Wednesday, 2 November 2016

On 01:41 by admin   No comments
Here’s another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers.
That news comes from Paranoid Software’s Gabriel Lawrence, who describes the escape here.
Dirty COW is a race condition in Linux arising from how Copy-On-Write (the COW in the name) is handled by the kernel’s memory subsystem’s use of private mappings.
Lawrence writes: “more interesting to me than a local privilege escalation, this is a bug in the Linux kernel, containers such as Docker won’t save us.”
Lawrence and collaborators focussed on the vDSO – virtual dynamic shared object – “a small shared library that the kernel automatically maps into the address space of all user-space applications”. It exists so that very frequently-used system calls can be invoked without impacting performance.
The proof-of-concept (attributed to “Scumjr”) attacks “the clock_gettime() function in the vDSO memory space” using Dirty COW, to get a crash and root shell.
“I am the root user and that I see files on the host outside of those on the container,” Lawrence writes.
The Hackers Day Conference,  is a novel occasion  will be held in Lucknow, on the January 15th-16th, 2017. For more details :


Post a comment