Comment 9 for bug 1873074
Revision history for this message
| Mauricio Faria de Oliveira (mfo) wrote | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Exploit / Remote:
---
The remote exploit is possible if such file is opened in
response to an event, for example, a web server document
stored in an aufs mountpoint.
This obviously takes more time - each i_readcount_inc() is
delayed by a remote access - but it may be sped up by many
attackers, say a DDoS, if it's possible to figure or brute
force which URLs lead to an aufs-backed file in the server.
(This can happen with Kubernetes/docker containers using
the aufs storage driver for container images for example,
with static document in the container image, and exposed
via a web server, say nginx, a very popular docker image.)
See the 'Problem Demonstration' section w/ this example.