Multi Touch Gestures on Linux

Hello,

I’ve been using Linux full time on my work laptop and one thing that I really miss from the Macbook is the multi touch gestures. I often find myself swiping 3 fingers up the trackpad to see all my open applications and nothing happens, bummer.

Then, I came across Fusuma, a great project which aims to bring multi touch gesture support to Linux laptops!

It won’t give you an Apple like experience but it’s okay-ish. I can finally swipe three fingers up to show all my open applications and three fingers left or right to switch between my gnome workspaces, and it comes with some plugins which allow you to create a personalized touchpad experience, for example, tap 3 fingers at the same time and shutdown the computer. Β―\_(ツ)_/Β―

To install and use Fusuma please follow the installation instructions from the Github repo. πŸ™‚

Bellow, is my Fusuma config file:


# sudo gpasswd -a $USER input
# sudo apt-get install libinput-tools
# sudo apt-get install xdotool
# sudo apt install ruby
# sudo gem install fusuma
# nano ~/.config/fusuma/config.yml
swipe:
3:
left:
command: 'xdotool key ctrl+alt+Up'
right:
command: 'xdotool key ctrl+alt+Down'
up:
command: 'xdotool key super'
down:
command: 'xdotool key super'
pinch:
2:
in:
command: 'xdotool key ctrl+plus'
threshold: 0.1
out:
command: 'xdotool key ctrl+minus'
threshold: 0.1
threshold:
swipe: 1
pinch: 0.8
interval:
swipe: 1
pinch: 1
My Fusuma config.yml

Thanks for reading!

Bypassing ptrace calls with LD_PRELOAD on Linux

Hello,

Here’s a quick article on how to bypass calls to ptrace when debugging a Linux executable.

By calling ptrace with the PTRACE_TRACEME option, a process can detect if it’s being debugged and execute different instructions. This an effective anti-debugging technique.

For example, take the following C program:

#include <stdio.h>
#include <sys/ptrace.h>

int main() {
    if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {
      printf("I'm being debugged!n");
    } else {
      printf("Normal flown");
    }
    return 0;
}

If we execute the program from above we get Normal flow on our screen but if we debug it with gdb we get Err: I'm being debugged!

root@kali:~/Downloads# strace ./a.out 
...
munmap(0x7fb7c945e000, 90919)           = 0
ptrace(PTRACE_TRACEME)                  = -1 EPERM (Operation not permitted)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
brk(NULL)                               = 0x55c2d37e6000
brk(0x55c2d3807000)                     = 0x55c2d3807000
write(1, "Err: I'm being debugged!n", 25Err: I'm being debugged!
) = 25
exit_group(0)                           = ?
+++ exited with 0 +++

To bypass this, we can use the LD_PRELOAD environment variable. It lets us control the loading path of a shared library, which allows us to stub out library functions such as ptrace.

We can create the following file:

long ptrace(int request, int pid, void *addr, void *data) {
    return 0;
}

And compile it as a shared library with the following command:

gcc -shared ptrace.c -o ptrace.so

Next, we can set the environment variable LD_PRELOAD using the following commands:

  • in the shell: export LD_PRELOAD=./ptrace.so
  • in gdb: set environment LD_PRELOAD=./ptrace.so

Demo:

gdb-peda$ file a.out 
Reading symbols from a.out...
(No debugging symbols found in a.out)
gdb-peda$ r
Starting program: /root/Downloads/a.out 
Err: I'm being debugged!
[Inferior 1 (process 1939) exited normally]
Warning: not running
gdb-peda$ set environment LD_PRELOAD=./ptrace.so
gdb-peda$ r
Starting program: /root/Downloads/a.out 
Normal flow
[Inferior 1 (process 1946) exited normally]
Warning: not running
gdb-peda$ 

Thanks for reading!

Installing and configuring an anonymous VSFTPD server

After spending a good part of my weekend fiddling with VSFTPD, I’m very happy that I managed to get it to work properly.

My goal was to create a simple, anonymous and private FTP server for my home network. It should facilitate sharing files between my machines.

Configuring the Server

If you’d like to try out my configuration all you need to do is look at the following commands and replace your configuration file with mine. The configuration file will be provided later in the article.

# For Ubuntu
sudo apt-get install vsftpd
cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

# Make the directories for the server
sudo mkdir -p /srv/vsftpd/root/public
sudo touch /srv/vsftpd/banner

# Change permissions and set ownership
sudo chown -R ftp:ftp /srv/vsftpd/
sudo chmod -R 555 /srv/vsftpd/
sudo chmod 775 /srv/vsftpd/root/public

# Edit the configuration file
# /etc/vsftpd.conf with editor of choice

# Restart the service and check the status
sudo systemctl restart vsftpd
sudo systemctl status vsftpd

The configuration file vsftpd.conf that I use can be found below:

# Nucu Labs's BUSY vsFTPd server configuration file.
# Denis Nutiu 09.02.2019

# Scope of the server: The server is supposed to facilitate easy file sharing and should
# be only available on the local network. No outside access is allowed!

# The meaning of this configuration file and the full list of options can be found by
# checking the manual page of vsftpd.

listen=NO
listen_ipv6=YES

### Debug Options

# If enabled, a log file will be maintained detailing uploads and downloads. 
# By default, this file will be placed at /var/log/vsftpd.log,
xferlog_enable=YES

# debug_ssl=YES
# log_ftp_protocol=YES
# syslog_enable=YES

###

# If enabled, both the usernames ftp and anonymous are recognised as anonymous logins.
anonymous_enable=YES

# This option represents a directory which vsftpd will try to change into after an anonymous login. 
# Failure is silently ignored.
anon_root=/srv/vsftp/root
local_root=/srv/vsftp/root
allow_writeable_chroot=YES

# Enable local users to login to the FTP.
local_enable=NO

# This option is the name of a file containing text to display when someone connects to the server.
banner_file=/srv/vsftp/banner

# When enabled, this prevents vsftpd from asking for an anonymous password 
# - the anonymous user will log straight in.
no_anon_password=YES

# If set to YES, anonymous users will be permitted to create new directories under certain conditions.
# For this to work, the option write_enable must be activated, 
# and the anonymous ftp user must have write permission on the parent directory.
anon_mkdir_write_enable=YES

# If set to YES, anonymous users will be permitted to perform write operations 
# other than upload and create directory, such as deletion and renaming. 
# This is generally not recommended but included for completeness.
anon_other_write_enable=YES

# If set to YES, anonymous users will be permitted to upload files under certain conditions.
anon_upload_enable=YES

# When enabled, anonymous users will only be allowed to download files which are world readable.
anon_world_readable_only=YES

# If enabled, all anonymously uploaded files will have the ownership changed 
# to the user specified in the setting chown_username
chown_uploads=YES
chown_username=ftp
nopriv_user=ftp

delete_failed_uploads=YES

# If enabled, users of the FTP server can be shown messages when they first enter 
# a new directory. By default, a directory is scanned for the file .message.
dirmessage_enable=YES

# If enabled, all user and group information in directory listings will be displayed as "ftp".
hide_ids=YES

# Allows: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE.
write_enable=YES

# Upload files are executable.
chown_upload_mode=0777
file_open_mode=0777
local_umask=002
anon_umask=002

###

# Use the system's local time in GMT.
use_localtime=YES

# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty

# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd

# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES

Using this setup will give you a fully working anonymous VSFTPD server. BUT WAIT! Make sure that you don’t expose the server to the internet! Keep it for private use only, since the server is anonymous everyone can download and upload files.

Troubleshooting Server Problems

I had lots of trouble getting the permissions right, if you don’t get the permissions right you’ll find yourself unable to upload files, download them, create directories or cd into directories.

The most common error I encountered was Writable root. Owner of the chroot() is root and has write permissions. This was fixed by removing the write permission from the /srv/vsftpd/root directory.

Another thing you may want is to add your user to the ftp group. I did miss the -a when I added myself and I ended up removing myself from all groups, except the ftp group. I had to boot Ubuntu in Recovery Mode, get a root shell and add myself back to sudo as well as other administrative groups. To add yourself to the ftp group, you can safely copy paste the following command: sudo usermod -a -G ftp $USER.

If the banner file (the one created with the touch command above) is not existent or permissions are insufficient, the server won’t start.

Troubleshooting Client Problems

To be honest I haven’t used FTP that much. Everytime you connect to the VSFTPD server you should do so in passive mode, this means that the server will open another socket when doing an operation instead of initializing a connection to you (the client), if you don’t use passive FTP mode, you’ll get a prompt from your firewall to allow the FTP client to pass through. To connect using passive FTP, you should run: ftp -p ftp_server_ip_or_alias

When uploading images, pdfs or other binary files, you’ll need to issue the binary command in your FTP client, before the put, otherwise things are going to get messy and the binary file will get corrupted.

Conclusions

I had great fun installing and configuring VSFTPD, also writing this article. If you need anymore help with VSFTPD I suggest visiting the Arch Linux wiki page, it contains a great deal of information.

Thank you for reading and have a great day!

This article is part of my Homelab series, you may want to check out my previous post: My Homelab Journey: Introduction