admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update README.md

Browse Source
This commit is contained in:
helloexp 2022-04-18 13:08:31 +08:00
parent ab30fdc6a2
commit fefb8a39e1
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
98-Linux提权/CVE-2022-0847-DirtyPipe提权/README.md
View File

@ -4,13 +4,10 @@
漏洞类似于 脏牛CVE-2016-5195 “Dirty Cow”但是更加容易利用
## 提权限制
the attacker must have read permissions (because it needs to splice() a page into a pipe)
the offset must not be on a page boundary (because at least one byte of that page must have been spliced into the pipe)
the write cannot cross a page boundary (because a new anonymous buffer would be created for the rest)
the file cannot be resized (because the pipe has its own page fill management and does not tell the page cache how much data has been appended)
1. the attacker must have read permissions (because it needs to splice() a page into a pipe)
2. the offset must not be on a page boundary (because at least one byte of that page must have been spliced into the pipe)
3. the write cannot cross a page boundary (because a new anonymous buffer would be created for the rest)
4. the file cannot be resized (because the pipe has its own page fill management and does not tell the page cache how much data has been appended)
## 使用方法
```shell