18.2 C
Jaipur
Thursday, October 29, 2020

Detect Outdated Shared Libraries In Memory With UChecker

Must read

Consumer tech app Streetbees raises $40 million from investors – Latest News

Streetbees, a startup that monitors the emotions of consumers and analyses their purchasing decisions, said on Wednesday it had raised $40 million from investors...

IT: Digitalisation to drive $6.8 trillion IT spending from 2020 to 2023: Report – Latest News

The global economy remains on its way to its "digital destiny" driving USD 6.8 trillion of IT spending from 2020 to 2023, according to...

Infosys: Infosys becomes carbon neutral; outlines ESG vision for 2030 – Latest News

India's second largest software services firm Infosys on Wednesday said it has turned carbon neutral, three decades ahead of the timeline set by the...

aarogya setu: No information about creation of Aarogya Setu app: MeitY; CIC issues show cause notice – Latest News

The Ministry of Electronics and Information Technology and the National Informatics Centre have said they do not have any information about the "creation" of...

This tutorial explains what is UChecker and how to detect outdated shared libraries in memory with UChecker in Linux operating systems.

Introduction

IT organizations that rely on Free and Open Source Software (FOSS) face a constant struggle in processing unpatched shared libraries. It’s a non-trivial issue, as shared libraries are a widely targeted attack surface. For example, research suggests that OpenSSL is the most targeted software in the world, accounting for 19% of hostile activity globally.

If you are responsible for OpenSSL and GNU C (glibc) libraries, among many comparable open source codesets, you are obligated to perform timely updates and patch management. The traditional approach to updating libraries involves rebooting the whole server or restarting all the processes if there is no way to identify which processes are still using the outdated libraries. System reboots cause complications and risks of their own, however. Thanks to KernelCare team, we can easily solve this problem with a simple script named UChecker.

What is UChecker

UChecker, short for Userspace Checker, is a free and open source scanner that identifies which of your processes are still using outdated libraries and need a restart. It was created during the development of live patching for shared libraries by KernelCare. With Uchecker, you can identify vulnerable FOSS libraries and patch them. You will have to reboot affected processes (unless you are using rebootless library update services), but by scanning for vulnerabilities, you can determine which processes need attention and which do not.

As a result, you avoid unnecessary server reboots that result in service degradations and/or outages as well as the creation of vulnerability windows as libraries stay unpatched until the reboot can be scheduled. Indeed, you may not even know which services use which libraries, so it’s tempting just to reboot the whole server to update them all or restart the main services. This practice, too, can be as disruptive as a reboot.

How UChecker works

Uchecker works with all modern Linux Distributions, starting from the 6th versions. It’s a free software, built with JSON and open to redistribution and/or modification under the terms of the GNU General Public License. Uchecker detects processes that use old (i.e. unpatched) shared libraries. It detects and reports not-up-to-date shared libraries that are being used by running processes. Its detection capabilities are based on BuildID comparison. As a result, they are aware of deleted or replaced files.

The following graphical illustration shows how Uchecker works.

How UChecker Works

The Uchecker tool is able to detect Process ID & Name as well as the names of shared libraries that are not patched, along with their build-ids. Uchecker gets the latest BuildIDs from KC resources. It then takes a running process by iterating over /proc/ and gets a linked share library from /proc/<pid>/maps. At that point, Uchecker asks if the shared library has not been replaced or deleted. Depending on the answer, the software will either parse ELF from the file system or parse ELF from mapped memory. Then, Uchecker gathers the BuildID from .note.gnu.build-id.

Detect outdated shared libraries in memory with UChecker

There is no installation required! Just run the Uchecker script to find the unpatched libraries in your Linux server:

# curl -s -L https://kernelcare.com/checker | python

The above command scan your Linux server systems for outdated shared libraries linked to the python processes and lists them in the standard output.

Detect Outdated Shared Libraries In Memory With Uchecker
Detect Outdated Shared Libraries In Memory With Uchecker

You can then update those unpatched libraries using your system’s default package manager.

Watch the visual demonstration of how Uchecker works in the following video:

Uchecker demonstration

Conclusion

Uchecker enables you to keep your FOSS libraries patched and up to date. You can avoid the common hassle of having to reboot servers because you don’t know which processes need to be restarted. This is relevant for OpenSSL and GNU C (glibc) libraries, among others. With technologies like KernelCare+, it’s even possible now to conduct a live patch of vulnerabilities in essential user space libraries in addition to those in the Linux kernel. You can update applications without affecting their operational state. There are no restarts or reboots required.

Resource:

Related read:

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Consumer tech app Streetbees raises $40 million from investors – Latest News

Streetbees, a startup that monitors the emotions of consumers and analyses their purchasing decisions, said on Wednesday it had raised $40 million from investors...

IT: Digitalisation to drive $6.8 trillion IT spending from 2020 to 2023: Report – Latest News

The global economy remains on its way to its "digital destiny" driving USD 6.8 trillion of IT spending from 2020 to 2023, according to...

Infosys: Infosys becomes carbon neutral; outlines ESG vision for 2030 – Latest News

India's second largest software services firm Infosys on Wednesday said it has turned carbon neutral, three decades ahead of the timeline set by the...

aarogya setu: No information about creation of Aarogya Setu app: MeitY; CIC issues show cause notice – Latest News

The Ministry of Electronics and Information Technology and the National Informatics Centre have said they do not have any information about the "creation" of...

WHOOP: Whoop raises $100 million, valuing the fitness tracker startup at $1.2 billion – Latest News

Fitness tracker startup Whoop said on Wednesday it raised $100 million in Series E funding from investors including venture capital firm IVP and SoftBank...