Explaining Dirty Cow - Computerphile

preview_player
Показать описание
Dirty Cow is a serious security flaw. Dr Steve Bagley takes us through the details.

This video was filmed and edited by Sean Riley.

  1. Computerphile
  2. computers
  3. computerphile
  4. computer
  5. science
  6. Computer Science
Рекомендации по теме
Explaining Dirty Cow 0:08:56

Explaining Dirty Cow - Computerphile

Dirty Cow Demo 0:03:13

Dirty Cow Demo - Computerphile

Dirty Cow Technical 0:10:53

Dirty Cow Technical Explanation

Dirty COW in 0:03:03

Dirty COW in the Wild - Daily Security Byte

DIRTY COW | 0:13:40

DIRTY COW | HOW IT WORKS | COPY ON WRITE | Linux Kernel Exploit |

Dirty Cow Demonstration 0:00:30

Dirty Cow Demonstration

Dirty COW demonstration 0:04:37

Dirty COW demonstration

Dirty Cow Exploit 0:13:05

Dirty Cow Exploit

20. Escalando privilegios 0:04:41

20. Escalando privilegios con Dirty Cow (Vulnhub)

Dirty CoW exploit 0:13:28

Dirty CoW exploit demo

Security News - 0:06:14

Security News - Dirty COW Serious Linux Exploit

Lecture on the 0:38:36

Lecture on the Dirty COW Vulnerability and Attack

Dirty Cow Exploit 0:07:58

Dirty Cow Exploit

Explaining Dirty COW 0:12:17

Explaining Dirty COW local root exploit

Exploit Demostration Dirty 0:11:44

Exploit Demostration Dirty Cow

Reversing a Simple 0:05:44

Reversing a Simple DirtyCOW Exploit/Malware Source

Origins of the 0:11:21

Origins of the Web - Computerphile

Dirty CoW - 0:02:17

Dirty CoW - Proof of Concept

DIRTY COW Vulnerability 0:12:36

DIRTY COW Vulnerability

Dirty Pipe exploit 0:01:03

Dirty Pipe exploit | Linux Privilege Escalation | CVE-2022-0847

Linux Privilege Escalation 0:05:06

Linux Privilege Escalation : Using Kernel Exploits || Dirty Cow ||CVE-2016-5195||

Lampiao CTF VulnHub 0:05:56

Lampiao CTF VulnHub Dirty COW vulnerability

The Social Media 0:09:54

The Social Media Bubble - Computerphile

Dirty Cow Explanation(CVE 0:20:01

Dirty Cow Explanation(CVE 2016 5195)

Комментарии
Автор

we just covered linux memory management in my os class yesterday. It's so neat having concrete examples of what you're learning, especially as timely as this is.

LittleBungorf
Автор

I don't understand bugs if they're not explained by Tom Scott.

Epinardscaramel
Автор

I feel like the explanation about memory wasn't concise and well-explained. I didn't follow anything; could just be me though.

CashewOCE
Автор

That is some dirty thread handling, especially for something so important!!

TeganBurns
Автор

Nice explaination, I had to find the source after seeing the first on the subject. It is relevant to note that in order for the overwritten (compromised) file to actually execute the root shell, it needs to have the SUID bit set in its file-permissions. Overwriting any old file won't work, but programs such as passwd and sudo are targets because they need the SUID bit to actually work.

DusteDdekay
Автор

It would be awesome if you could explain how they fixed it since it looks like a design weakness more than a simple patcheable bug.

fz
Автор

8:27 For a moment I thought you said "use it to run a .NET", phew.

apinakapinastorba
Автор

This is great news for everyone with an android phone that no longer gets updates.

stale
Автор

What is that sound at 3:07 also comes some time before

TheNefari
Автор

I didn't really follow how writing to the memory page files lets you write to other files, like the root password file?

ninjafruitchilled
Автор

Saw first ? Go here 1:13 : Go here 0:00;

xbaadfd
Автор

I always find it interesting to see the tractor feed paper that is used when explaining some of the topics discussed in Computerphile. I haven't used that type of paper in decades since I used to get printouts from an IBM 1403 line printer. I sometimes wonder how people find these exploits. Would the features of SELinux be able to prevent taking advantage? I'm thinking the right SELinux rules would restrict what programs/processes could touch the password file.

kevincozens
Автор

Surely the kernel would use a sync lock to stop allowing these two threads from doing this? If what you are describing is correct (and I'm sure it is) then similar cases of COW and writing to the same memory page would occur quite frequently in the normal running of the OS and cause corruption? Thanks for the video.

ChrisWalshZX
Автор

When I first heard of Dirty COW, I was /really/ hoping it had something to do with cowsay. I was very disappointed.

WolfireGaming
Автор

I love how I find this video the day I upgrade to ubuntu.

cashelfitzgibbons
Автор

Numberphile and Computerphile can't cut the audio right...

SinanAkkoyun
Автор

This one seems to have additional explanation, which was not present in the first upload.

izimsi
Автор

Watching on a mac kept thinking I was getting emails lol

skelr
Автор

These videos always start with "There's a new exploit been discovered for Linux", and that's just wrong, this exploit has been known for several years now!

Seegalgalguntijak
Автор

it's fixed in kernel versions 4.8.3, 4.7.9 and 4.4.26 LTS

Winlith