LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Writing to MAP_PRIVATE mmaped file
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-01-2016, 10:08 AM   #1
rhw
LQ Newbie
 
Registered: Nov 2016
Posts: 1

Rep: Reputation: Disabled
Writing to MAP_PRIVATE mmaped file

I am trying to understand this dirty CoW proof of concept: https://github.com/dirtycow/dirtycow...ter/dirtyc0w.c.

What happens when a child thread (procselfmemThread in the link above) writes to memory that is mapped as MAP_PRIVATE and PROT_READ by the parent? Specifically, does the kernel modify the existing mapping to be anonymous and writeable? And when does copy-on-write take place? Let's assume that the other child thread (madviseThread in the link above) is not running.
 
Old 11-01-2016, 08:36 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
The problem is a race condition between the memory segment listed in /proc/self/mem and the time a privileged program memory mapped The shared memory is writable at first as it is owned by the user. the memory is marked COW... and new memory allocated for the privileged executable (different user)... Unfortunately, between the memory marked owned/read/write by the user AND the new memory is marked it is possible for the /proc/self/mem to be opened -- on the privileged memory instead of the users memory (this is why both threads try 100,000,000 times before giving up). Once opened it can then be modified.
Last edited by jpollard; 11-01-2016 at 08:40 PM. Reason: fixing errors.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Rsyslog writing to both my file and messages file ne1scott Linux - General 1 09-11-2015 11:09 PM
reading and writing to pipes, file descriptors, and file streams cmartin0 Programming 1 02-13-2012 03:03 AM
Out of order data when performing R/W through mmaped memory marc_ba Linux - Kernel 3 01-22-2009 08:20 AM
Writing an ISO file for cd audio from a cue and wave file? spaz-atk Linux - Software 5 12-01-2008 01:52 AM
sem_init and persistent storage in an mmaped file c_prog Programming 1 11-01-2008 02:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:02 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration