2019-2020-1 20199321 "Linux kernel principle and Analysis" in Week 11 jobs

Others 2019-11-27 23:10:07 views: null

Race condition vulnerability experiment

In this study, the laboratory building some environmental problems, you can use the environment Return-to-libc attack experiments.
Refers to a race condition or operating a plurality of threads simultaneously access the same piece of data, the results depend on the order running different threads to access data. If a program with root privileges there is a race condition vulnerability, an attacker can run a parallel program threads to compete with loopholes, thus changing the behavior of the program.

Ready to work

  • Environmental protection experiment opened the attack against race conditions, so you need to turn off the protection. This option means that the whole region can write sticky bit is not open folder as a link where the target folder
  • Our new working directory
  • New vulp.c files in the / home / shiyanlou / seed:

Experiment 1: Rewrite any owner of the root file

  • First create several files as shown below, pay attention to the permissions and owner of these documents
$ ls -l
-rw-rw-r-- 1 shiyanlou shiyanlou   10 Apr 23 13:33 append_text  《--VULP输入文件
-rw-rw-r-- 1 root      root         0 Apr 23 13:32 root_file  《--目标文件
-rw-rw-r-- 1 shiyanlou shiyanlou    0 Apr 23 13:45 tmp_file  《--助攻
-rwsr-xr-x 1 root      root      7403 Apr 23 13:27 vulp  《--漏洞文件
-rw-r--r-- 1 root      root       454 Apr 23 13:27 vulp9321.c
  • Create a script to check the time stamp check.sh, and run the command added vulp
  • Create attack code and compile attacker.c

  • Click File-> Open Tab New tab in the terminal, run the attacker run check.sh

Experiment two: protection A: Repeat

We can add more race conditions, so that we can reduce the probability of success of the attackers

  • Change vulp9321.c file, recompile and repeat attacks

Experiment three: protection B: Principle of Least Privilege

The fundamental problem of the program is that it violates the principle of least privilege, programmers recognize the user runs the program may be right too large, so the introduction of access restriction function, but it also introduces risks of race conditions. A better approach is to use a system call setuid root privileges temporarily prohibited, when the need to restore.

Guess you like

Origin www.cnblogs.com/20199321zjy/p/11946072.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com