been written. So basically this product will provide the following: SIP phone provisioning for Cisco and Yealink phones – possibly other models, but I’m starting with those. XML Phone services such as Directory Integration/updates Background image uploading and browsing pushing commands to…

How to setup Free Range Routing, FRR

Free Range Routing is an open source implementation of the most common Network Routing protocols. It seems pretty complete and uses almost EXACT Cisco configuration syntax. https://frrouting.org/ https://www.linux.com/news/2017/4/welcoming-frrouting-linux-foundation So to install and configure it do this: CONFIGURE SOME LINUX KERNEL PARAMETERS FOR OPTIMAL ROUTING PERFORMANCE: create the following file: /etc/sysctl.d/99frr_defaults.conf # this information comes from…

ConfigBuilder Python Class – Replaces data in template with values from CSV file.

I successfully built that router build script. Obviously I can’t show the full glory of what it can do on router builds, because those configs are proprietary for the company for which I work, but I’ll include a sample CSV file data and sample template. It just shows how to use it for your own…