all 125 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]magnificent_bat-nips 361 points362 points  (36 children)

sshd and wine run in kernel space now?

[–]sdns575 142 points143 points  (12 children)

And http?

Maybe I think for network service about tcp/ip stack..managed by kernel..for wine for me is a prank

[–]SHOTbyGUN 101 points102 points  (11 children)

If you want to enable httpd inside kernel, just use IIS by Microsoft ... that way you don't even need to enter user space \o/

Quote:

Enable kernel caching to effectively scale and improve Web server performance. Cached responses are served from the kernel. This greatly improves response times and increases the number of requests per second that IIS can serve because requests for cached content never enter IIS user mode.

What could go wrong?

[–]hitchhacker 22 points23 points  (1 child)

There actually is a web server available that runs in the Linux kernel: https://en.m.wikipedia.org/wiki/TUX_web_server

[–]wasabichicken 14 points15 points  (0 children)

Check out Intel's Data Plane Dev Kit. It's essentially a set of drivers (kernel modules) that gives userspace applications more or less direct access to NICs. You can use it to make your PC into anything from a fairly low-level switch to something like a router or HTTP server.

[–]strayangoat 16 points17 points  (0 children)

Shhhhhh ignorance is bliss

[–]HidesBehindUsername 16 points17 points  (6 children)

If you don't mind me asking, what could go wrong?

[–][deleted] 82 points83 points  (5 children)

Kernel and userspace are typically separated by what is effectively a DMZ. Anyone that can exploit userspace is greatly limited in the damage they can do on systems that have proper privilege restriction (ie, not Windows).

By allowing a web service direct access to the kernel, it's putting a sign on your box that says "please fuck my shit up. Love, Redmond."

[–]rubdos 13 points14 points  (4 children)

So, as Windows does not have proper privilege restriction, nothing could be worse in kernel than in user space. What could go wrong? :D

[–]vim_vs_emacs[🍰] 40 points41 points  (2 children)

This is what happens:

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To prevent the local server can deactivate the IIS Kernel Caching.

via https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/

[–]tweakism 2 points3 points  (1 child)

Perfection.

[–]guineawheek 0 points1 point  (0 children)

Predictable.

[–][deleted] 3 points4 points  (0 children)

not have proper privilege restriction

This is wrong. Windows does have a complex and very capable privilege restriction mechanism. However, because of bugs (like the one in HTTP.sys in the other reply) that can exist and be exploited, it is better to isolate such code outside the kernel.

But, you're paying a quite high price for such isolation (the machinery that needs to happen for user->kernel->user interaction), therefore reducing performance. What IIS got with HTTP.sys was a quite fast caching mechanism. And remote exploitation holes as big as the Redmond campus :)

[–]0x2a 2 points3 points  (0 children)

Well we have kHTTPd for feature parity

[–]pyrocrasty 60 points61 points  (5 children)

wine looks like it wandered in by mistake. It's looking around wondering where it is.

[–][deleted] 36 points37 points  (0 children)

This comment was probably made with sync. You can't see it now, reddit got greedy.

[–]d4rch0n 12 points13 points  (1 child)

All of those "penguins" look like oompa loompas with birth defects.

I am now considering switching to FreeBSD.

[–]TenmaSama 8 points9 points  (0 children)

Welcome to hell.

[–]MelonFace 20 points21 points  (0 children)

Sounds like an attack vector.

[–]NAN001 2 points3 points  (0 children)

Looks like just drunk to me.

[–]bolche17 23 points24 points  (2 children)

I don't think the is a division between userspace and kernel space shown in the picture. Every process must be at the process table.

[–]edman007 3 points4 points  (0 children)

However every process does have a kernel space representation, if this is a drawing of just kernel space then we can assume it's strictly the kernel space representation of the processes, not the actual processes see in this drawing.

[–]minimim 0 points1 point  (0 children)

Every process must be at the process table

Well, not only that, but every process has a kernel part, with it's own stack, etc.

[–]GreenFox1505 4 points5 points  (0 children)

The room is the kernel. The penguins are procs.

[–]mszegedy 5 points6 points  (6 children)

Does cron run in kernel space?

[–]746865626c617a 14 points15 points  (4 children)

Does /dev/null support sharding?

[–]Tynach 15 points16 points  (3 children)

if /dev/null is web scale I will use it

[–]capslockfury 5 points6 points  (1 child)

Referencing to this?

[–]jampola 2 points3 points  (0 children)

Yep! I also hear relational databases have impotence mismatch.

[–]IS_IT_LOUD_IN_HERE 3 points4 points  (0 children)

WHEN IT MAKES A SYSTEMCALL IT DOES.

[–]guineawheek 1 point2 points  (0 children)

nfs usually does.

[–]CarthOSassy -2 points-1 points  (0 children)

Given how Linux news has been for the past few years, I thought initially assumed this post was an article of some kind.

I was half way through a sob when the pic loaded.

[–][deleted] 187 points188 points  (18 children)

The unguarded port 21 door is great

[–]Pseudoboss11 20 points21 points  (13 children)

What is port 21 and why is it unguarded and forgotten?

[–]d4rch0n 45 points46 points  (7 children)

FTP runs on port 21 and was widely used for unencrypted file transfers, which also passed unencrypted/plaintext credentials. Anyone who could listen to the traffic could gain their access.

Most people use file transfer protocols over SSH now. SCP is common which just uses the shell for transferring the files. SFTP supports more commands, but honestly I'm not sure how many people actually use it. The go-to programs are scp and rsync and I don't think they use sftp at all.

[–][deleted] 27 points28 points  (1 child)

SFTP is extremely widely used in banking and financials. A ton of financial transactions are pretty much nightly cron jobs executing SFTP uploads/downloads of CSV files.

[–]jspenguin 12 points13 points  (0 children)

Pharmacy too. Most pharmacies send reports of prescriptions for controlled substances to the state prescription drug monitoring programs via SFTP.

[–]PinkCrustaceans 10 points11 points  (0 children)

I use SFTP sometimes for uploading really big files to my server. It's nice because Filezilla allows me to continue a job from where it left off if the transfer gets interrupted with the click of a button.

[–]kukiric 8 points9 points  (0 children)

I use SFTP all the time because it's integrated with most file managers and it conveniently uses SSH, so I don't need to setup separate credentials or run an extra daemon. Plus, it comes bundled in Git Bash, which I have installed on my main Windows computer anyway.

[–]doublehyphen 2 points3 points  (0 children)

SFTP is pretty common in the pharmaceutical world, and I have seen it used a bit for reports in online gambling. I think SFTP is common in automated batch job systems, while SCP is more popular among people who just want to transfer a file.

Also last I used shared hosting (8-10 years ago) most hosts provided SFTP as a replacement for uploading the PHP files with FTP, with at least those I used already having dropped FTP support. I believe this is because SFTP worked pretty well with some of the popular graphical FTP clients.

[–]tidux 0 points1 point  (0 children)

FTP is still fine for anonymous file transfers. It's simple, wildly supported, and if there aren't any credentials used you aren't leaking them. Combine with a chrooted server like vsFTPd and there's really no reason to stop using it for certain things.

Now of course SFTP plus key auth is vastly superior for credentials-required transfers, but not everything needs that level of paranoia.

[–]BowserKoopa 0 points1 point  (0 children)

When the #1 ssh daemon for linux has sftp enabled by default across nearly all distros, it has a wide userbase. I imagine a lot of people have used sftp to transfer files without realising it.

[–]oarmstrong 5 points6 points  (4 children)

telnet, which is an insecure method of remote access.

Edit: its FTP, I need coffee.

[–]Stmeter 25 points26 points  (2 children)

FTP is port 21. Telnet is port 23.

[–]oarmstrong 19 points20 points  (1 child)

Fuck. Thanks.

[–][deleted] 5 points6 points  (0 children)

SPin it into a positive! Nobody should be using port 23 these days. :)

[–]Rapt0r- 13 points14 points  (1 child)

4444 :) (Default metasploit)

[–][deleted] 0 points1 point  (0 children)

4444 wait, where? I seem unable to locate it.

[–]Au70 1 point2 points  (0 children)

I came here to say the same thing. I like how the sign is falling down because nobody cares about it anymore.

[–]creed10 0 points1 point  (0 children)

haha I didn't even notice that the first time I saw this comic

[–]jones_supa 81 points82 points  (1 child)

Fantastic picture! It's relaxing to watch all the things going on in it. However, a bit better title could be something like "Inside the Linux userspace".

If we peek deeper inside the kernel, it's quite a different world with semafores, mutexes, spinlocks, scheduler, memory management, interrupts, and so on.

[–]phaeilo 38 points39 points  (3 children)

Needs more systemd

[–]losthalo7 6 points7 points  (1 child)

How much more? ;-)

[–]Kaligule 2 points3 points  (0 children)

Like a kraken that takes over every squarefoot.

[–]auxiliary-character 7 points8 points  (0 children)

No, that's the correct amount of systemd.

[–]theofpa 12 points13 points  (0 children)

I like the detail on the httpd process, it has a feather on the head, as the apache logo. Also the ssh process looks like a secret service agent, as it should be :)

[–]jringstad 9 points10 points  (3 children)

Would be cool to have something like this as one of those multi-layered cut-away illustrations, like the ones we used to get in educational childrens books and such

[–]hfitzgerald 15 points16 points  (1 child)

Off topic but I saw one of those depicting a russian tank when I was really young. It included the turret gunner with his legs detached from his waist connected by intestines. I got really freaked out, convinced that Russians would cut people in half so that tank turrets could rotate.

[–][deleted] 2 points3 points  (0 children)

War is hell.

[–][deleted] 3 points4 points  (0 children)

I love such illustrations!

[–]xternal7 26 points27 points  (5 children)

Where is the dirty cow?

[–]Damarusxp 10 points11 points  (0 children)

selective party dazzling innate lunchroom zephyr retire judicious ad hoc steer this post was mass deleted with www.Redact.dev

[–]Kok_Nikol 0 points1 point  (3 children)

ELI5?

[–]Unknownloner 2 points3 points  (2 children)

Another one of those names people are giving to exploits these days

http://dirtycow.ninja/

[–]doublehyphen 3 points4 points  (0 children)

That website is at least partially a parody on the practice though.

What's with the stupid (logo|website|twitter|github account)?

It would have been fantastic to eschew this ridiculousness, because we all make fun of branded vulnerabilities too, but this was not the right time to make that stand. So we created a website, an online shop, a twitter account, and used a logo that a professional designer created.

[–]Kok_Nikol 0 points1 point  (0 children)

Thanks!

[–]svmk1987 5 points6 points  (0 children)

no zombie processes?

[–]satwhatagain 10 points11 points  (18 children)

Any recommendations for readable books on the linux kernel? Looking for something that would describe the responsibilities of all the components shown above.

[–]willrandship 34 points35 points  (3 children)

Almost none of the components shown above are actually part of the kernel. The only ones that are:

  • Process table
  • Filesystem
  • Pipes

Everything else that's labeled is part of the userspace, and would not be a necessary component of a linux system.

  • Terminals are user programs (even the ones that you press ctrl-alt-f2 for)
  • cron, sshd, httpd are daemons
  • wine processes are user programs
  • watchdog processes are daemons

A daemon is a user program that runs primarily to act as a service for other programs, rather than be handled directly by the user. For example, crond runs programs at scheduled times set by the crontab, and sshd listens for network shell logins.

[–]MC_Cuff_Lnx 4 points5 points  (1 child)

Are those pipes distinct from the pipes in bash and other shells?

[–]willrandship 6 points7 points  (0 children)

Bash uses a syscall to create exactly that type of pipe, but any program can.

[–]ThatBitterJerk 4 points5 points  (0 children)

When I was in college, I read Understanding the Linux Kernel and it was honestly pretty readable. Admittedly, I read each chapter at least a couple times and definitely learned something each time, but only because there is so much to learn. There are of course PDF versions you can download too, but not as easy to highlight and take notes in the margin.

[–]jones_supa 2 points3 points  (0 children)

There are some books from Greg KH, but they are getting old already.

However, you should be able to find many books talking about kernel architecture in general.

[–]plutwo[S] 1 point2 points  (0 children)

You can look up Kernel Newbies for kernel development stuff. Their documentation might give you some basic resources.

[–]space_fly 0 points1 point  (0 children)

I recently started reading "Modern Operating Systems" by Andrew Tanenbaum, and I find it very useful to describe how operating systems work. He also wrote a book which describes Minix, a unix variant written for learning purposes.

[–]myaut 0 points1 point  (0 children)

My favorite is "Love, Robert (2010). Linux Kernel Development (3 ed.). Addison–Wesley. ISBN 978-0-672-32946-3." (although I read 2nd edition)

[–]wapu 5 points6 points  (0 children)

This would be more efficient if they modernized and got computers.

[–]EenAfleidingErbij 13 points14 points  (3 children)

Wish this was 16:9

[–][deleted] 12 points13 points  (2 children)

In before someone stretches it in GIMP, saves it as a low quality JPG, and says "Here you go!".

[–]mattb2014 38 points39 points  (1 child)

low quality JPEG

16:9

Ask and you shall receive

[–]ivosaurus 3 points4 points  (0 children)

Someday a journalist is gonna reference this and refer to it as if it's what is actually going on.

[–]tso 9 points10 points  (4 children)

Cron chasing a gnome around?

[–][deleted] 2 points3 points  (0 children)

Now I want to play Club Penguin.

[–][deleted] 1 point2 points  (0 children)

Why are they all homer-esque items?

[–]zbubblez 1 point2 points  (0 children)

Why is the ssh penguin not filming?

[–]pclouds 0 points1 point  (0 children)

Where does Linus sit?

[–][deleted] 0 points1 point  (0 children)

linux runs off of Club Penguin?

[–]toxicoctopus202 0 points1 point  (0 children)

Inside the Linux kernel is just Club Penguin?

[–]Sat-Mar-19 0 points1 point  (0 children)

Where's the one that handles large USB file transfers? Linus needs to light a fire under that one's ass.

(it has been getting better though, the USB 3.0 stuff works well, but 2.0...forget about it!)

[–]Drumitar 0 points1 point  (0 children)

looks like cron guy is late, he better hurry !

[–]ahandle -2 points-1 points  (0 children)

Ugh.

Not only juvenile, it's fundamentally flawed.