Few days ago, Linux world found potential vulnerability. A memory resources management , a technique so called COW (Copy-on-write) struggles IT world. The problem was that an unprivileged local user could use this bug to gain write access to additional read-only memory mappings. And thus execute a privilege escalation.
What is Copy-on-write memory structure?
Copy-on-write finds its main use in sharing the virtual memory of operating system processes.
Does it make whether apply to all computer OS system?
Typically the system structure involve fork system call are the Unix and Linux OS system – The fork() System Call .
Remark: In Linux, the key data structure is the struct task_struct. This contains pid (the thread ID), tgid (the process ID), and pointers to the parent process’s task_struct.
What is fork() system Call?
System call fork() is used to create processes. It takes no arguments and returns a process ID. The purpose of fork() is to create a new process, which becomes the child process of the caller. After a new child process is created, both processes will execute the next instruction following the fork() system call.
Major flaw of implicit sharing or shadowing (Copy-on-write)
The key to implementing direct I/O in the 2.6 kernel is a function called get_user_pages. But get_user_pages () do not check pte_dirty() bit properly.
Vulnerability found by Linus Torvalds. For more detail, please refer below url for reference.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
How about Cloud computing architecture? Does it impact by similar flaw?
Since the flaw found on Unix or Linux base machine, a Linux based hypervisor have inherent risk before patch. It looks that this flaw may lure of attacker interest especially on cloud computing server farm. From technical point of view, the key to implementing direct I/O in the 2.6 kernel is a function called get_user_pages. A pointer to the task performing the I/O; its main purpose is to tell the kernel who should be charged for any page faults incurred while setting up the buffer. However get_user_pages () do not check pte_dirty() bit properly. What if an unprivileged local user infected by malware. The attacker relies this bug to gain write access to additional read-only memory mappings. And thus execute a privilege escalation. It looks that even though you install the advance defense mechanism is hard to detect this type of suspicious activities.
Suggestion
Since this bug contains unpredictable potential risk, it is better to patch your Unix or Linux system with immediate action.
We can foresee that the impact of this bug struggle the IT world. Since web server, local balancer, security devices, even though malware detector are using linux OS. It looks like it is a tsunami.
Information Supplement on 25th Oct 2016
The XNU kernel is used widely on many Apple devices, ranging from the iMac, to the iPhone. List of system calls from iOS 6.0 GM – see below:
Entry point is 0x80085084....This appears to be XNU 2107.2.33
Syscall names are @2a70f0
Sysent offset in file/memory (for patching purposes): 0x2ef0c0/0x802f00c0
Suppressing enosys (0x800b3429) T = Thumb
1. exit 801d4a74 T
2. fork 801d7980 T
3. read 801eb584 T
4. write 801eb958 T
5. open 800b13a4 T
6. close 801ccab4 T
7. wait4 801d56bc T
9. link 800b18e8 T
The purpose of fork() is to create a new process, which becomes the child process of the caller. After a new child process is created, both processes will execute the next instruction following the fork() system call. Therefore, we have to distinguish the parent from the child. XNU kernel derived on BSD Unix. Believed that iOS might have similar vulnerability but not discovered yet!
Status update 10th Nov 2016 – For dirtyCow yara rule
rule DirtyCow Unix-Linux only {
strings:
$a1 = { 48 89 D6 41 B9 00 00 00 00 41 89 C0 B9 02 00 00 00 BA 01 00 00 00 BF 00 00 00 00 }
$b1 = { E8 ?? FC FF FF 48 8B 45 E8 BE 00 00 00 00 48 89 C7 E8 ?? FC FF FF 48 8B 45 F0 BE 00 00 00 00 48 89 }
$b2 = { E8 ?? FC FF FF B8 00 00 00 00 }
$source1 = "madvise(map,100,MADV_DONTNEED);"
$source2 = "=open(\"/proc/self/mem\",O_RDWR);"
$source3 = ",map,SEEK_SET);"
$source_printf1 = "mmap %x"
$source_printf2 = "procselfmem %d"
$source_printf3 = "madvise %d"
$source_printf4 = "[-] failed to patch payload"
$source_printf5 = "[-] failed to win race condition..."
$source_printf6 = "[*] waiting for reverse connect shell..."
$s1 = "/proc/self/mem"
$s2 = "/proc/%d/mem"
$s3 = "/proc/self/map"
$s4 = "/proc/%d/map"
$p1 = "pthread_create" fullword ascii
$p2 = "pthread_join" fullword ascii
condition:
( uint16(0) == 0x457f and $a1 ) or
all of ($b*) or
3 of ($source*) or
( uint16(0) == 0x457f and 1 of ($s*) and all of ($p*) and filesize < 20KB )
}
I love your blog. It looks every informative.
Hiya, I’m really glad I’ve found this information. Nowadays bloggers publish only about gossip and net stuff and this is actually irritating. A good web site with exciting content, that is what I need. Thank you for making this web-site, and I will be visiting again. Do you do newsletters by email?
Hello There. I found your blog using msn. This is a really well written article. I’ll be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.
Awesome post. I am a normal visitor of your website and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a really long time.
Hello there. I discovered your blog via Google whilst looking for a comparable matter, your website came up. It appears to be great. I’ve bookmarked it in my google bookmarks to visit then.
Hiya, I’m really glad I’ve found this info. Today bloggers publish just about gossip and web stuff and this is really annoying. A good blog with interesting content, this is what I need. Thank you for making this web site, and I’ll be visiting again. Do you do newsletters by email?
Awesome write-up. I’m a normal visitor of your site and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a really long time.
Awesome write-up. I am a regular visitor of your site and appreciate you taking the time to maintain the excellent site. I’ll be a frequent visitor for a long time.
Hello there. I discovered your web site by way of Google whilst searching for a related matter, your site came up. It appears great. I’ve bookmarked it in my google bookmarks to visit then.
I cling on to listening to the news bulletin talk about receiving free online grant applications so I have been looking around for the most excellent site to get one. Could you tell me please, where could i get some?
Awesome post. I am a normal visitor of your web site and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a long time.
Hello there. I discovered your web site by way of Google even as looking for a related subject, your web site came up. It appears great. I have bookmarked it in my google bookmarks to visit then.
Hello there. I found your blog by way of Google whilst searching for a comparable topic, your web site got here up. It appears good. I have bookmarked it in my google bookmarks to visit then.
Hello there. I discovered your website via Google whilst looking for a comparable topic, your website got here up. It seems to be great. I’ve bookmarked it in my google bookmarks to visit then.
I’m partial to blogs and i actually respect your content. The article has actually peaks my interest. I am going to bookmark your site and preserve checking for new information.
Great post. I was checking continuously this blog and I’m impressed! Extremely useful info specially the last part 🙂 I care for such info much. I was seeking this certain information for a long time. Thank you and good luck.
Awesome post. I am a regular visitor of your blog and appreciate you taking the time to maintain the nice site. I will be a regular visitor for a long time.
Awesome post. I’m a regular visitor of your website and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a really long time.
Awesome post. I’m a normal visitor of your web site and appreciate you taking the time to maintain the nice site. I’ll be a regular visitor for a long time.
Hi there. I found your web site by the use of Google at the same time as looking for a related subject, your site came up. It seems good. I have bookmarked it in my google bookmarks to come back then.
Nice post. I was checking continuously this blog and I’m impressed! Extremely helpful information specifically the last part 🙂 I care for such information much. I was seeking this particular info for a long time. Thank you and good luck.
Thank you for every other informative web site. Where else could I am getting that type of information written in such a perfect way? I’ve a mission that I’m just now operating on, and I have been on the look out for such info.
Hiya, I’m really glad I’ve found this info. Nowadays bloggers publish just about gossip and internet stuff and this is actually frustrating. A good blog with interesting content, this is what I need. Thank you for making this website, and I will be visiting again. Do you do newsletters by email?
Hi there. I found your web site by means of Google whilst searching for a similar subject, your site came up. It appears good. I have bookmarked it in my google bookmarks to come back then.
Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a bit, but other than that, this is magnificent blog. An excellent read. I’ll certainly be back.
I would like to thnkx for the efforts you have put in writing this blog. I am hoping the same high-grade web site post from you in the upcoming also. In fact your creative writing abilities has inspired me to get my own blog now. Actually the blogging is spreading its wings quickly. Your write up is a great example of it.
I have to show my appreciation to this writer for rescuing me from this predicament. As a result of looking out through the online world and finding techniques that were not helpful, I believed my life was over. Living without the solutions to the problems you have solved by means of the short post is a critical case, and ones which might have adversely affected my career if I had not discovered your blog. Your own personal skills and kindness in dealing with all the things was important. I don’t know what I would’ve done if I hadn’t discovered such a step like this. I can now look ahead to my future. Thanks a lot very much for this skilled and result oriented guide. I will not be reluctant to suggest your blog to anyone who desires counselling about this issue.
Appreciating the persistence you put into your blog and detailed information you provide.
Hiya, I am really glad I have found this info. Today bloggers publish only about gossip and internet stuff and this is really irritating. A good blog with interesting content, that is what I need. Thank you for making this web-site, and I will be visiting again. Do you do newsletters by email?
Hiya, I am really glad I’ve found this information. Nowadays bloggers publish only about gossip and net stuff and this is actually annoying. A good blog with exciting content, this is what I need. Thanks for making this web-site, and I’ll be visiting again. Do you do newsletters by email?
Hi there. I found your website by the use of Google at the same time as searching for a related matter, your web site got here up. It looks great. I have bookmarked it in my google bookmarks to visit then.
Awesome write-up. I’m a regular visitor of your web site and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a really long time.
Awesome post. I am a normal visitor of your site and appreciate you taking the time to maintain the excellent site. I’ll be a frequent visitor for a long time.
Hello there. I found your web site by way of Google while looking for a similar subject, your website got here up. It appears great. I’ve bookmarked it in my google bookmarks to come back then.
I really wanted to make a brief note to appreciate you for the lovely tricks you are sharing on this site. My considerable internet search has at the end of the day been rewarded with pleasant concept to share with my family. I would declare that most of us website visitors are undoubtedly lucky to live in a wonderful network with many awesome people with very beneficial tricks. I feel very fortunate to have seen your entire web site and look forward to really more brilliant times reading here. Thanks once more for everything.
Lovely blog! I am loving it!! Will come back again. I am taking your feeds also
Hello my friend! I want to say that this post is awesome, nice written and include approximately all significant infos. I would like to see more posts like this .
I have not checked in here for some time since I thought it was getting boring, but the last few posts are great quality so I guess I¡¦ll add you back to my daily bloglist. You deserve it my friend 🙂
I keep listening to the news talk about getting free online grant applications so I have been looking around for the most excellent site to get one. Could you advise me please, where could i acquire some?
Awesome write-up. I am a regular visitor of your blog and appreciate you taking the time to maintain the excellent site. I will be a frequent visitor for a really long time.
Hi there. I found your web site by way of Google at the same time as searching for a comparable matter, your web site got here up. It seems good. I’ve bookmarked it in my google bookmarks to visit then.
Hi there. I found your site via Google at the same time as searching for a similar matter, your website got here up. It seems great. I’ve bookmarked it in my google bookmarks to come back then.
Hi there. I discovered your web site by the use of Google whilst looking for a related topic, your site got here up. It seems to be great. I’ve bookmarked it in my google bookmarks to come back then.
Hiya, I am really glad I have found this info. Today bloggers publish only about gossip and internet stuff and this is actually frustrating. A good blog with interesting content, that is what I need. Thanks for making this web site, and I’ll be visiting again. Do you do newsletters by email?
Awesome post. I am a regular visitor of your blog and appreciate you taking the time to maintain the excellent site. I will be a regular visitor for a long time.
There is clearly a lot to realize about this. I believe you made some good points in features also.
This article actually helped me with a report I was doing.
I’m extremely impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see a nice blog like this one today..
Excellent blog right here! Also your website rather a lot up fast! What host are you the use of? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol
Good ¡V I should certainly pronounce, impressed with your web site. I had no trouble navigating through all the tabs as well as related information ended up being truly simple to do to access. I recently found what I hoped for before you know it at all. Quite unusual. Is likely to appreciate it for those who add forums or anything, web site theme . a tones way for your customer to communicate. Nice task..
Hiya, I am really glad I have found this info. Nowadays bloggers publish only about gossips and web and this is really annoying. A good blog with interesting content, that is what I need. Thanks for keeping this website, I will be visiting it. Do you do newsletters? Can’t find it.
hey, would you mind if I share your blog with my twitter group? There’s a lot of folks that I think would enjoy your content. Please let me know. Thank you.
These kind of posts are always inspiring and I prefer to read quality content so I happy to find many good point here in the post. writing is simply wonderful! thank you for the post
Hi there! I just wanted to ask if you ever have any trouble with hackers? My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due to no back up. Do you have any solutions to protect against hackers?
I genuinely appreciate your work , Great post.
nicee content keep writing
I am just starting to learn about all of this. Thanks alot man!
Good points – – it will make a difference with my parents.
Well done! Keep up this quality!
It’s clear you’re passionate about the issues.
Greetings! This is my first visit to your blog! We are a collection of volunteers and starting a new initiative in a community in the same niche. Your blog provided us beneficial information. You have done a wonderful job!
Hi there! I just wanted to ask if you ever have any trouble with hackers? My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due to no back up. Do you have any solutions to protect against hackers?
Our local network of agencies has found your research so helpful.
There is perceptibly a lot to identify about this. I consider you made some good points in features also.
The post is absolutely great! Lots of great info and inspiration, both of which we all need! Also like to admire the time and effort you put into your blog and detailed information you offer! I will bookmark your website!
Spot on with this write-up, I actually assume this website needs far more consideration. I will in all probability be once more to learn rather more, thanks for that info.
obviously like your website but you need to take a look at the spelling on quite a few of your posts. Many of them are rife with spelling issues and I find it very troublesome to inform the reality however I¦ll surely come back again.
That’s some inspirational stuff. Never knew that opinions might be this varied. Thanks for all the enthusiasm to supply such helpful information here.
NiceExcellentGreat post. I used to beI was checking continuouslyconstantly this blogweblog and I amI’m inspiredimpressed! VeryExtremely usefulhelpful informationinfo speciallyparticularlyspecifically the finallastultimateremainingclosing phasepartsection 🙂 I take care ofcare fordeal withmaintainhandle such infoinformation a lotmuch. I used to beI was seekinglooking for this particularcertain infoinformation for a long timevery longlengthy time. Thank youThanks and good luckbest of luck.
one of our visitors just lately suggested the following website
Hello there, just was aware of your blog via Google, and found that it’s really informative. I am gonna watch out for brussels. I’ll appreciate when you proceed this in future. A lot of other folks will probably be benefited from your writing. Cheers!
You are a very smart person! 🙂
You are my intake , I have few web logs and very sporadically run out from to post .
Great resources and tips for families here.
I have been absent for some time, but now I remember why I used to love this site. Thanks, I will try and check back more frequently. How frequently you update your website?
I appreciate your work, thanks for all the great blog posts.
Thank you for such a well written article. It’s full of insightful information and entertaining descriptions. Your point of view is the best among many.
Heya i’mi am for the primarythe first time here. I came acrossfound this board and I in findingfindto find It trulyreally usefulhelpful & it helped me out a lotmuch. I am hopingI hopeI’m hoping to giveto offerto provideto present somethingone thing backagain and helpaid others like yousuch as you helpedaided me.
Hi, I find reading this article a joy. It is extremely helpful and interesting and very much looking forward to reading more of your work..
I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.
Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing.
)
GreatExcellentGood blogweb sitesite you haveyou’ve gotyou have got here.. It’s hard to finddifficult to find qualityhigh qualitygood qualityhigh-qualityexcellent writing like yours these daysnowadays. I reallyI trulyI seriouslyI honestly appreciate people like youindividuals like you! Take care!!
Thank youThanks for sharing your infothoughts. I trulyreally appreciate your efforts and I amwill be waiting for your nextfurther postwrite ups thank youthanks once again.
This is my first time i visit here. I found so many helpful stuff in your website especially its discussion. From the tons of responses on your posts, I guess I am not the only one having all the enjoyment here! keep up the excellent work
Hi there! This blog post couldn’t be written much better!
Going through this post reminds me of my previous roommate!
He always kept talking about this. I am going to send this information to him.
Pretty sure he’ll have a great read. I appreciate you for
sharing!
bonjour I love Your Blog can not say I come here often but im liking what i c so far….
I think this is among the so much vital info for me. And i’m happy reading your article. But wanna remark on few common issues, The site style is wonderful, the articles is really excellent : D. Just right job, cheers
Is it okay to put a portion of this on my weblog if perhaps I post a reference point to this web page?
We can see that we need to develop policies to deal with this trend.
Very useful article, this is definitely very helpful to get a website. Thanks. Thumb up for this post.
Your writing taste has been astounded me. Thank you, very nice article.
Compose more; that’s all I need to say. It seems as though you relied on the movie to make your point. You know what you are talking about, why waste your intellect on only posting videos into your blog when you might be giving us something enlightening to read?
we came across a cool website that you could possibly love. Take a look in case you want
Very good information. Lucky me I found your website by accident (stumbleupon). I ave book-marked it for later!
Public policy is key here, and our states need to develop some strategies – – soon.
Thank you pertaining to sharing the following great subject matter on your website. I ran into it on google. I am going to check to come back after you publish additional aricles.
You can certainly see your skills within the article you write.
The sector hopes for even more passionate writers like you who aren’t afraid to
mention how they believe. At all times follow your heart.
Appreciation for really being thoughtful and for determining on certain marvelous guides most folks really would like to be aware of.