Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Have you tried to use a tty? (One of these text-only terminals you can reach via [Ctr]-[Alt]-[F1-6].) Sometime those are less prone to stuff that makes your X hang. Maybe even via SSH.
If it's not for an experiment, I'd try to get some live media going and delete that exploit. But that's most likely not what you've planned.
It is a kernel code flaw and could allow other thing to happen that may already be part of the system.
"The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. " http://arstechnica.com/security/2016...ctive-exploit/
So I'd assume some race condition or worse.
We are on a very fine line here as terms of use per LQ I'd guess also. The OP has not stated any malice rather a test.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by hiroshi.asukai
Hey guys
after i launched dirtycow on my own ubuntu and also linux mint it works properly then after few seconds my computer lag and the reboot is required
how can i launch dirtycow without any flaw?
any help?
Thanks in advance
Did I miss something here? I thought "it works properly" meant "computer lag"? It's a kernel exploit, isn't it? Don't run it on any system you don't want to reinstall from scratch.
Are you really asking the equivalent of "I tried mercury but, at first, it didn't do anything and now it makes me mad so how do I stop it?".
I respect the rules here so I'd not help with trying to exploit a vulnerability on here, and I also respect the hacker mindset so see nothing wrong with playing with these things. However, the whole natuere of the question seems contradictory in the extreme.
You would have to look at the system logs carefully to see if you can find any indication of why the lag might occur.
The mere exploitation of a race-condition vulnerability should not automatically result in a lag: I would think that it would more likely result in a hard crash. After all, you just fundamentally tampered with the stability of the system and hoped that you got away with it. Dicey, at best.
Exploits that are based on race conditions are, by their very nature, unpredictable and frankly rather theoretical. If you know what you are doing (as in "a lab"), on a machine that is relatively idle (as in "a lab"), that's one thing. The conditions of a real-world system are entirely different. There, you really don't know (and, can't control) what you are racing with. Many web servers are based on virtual machines, which also react very differently.
My best advice, and in keeping with this forum's policy: "don't mess around with dirty cows (eee-yuck! have you ever been near a 'dirty cow?')," and, "don't discuss 'em in this forum."
And, please, let us not discuss nor suggest nor possibly click-bait any others. The nasty things that can be done with and to computers don't need any advertisements. Anything you want to know about any known exploit can be looked up at http://www.cert.org, the Computer Emergency Response Team at Carnegie-Mellon University.
Last edited by sundialsvcs; 12-12-2016 at 08:23 AM.
excuse me mens for enter this treat like this this message for this kid unspawn or what ever he i swear god if you was close and i can reach to you , i swear god i will give you a lesson you will never ever forget and i will make you blame your self to act the moderator on me and blocking me , thank your god because you are live far
excuse me mens for enter this treat like this this message for this kid unspawn or what ever he i swear god if you was close and i can reach to you , i swear god i will give you a lesson you will never ever forget and i will make you blame your self to act the moderator on me and blocking me , thank your god because you are live far
what do you know about our sexes!
it must be very frustrating for you that computers don't have extendable & remotely operated fists.
anyhow if you weren't blocked (are you?) this is a sure way to get yourself thrown out of here.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by ccunlimited
excuse me mens for enter this treat like this this message for this kid unspawn or what ever he i swear god if you was close and i can reach to you , i swear god i will give you a lesson you will never ever forget and i will make you blame your self to act the moderator on me and blocking me , thank your god because you are live far
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.