Redhat-CentOS-Fedora Linux

In this paper, to create this mini-Linux systems only in a specific single run, if the reader friends are interested, in this system be improved on the basis of, it is building a universal, in the most conventional PC crew to the plug-and-play system. But this is no longer the topic of this paper, friends if readers are interested, I can e-mail them and I have discussed the details of the matter.

Our goal Linux system running on a common PC-386 Intel, it can be a hard disk, can not drive while using Flash Disk instead. If it is set with Flash, from the need to be able to support Flash disk, and the size of Flash-M to 16 bytes or more. We hope that users start a boot, direct access X Window graphical interface, good operating procedures specified in advance. Does not require users to enter a user name and password to log on.

We set this goal a bit like an X Terminal terminal workstations. Little improvements can be made simply in the form of diskless, that is to say, with 16 M of the Flash disk will not. This, however, goes beyond the topic of this paper. If readers are interested in friends, and I can write for discussion.

System launched

Because we have to consider a start-up disk from Flash, we opted to use LILO as our Boot Loader, rather than use GRUB. This is because the GRUB strength of the hard disk and file system identification capabilities, and Flash in the end instead of the standard disk drives, and we use the file system may not be recognized GRUB undoing it will be self-defeating anti-GRUB. LILO on the simple and more, it began in the hard disk MBR write a small program, the small programs without file system directly from the hard drive sector, read out the Kernel Image into memory. Thus, the insurance factor will be greatly increased. And has given us freedom of choice File System room. So, are we going to install LILO?

First, we have to find an ordinary about 800 M IDE hard drive, even in the target machine IDE online. Our goal in this machine, IDE1 Flash disk is hung, hung IDE2 is a hard drive. We use standard steps in the standard hard drive IDE2 tops a Debian GNU / Linux system. Of course, if readers did not have friends Debian, Red Hat system can be installed. A properly working system, we must first do some reduction of the unnecessary X Window Service and everything deleted, and so on. The purpose of this is to enhance the system to boot speed, because in the back of our work, certainly have to be constantly re-activated machines, so we started to speed the efficiency is very crucial.

A properly working system, was done in a Falsh Ext2 file system, use this command mke2fs this can be completed. The Flash disk access is in the IDE1, in the Linux inside, it is the identity of / dev / hda. The author of this article in the operation of the whole set of a Flash entire district, therefore, call mke2fs when dealing with the / dev/hda1. Readers should be able to direct my friends in the / dev / hda done a Ext2 file system, instead of the prior district.

Flash set on doing a good job in the file system, you can build a good core of the image files to Flash vmlinuz copy of the disc. Attention to the need to put this vmlinuz image files are copied to the Flash disk, the disk before installing the Flash LILO. Otherwise, when the time comes but will LILO LILILILI fight Jiba, because it will not Kernel Image in Flash position on the disk, in which case Flash disk will not start up. Also, if readers friends in the Flash disk, which is a compressed file system, and also among LILO to time, although it can correct Kernel Image found on the hard drive of the initial position, but they have no way handle compressed file system to this Kernel Image, which they do not know how to translate it into memory to start.

Kernel Image copy of the past, we can edit a hands lilo.conf document, which can work on the system on the line. But attention to the index in lilo.conf in the path of the file name can write right. These are in the path of work on the system to look pathname. For example, if Flash was in the Mount / mnt directory, then in lilo.conf, vmlinuz pathname is / mnt / vmlinuz. Do not pay attention to this mistake. Otherwise, if the work Once off guard system to the LILO destroyed by the enemy, then trouble. There is a good lilo.conf, and then run lilo orders, attention must tell it to use this new lilo.conf file, and not to use / etc / lilo.conf.

LILO installed, we can immediately restart test. First in the BIOS inside, set to start from the IDE1, if we see the LILO prompt, and press the Enter Kernel output can see after the news, which is the installation of LILO success. Remember that the operation of this method, we updated after each match on the Flash Kernel Image, remember to update LILO. In other words, it is necessary to re-run again lilo command.

Compiler core

LILO success of the test installation, we started to consider compiling a new kernel. Of course, to compile a new kernel, we must first enter our system of work. There are two ways to enter systems, first in the BIOS setup from the start IDE2, of course, which calls for the initial installation of the system, to LILO installed in the / dev / hdb; Another option is activated or from the IDE1 , do not change the BIOS settings, but to see the LILO prompt the time to type linux root = / dev/hdb1, in the top of the linux lilo.conf there is a definition of entry, we will only use the designated entry The Kernel Image, but with / dev/hdb1 as a root file system. When the two approaches may have a better than another, some more convenient. That depends on the specific situation. However, these settings are not in conflict with each other.

In the compiler core, the core is because we only use a machine, we should have known it; the other hand, in order to reduce unnecessary complexity, we decided not kernel module support, and all items required for the direct compiled into the kernel inside. The core of this compiler out in a normal 586 motherboard, and put all the necessary functions are added, the general nor to 800 K bytes. Therefore, the approach is feasible. And reduce the complexity of the init scripts. From the operation to consider because of the need to code in the kernel anyway to load into memory, therefore, will not lead to a waste of memory.

In our target platform, we hope that the use of USB storage devices. Another point to note is that the Frame buffer support. This is mainly to support XFree86. Generally speaking, if the card is XFree86 direct support, and that the best course, it does not require the core support frame buffer. But if we do not support XFree86 graphics, we can consider using VESA mode. But XFree86 support the VESA card is not up and running beautiful, there are security issues, and sometimes during start-up and withdraw from the X Window will Huaping time. Therefore, we can use the kernel mode vesa the frame buffer, and then use the xfree86 linux frame buffer drivers. This normally see Huaping phenomenon, but there is no security problem.

Devfs is the topic we are interested. If the kernel does not use devfs, then the root system there will be a file system / dev directory of all of its contents. These elements can be used / dev / MAKEDEV to create scripts, mknod also can be used to build a manual one. This method has its own advantages. But it is the shortcomings of trouble, and the state of the kernel is not unanimous. On the contrary, if the use of devfs, we no longer need not worry about / dev directory of any thing. / Dev directory of the following items will be responsible for their own kernel code. Practical use to the effect of the consumption of the memory is not obvious. Therefore, we have chosen devfs.

Busybox

With LILO and kernel image, Next, we need to arrange the root file system. The flash disk space for only 16 M-byte, it can be said, this is our greatest challenge. Here we first introduced to small embedded Linux system for the root file system, a commonly used tool: BusyBox.

Busybox is Debian GNU / Linux famous Bruce Perens first development, the use of the Debian installation procedures. Subsequently, many Debian developers contribution to the force of this particular push busybox current defenders Erik Andersen, he was suffering from cancer, but it is an excellent free software developers.

Busybox to build a single independent enforcement procedures, called busybox. But it can be configured to implement ash shell functions, as well as dozens of small applications of the various functions. This includes a Mini-the vi editor, the system indispensable / sbin / init program, as well as other such as sed, ifconfig, halt, reboot, mkdir, mount, ln, ls, echo, etc. These cat … is a normal system indispensable, but if we put these procedures Original taken over the case, the size of their combined to overwhelm people. But busybox have all of the so versatile, but also size of about 100 K. Moreover, users can also according to their own needs, decided in the end to busybox in which several compiled into the application functions. So, bu

First of all to learn the editor, vim, emacs what will do.
Then make file of documents, as long as that is on the line, so we can prepare for the procedure.

And see “C Programming Language” K & R, so it basically will be a general programming, the way to find the data structure of the book.

If you want to learn UNIX / LINUX programming, “APUE” absolute classic materials, and deepen this knowledge, learning, “UNP” vol. This is basically the system can be mastered.

Then again Douglus E. Comer “by TCP / IP for Internet interconnection” Volume I, learning about network knowledge, again, “UNP” Volume I, not only learning network programming, but also for System Programming Some very familiar with the techniques used, and if we continue to network programming, look at the proposed “TCP / IP interconnection to the Internet,” the third volume, there are a lot of agreements on the use of telnet, ftp, and other programming agreement.
If wanted to write device drivers, first of all, your system programming interface such as documents, must be familiar with, such as IPC, and study again “LDD” 2.

For several classic textbook evaluation:

“The C Programing Language,” the classic K & R C Programming Language teaching, the author is the inventor of C language, teaching content and easy. Although a bit old, but is an essential feature of a manual, now sometimes I also often pointed out repeatedly. Relatively small size, but each Kanyibian, there is once again the harvest. Also available Tan Hao strong “C Programming Language”.

“Advanced Programing in Unix Envirement” W. Richard Stevens: very classic book (nonsense, Stevens classic book How can anyone not!), Although beginners can be seen, but in fact it is “Unix Network Programing” one The supporting information. Domestic translation of “Senior UNIX Programming Environment” Despite a so-so level, there are photocopied version, direct read English more easily than read Chinese.

“Unix Network Programing” W. Richard Stevens: vol stresses BSD Socket Network Programming Interface and the other a network programming interface, but is now generally used BSD Socket, look at this book as long as more than half of the approximately it. Volume II does not design things to the network, the main inter-process communication and stresses Posix threads. So read “APUE” In the future, we can look at it, basically the things from “APUE” and “UNP” vol2 summarized. Read, “UNP” In the future, you will know that the vast majority of programming systems programming skills, even sit on the stress of network programming. Tsinghua domestic translation is a “Unix Network Programming” and translator also relatively high in the foundation, translation and better. Therefore, the proposal is to see the Chinese version.

“TCP / IP Xiangjie” a total of three volumes, speaking volumes of the agreement, vol emphasis, Paper 3 stresses application programming. I have not seen how. , But reportedly also very classic, because I did not have time to read Volume II, inconvenience evaluation.

“Using TCP / IP for Internet interconnection” Douglus.E.Comer a total of three volumes, speaking volumes of principle, vol emphasis, Paper 3 stresses senior agreement. This feeling on the set than Stevens that a better, but Stevens has to admit that it is very classic vol. In fact, vol network that even if you do not have the knowledge, after reading the origin and development of the network will also knows. Volume I also, there are many exercises designed to be classic and practical, because the author is in itself a teacher, and the volumes of foreign graduate students teaching materials. Exercises and there is no answer, leave readers thinking, the answer can be a problem because you become an intermediate Hacker, the answers to these questions can be obtained from Douglus like, but he was the only one for teachers were completed only I did not see how that can be used as reference Paper 3 Manual, which is also the classic example. Qterm If you read the source code, a telnet Qterm will know most of the part of this book is that the source code back. The network and the book, I recommend it, and Stevens is not the “TCP / IP Xiangjie.”

“Operating System - Design and Implement” This is the book stresses the operating system used Minix do example. Author mother tongue is not English, English seem obscure. Domestic translation is “Design and Implementation of the operating system,” I have not read the Chinese version, because the translation is particularly Jinyuan, he translated the “APUE” I have been disappointed with the head. Reading this book, and the bottom of how the operating system will work
Have a clear understanding.

“Linux Device Driver” 2e, a small number of device drivers for Linux on the good books. But some of the contents, cluttered, if you do not have the drive to write some experience, some intangible initial look at the South and the North. Domestic translation is “Linux device driver” second edition, the first edition, the second version of the translator, I have deep contacts, but on the whole, though some translation of the second edition of unsatisfactory, but phase than the first edition is already in excess of a large cut. To read this book, and at least some should be先找”Computer Fundamentals”, “computer architecture” to so-so read the book, at least on the computer hardware and have some understanding of the working process.

Linux is the development of weakness “Linux desktop” (that is, the desktop Linux operating system), over the past few years its market share hovering at 1-3 per cent and bad than Windows (Win a market share of 92-95 per cent), and even not as MacOS-X (4-5%).

Microsoft, the global software industry, “jumbo”, 80 per cent of its revenues come from the “desktop” Microsoft’s control of the main core technologies in the “desktop” Microsoft’s business focus is “desktop.” The rise of Linux, in particular the “Linux desktop” to challenge Microsoft’s “Windows desktop”, in order to achieve by Microsoft technology, management and user habits advantage of a “high degree”, Linux makes it very difficult challenges and risks, but also in the process of challenges , will be encountered from time to time some of the “team” or “individuals” derogatory cutting and ridicule. Young, strong and full of vitality, “Linux desktop” developers are partial nothing and the courage to challenge authority, to dare to meet competition.

Last year, China’s “Linux desktop” phenomenal growth of sales

COPU According to the survey analysis, in 2007 China’s Linux distributors of Linux sales list in Table 1:……

2007 China’s market for Linux sales totaled 277.34 million yuan, up 2006 (218.32 million yuan) growth of 27 per cent.

2007-China “Linux desktop” a total of 52.41 million yuan sales than in 2006 (39.74 million yuan) growth of 31.9 percent; China “desktop Linux” sales totaled 12.121 million sets than in 2006 (407 million units) growth of 198 percent; China “desktop Linux,” each in 2006 at an average price of 9.8 yuan, each with an average sale price in 2007 dropped to 4.3 yuan.

2007 China sales of the Linux distributors, “Linux desktop” list in Table 2:……

How to treat the “Linux desktop” market share

If past sales terms, in 2007 China desktop Linux operating system market share of 1.26 percent (a decline from previous years). Market share is so low is because China, “Linux desktop” Today each is 4-5 yuan (has been reduced to very low) calculation.

It must be noted that, abroad have adopted the “software as services (SaaS)” This way of doing business.

I have in the past pointed out that the software component can be seen as:

Software = + procedures document services + + + support training……

China, “Linux desktop” perfect, innovation and pioneering

In recent years, “Linux desktop” is concentrate on resolving third-party driver support and development, large-scale application software transplantation; focusing on China’s emerging Linux enterprise “Linux ecosystem” is taking shape; to China, “Linux desktop” 1996 , it also greatly improved, sophisticated space, we must be soberly aware that it also unsatisfactory places. Not long ago, I had said, “Linux desktop” development, there will be an inflection point, which entered the rapid development track. It now appears that the inflection point in being bred there. ……

According to foreign media reports, though Microsoft hopes that all Windows users to adopt as soon as possible the new Vista system software, but some market The fact is, and maintain the continued use of the XP system likely will exceed Microsoft currently scheduled in June of this year the final period, when computer manufacturers will stop selling the old operating system.

Microsoft plans to initially in January of this year sales XP system is the final deadline, June Microsoft XP system is the first extension of the deadline. Expect Microsoft will soon announce further extension of this deadline.

XP may continue to remain on the new, low-cost, flash-based notebook market, such as Asustek’s Eee PC. The lower prices and lower storage requirements, the Linux software products provides a fertile ground, because Vista has not activated (starter) version of Microsoft XP software attempts to remain in the emerging markets.

Last year, the first time Microsoft has extended the deadline XP, in addition to XP a few months extension, Microsoft also said that in the ultra-low-price computer market, providing entry-level version of the XP startup deadline will be extended to 2010.

In order to compete with Linux, Microsoft needs in these low-price products provide a complete version of the XP system.

Although a handful of Linux, but based on buffer overflow (Buffer Overflow) or vulnerability to attack shocked many Linux users. The so-called “world’s first Linux virus”? Reman, strictly speaking not a real virus, it is essentially an old, in the Linux / Unix (also including Windows and other systems) already exist in the world “Buffer Overflow “exploits. Reman is a very ordinary, automation of the buffer overflow procedure, but even so, in the Linux community have also been a lot of panic.

Buffer Overflow vulnerability is a security expert has been beset by problems for more than 30 years. In simple terms, it is because of programming mechanisms resulting in the software memory errors. This memory error makes for some malicious hackers can run the code to the system is running normally, and even access to the control of the whole system.

Linux System Features

Use a buffer overflow related to rewrite the contents of memory function and the return address, thus changing the implementation of the code process, only certain within the purview of the effective. Because the process of running the current user’s login identity and competence, just to create a buffer overflow is not a breakthrough on the current system set up user rights. Therefore, though the buffer overflow can be used to implement a program to the rest of the designated code, but the code is executed only with the specific authority, or ultra vires unable to complete the task.

However, Linux (including Unix) system itself has a number of characteristics can be used to overcome the limitations of such authority, make it possible to use a buffer overflow higher, or even a complete authority. Mainly in the following two aspects:

1.Linux (including Unix) by setting up a system of the executable file attributes for the SUID or SGID, allowing other users to the executable file with the user ID or group ID to implement it. If the executable file is the root of the attributes, file attributes is set to SUID, then the executable file on the existence of the buffer overflow can make use of loopholes, it can be used to root the identity of the implementation of specific, alternative arrangements were code. Since able to make a root authority to implement the code, we can have a super-user root privileges Shell, then grasp the whole system of control of risk is created.

2.Linux (including Unix) daemon many are running with root privilege. If the existence of these procedures can use a buffer overflow, it can be to root directly to the implementation of other arrangements as the code, without the need to revise the procedures SUID or SGID attributes. This access control system will be easier.

With modern network technology in the development and application of in-depth network, computer network provided by the Remote Login mechanism, and long-distance calls enforcement mechanism is necessary. This makes an anonymous Internet users have the opportunity to use buffer overflow vulnerabilities of a system to access all or part of control. In fact, the buffer overflow vulnerabilities of the attack means of a long-distance attacks in the vast majority of network attacks, which brought to the Linux system is extremely serious security threat.

Approaches

Under normal circumstances, the attacker would first attack root procedure, and then use a buffer overflow occurs when memory errors to implement similar to the “exec (sh)” code to gain root of a Shell. In order to obtain root privileges Shell, the attackers need to complete the work as follows:

1. Process address space within the appropriate arrangements for specific code. Two methods are commonly used in the attack was organized within the program address space attack code.

2. Through the appropriate register and memory initialization, the procedures in the event of a buffer overflow, unable to return to the original implementation, but Jump to be arranged for the implementation of the address space.

When the attacker can find a way to change the original code execution procedures and processes, the danger of attack is created.

Preventive measures

Linux under threat of a buffer overflow attacks both from the software prepared by the mechanism, and from the Linux (Unix) system itself features. In fact, various buffer overflow attacks and computer viruses is that the root causes of rampant modern computer systems are used Feng? Nuoyi Cayman “Stored Procedures” principle. This makes the basic tenets of programs and data in memory can be breeding, copy and implementation. Therefore, in order to effectively prevent buffer overflow attacks from the two areas should be under dual control.