The Dirty Pipe Vulnerability

Címkék
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.
Részletek itt.

Hozzászólások

Tanulsagos a leiras, hogy mivel sikerult veletlenul triggerelni ezt a hibat. Az a splice()-os hackeles, amivel teljesen kernel modban, zero-copy raknak ossze gz file-okat, rakjak korbe zip headerrel, majd szolgaljak ki egy http socketen...

Kellemesen meglep, hogy vannak meg cegek, akik adnak ilyen low level optimalizalasra. Ahelyett, hogy "dobjunk inkabb ra meg 2x annyi AWS instance-ot, a fejleszto meg csak customer-facing feature-on dolgozzon".

Régóta vágyok én, az androidok mezonkincsére már!

A linkeltet.

Via HTTP, all access logs of a month can be downloaded as a single .gz file. Using a trick (which involves Z_SYNC_FLUSH), we can just concatenate all gzipped daily log files without having to decompress and recompress them, which means this HTTP request consumes nearly no CPU. Memory bandwidth is saved by employing the splice() system call to feed data directly from the hard disk into the HTTP connection, without passing the kernel/userspace boundary (“zero-copy”).

Windows users can’t handle .gz files, but everybody can extract ZIP files. A ZIP file is just a container for .gz files, so we could use the same method to generate ZIP files on-the-fly; all we needed to do was send a ZIP header first, then concatenate all .gz file contents as usual, followed by the central directory (another kind of header).

Régóta vágyok én, az androidok mezonkincsére már!