GitBook looks promising, see how classy that Javascript book build with GitBook is !

This article follows up with Basics of GDB debugging, focus on symbols.

List symbols with nm

Use the nm command to list symbols in a binary:

$ nm main
0000000000600920 B __bss_start
0000000000600920 b completed.6330
0000000000600910 D __data_start
0000000000600910 W data_start
0000000000400440 t deregister_tm_clones
00000000004004b0 t __do_global_dtors_aux
00000000006006f8 t __do_global_dtors_aux_fini_array_entry
0000000000600918 D __dso_handle
0000000000600708 d _DYNAMIC
0000000000600920 D _edata
0000000000600928 B _end
00000000004005a4 T _fini
00000000004004d0 t frame_dummy
00000000006006f0 t __frame_dummy_init_array_entry
00000000004006e8 r __FRAME_END__
00000000006008e0 d _GLOBAL_OFFSET_TABLE_
                 w __gmon_start__
00000000004003a8 T _init
00000000006006f8 t __init_array_end
00000000006006f0 t __init_array_start
00000000004005b0 R _IO_stdin_used
                 w _ITM_deregisterTMCloneTable
                 w _ITM_registerTMCloneTable
0000000000600700 d __JCR_END__
0000000000600700 d __JCR_LIST__
                 w _Jv_RegisterClasses
00000000004005a0 T __libc_csu_fini
0000000000400530 T __libc_csu_init
                 U __libc_start_main@@GLIBC_2.2.5
00000000004004fd T main
                 U printf@@GLIBC_2.2.5
0000000000400470 t register_tm_clones
0000000000400410 T _start
0000000000600920 D __TMC_END__
0000000000600924 B YourGlobalVariable

Here’s a snippet from man nm which explains what we see here:

Introduction

GDB is a debugger for executables “objects” on Linux. It will use source code and “debug symbols” if available:

• source code to display the code ie. corresponding to a specific frame at runtime,
• debug symbols to display variables and functions names like in the code.

What’s the relation between security and GDB ? Well it will help finding security bugs which may be vulnerabilities to buffer overflow.

Debugging with sources and debug symbols

Consider the following C source code example for hello world:

This is the first of a series of articles on security and exploiting. For starters we’ll cover basic debugging tools before we get into actual exploiting because the first step to exploiting is reverse-engineering most of the time.

The series targets experienced developers and tries to go straight to the point for them. Every article in this series is tagged “security”.

Introduction

strace is a tool that prints system calls like open, connect, etc … and signals like INT, KILL, etc … of a process. It is very useful to know what a program is doing.

The default pager in most linux distributions is more. But it’s not very colorful. This article presents a more fun alternative: most.

Your manual probably looks like this:

Not very awesome, wouldn’t it be nicer to have it with colors ? like this:

Then go ahead and install most, ie.:

sudo apt-get install most

Try it out:

MANPAGER=most man man

If you like it, set something like that in your .bashrc:

django-cities-light 2.3.1 was released:

• #42 added FAQ: Some data fail to import or don’t import like I want, how to skip them ?
• #45 django-rest-framework support update by @almalki.
• #49 Added country_items_pre_import and region_items_pre_import by @mauricioabreu.
• #51 Slug should be used in unique_together along with name.
• #51 Skip duplicate cities with no regions
• #52 Added FAQ on MySQL and UTF-8
• #53 Country phone prefix support by @csarcom
• Forms update.

It is backward compatible and has migrations: don’t forget to run:

A variable looks like this:

    export FOO=bar

To get a variable in your interactive shell, source the script that contains it as such:

    source script_that_contains_FOO
    echo $FOO

A function looks like this:

    function foo() {
        echo foo
    }

To run a function in your interactive shell, source the script and call the function like this:

    source script_that_contains_foo
    foo

To debug something that’s wrapped in a bash function or script, set the -x option. To de-activate debugging, set +x. Example:

Check out the new applications documentation for Django 1.7 !

It’s still quite cryptic what will “holding app metadata” be really able to do. For starters it enables changing the name of an app in the admin without any hack. It will probably make installing and customizing apps easier, ie.:

• provides a default setting system, similar to django-appconf,
• automatically include app-specific stuff like middlewares, urls, etc, etc … ?
• replace an app’s model ?

Wait and see, anyway, big thanks to Aymeric Augustin and all participants in this pull request.

Another problem you might run into when testing Django apps with Selenium on Travis:

======================================================================
ERROR: tearDownClass (autocomplete_light.tests.widget.WidgetTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/travis/build/yourlabs/django-autocomplete-light/autocomplete_light/tests/widget.py", line 29, in tearDownClass
    super(WidgetTestCase, cls).tearDownClass()
  File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 1148, in tearDownClass
    cls.server_thread.join()
  File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 1072, in join
    self.httpd.shutdown()
  File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/django/test/testcases.py", line 959, in shutdown
    "Failed to shutdown the live test server in 2 seconds. The "
RuntimeError: Failed to shutdown the live test server in 2 seconds. The server might be stuck or generating a slow response.

Apparently, two seconds are not enough wait for travis, sometimes. Unfortunnately, the 2 seconds wait is hard-coded into Django, not to mention that it’s in another thread which makes it even harder to fix in our projects.

In this article we’ll explore a gotcha with Python 2 and 3 support on the long run, using Selenium as an example.

Selenium is an automated testing tool enabling the tests to control a temporary browser GUI - Firefox by default. You can use it to automate functional testing.

Selenium 2.37 had Python 2 and 3 support. But a little before the 2.38 release, some non-Python3-compatible code was commited. This was released in selenium 2.38 and the package was still registered as Python3-compatible.