Determine the number of open files in your program (C/C++)

posted by Michael Cutler on August 22, 2005 @ 12:00

Categories: Uncategorised

The code below will display the number of files open by the running process. It does this by getting the maximum file descriptor number and then iterating through each possible fd trying to do an 'fstat' on it. If errno returns anything other than EBADF 'file descriptor is bad' it increments a count.

It is fairly portable, tested and working on Linux & Solaris.

PLAIN TEXT
C++:
  1. /*
  2. * ofiles.c - Displays the number of open files for its own process
  3. * Copyright (C) 2005 Michael Cutler <m@cotdp.com>
  4. *
  5. */
  6.  
  7. #include <stdio.h>
  8. #include <sys/time.h>
  9. #include <sys/resource.h>
  10. #include <sys/types.h>
  11. #include <sys/stat.h>
  12. #include <unistd.h>
  13. #include <errno.h>
  14.  
  15. extern int errno;
  16.  
  17. int main ( int argc, char** argv, char** env ) {
  18.  
  19.    int i = 0;
  20.    int fd_counter = 0;
  21.    int max_fd_number = 0;
  22.    struct stat   stats;
  23.    struct rlimit rlimits;
  24.  
  25.    max_fd_number = getdtablesize();
  26.  
  27.    getrlimit(RLIMIT_NOFILE, &rlimits);
  28.  
  29.    printf( "max_fd_number: %d\n", max_fd_number );
  30.    printf( "     rlim_cur: %d\n", rlimits.rlim_cur );
  31.    printf( "     rlim_max: %d\n", rlimits.rlim_max );
  32.  
  33.    for ( i = 0; i <= max_fd_number; i++ ) {
  34.       fstat(i, &stats);
  35.       if ( errno != EBADF ) {
  36.          fd_counter++;
  37.       }
  38.    }
  39.  
  40.    printf( "   open files: %d\n", fd_counter );
  41.  
  42.    return 0;
  43.  
  44. }

Example:

PLAIN TEXT
CODE:
  1. [mcutler@rasco ~]$ gcc -o ofiles ofiles.c
  2. [mcutler@rasco ~]$ ./ofiles
  3. max_fd_number: 1024
  4.      rlim_cur: 1024
  5.      rlim_max: 1024
  6.    open files: 3
  7. [mcutler@rasco ~]$

| 0 Comments | Post A Comment

Changes in Wordpress 1.5.2

posted by Michael Cutler on August 15, 2005 @ 13:06

Categories: Wordpress

A few vulnerabilities found in recent weeks have been addressed by the Wordpress team with release 1.5.2 available now from wordpress.org.

The most recent vulnerability I’ve noticed was cross posted on the Full-Disclosure & Bugtraq mailing lists on the 9th August. The exploit made use of an old security issue in the PHP engine itself; a compile-time & run-time setting ‘register_globals’.

Thankfully the impact ought to be low, the PHP team have long been trying to stop the use of ‘register_globals’; it’s not enabled by default (you explicitly have to switch it on) and there are warnings all over its usage.

The most significant change I found in this release of Wordpress is in the file wp-settings.php

PLAIN TEXT
PHP:
  1. // Turn register globals off
  2. function unregister_GLOBALS() {
  3.     if ( !ini_get('register_globals') )
  4.         return;
  5.  
  6.     if ( isset($_REQUEST['GLOBALS']) )
  7.         die('GLOBALS overwrite attempt detected');
  8.  
  9.     // Variables that shouldn't be unset
  10.     $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
  11.    
  12.     $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
  13.     foreach ( $input as $k => $v )
  14.         if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
  15.             unset($GLOBALS[$k]);
  16. }
  17.  
  18. unregister_GLOBALS();

The addition of the above function is sanitising the globals before proceeding with the request and should greatly reduce the vulnerability of Wordpress on servers with ‘register_globals’ enabled in the future.

Related Links:
http://wordpress.org/development/2005/08/one-five-two/
http://blog.blackdown.de/2005/08/14/another-wordpress-security-update/

| 1 Comment | Post A Comment

JSSHTunnel 0.0.0 Released!

posted by Michael Cutler on August 13, 2005 @ 12:10

Categories: JSSHTunnel

JSSHTunnel is a lightweight GUI application which forwards local & remote ports over SSH connections. It is written in Java and uses Eclipse SWT & JSch. All you need is a JVM to run it.

I've released version 0.0.0, it is under GPL.

Features & Limitations in 0.0.0:

  • Targetted at Windows platform, comes with a Windows-based installer, other platforms will follow
  • Resides in the System Tray when minimised
  • Requires a 1.4 or 1.5 JVM on the target machine (works with the Sun & Microsoft JVM's)
  • Currently only supports one connection, with a single local forward (hey, its only a proof of concept release)
  • Connection details (including passwords) are stored in plaintext form in its XML configuration file %USERPROFILE%\.jsshtunnel.xml
  • Since its just the very first release it is quite basic, but it works :P

    • Screenshots:

    Screenshot of the Main Window
    Main Window

    Screenshot of the Configuration Window
    Configuration Window

    Download:

    http://jsshtunnel.sourceforge.net/

    Roadmap:

  • Multiple connections each with multiple local & remote forwards
  • Hot-pluggable port forwarding rules without having to re-connect
  • Cross platform UI & command line versions
  • Encrypted passwords for configuration file

    • | 0 Comments | Post A Comment

    Linux Bluetooth “Device is not available: Success”

    posted by Michael Cutler on August 2, 2005 @ 17:11

    Categories: Linux

    Symptom

    Trying to use hcitool returns the ambiguous error message "Device is not available: Success"

    PLAIN TEXT
    CODE:
    1. [root@localhost ~]# hcitool scan
    2. Device is not available: Success
    3. [root@localhost ~]#

    Solution

    Start 'Bluetooth services' you monkey :'( .... I fell for this one and it took maybe half an hour of fiddling before I realised there was a /etc/init.d/bluetooth and that it wasn't running.

    PLAIN TEXT
    CODE:
    1. [root@localhost ~]# /etc/init.d/bluetooth start
    2. Starting Bluetooth services:                               [  OK  ]
    3. [root@localhost ~]# hcitool scan
    4. Scanning ...

    | 0 Comments | Post A Comment