SoylentNews is people
SoylentNews
A security researcher from Google's Project Zero has discovered that even though macOS' kernel, XNU, allows copy-on-write (COW) behavior in some cases, it is essential that any copied memory is not available for modifications from the source process. While COW is a resource-management technique that is not inherently flawed, it appears that Apple's implementation of it certainly is.
[...] This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.
This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
[...] You can also view the proof-of-concept code that demonstrates the problem on the dedicated webpage here.
(Score: 2) by FatPhil on Monday March 04 2019, @10:50PM
You done fucked with (a file on) the filesystem, someone accessing that filesystem via a memory map should not expect the file it sees to not change. One could argue that it would be a bug if the mounted version didn't change, with just as convincing an argument as theirs.
Compare guestfish(1) and its caveats (~ "don't mess with a live filesystem, clients of it might get confused")
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves