Run lguest on Linux kernel 4.4 2024-09-08 Background Recently, I am preparing to study t... 2024-9-8 08:0:0 | 阅读: 8 | 收藏 | 不忘初心 方得始终 - terenceli.github.io lguest rdmsr ucode initrd insn

The anatomy of chroot escape 2024-05-25 Recently I have read the old chroot escape method... 2024-5-25 08:0:0 | 阅读: 4 | 收藏 | 不忘初心 方得始终 - terenceli.github.io chroot virtualbox pivottest chroottest rootfs

Multi-thread process can't unshare pid namespace (in some old Linux version) 2024-05-01 The issue When we unshare CLONE_NEWPID in a go... 2024-5-1 08:0:0 | 阅读: 6 | 收藏 | 不忘初心 方得始终 - terenceli.github.io unshare tid gettid getpid 1820

Linux process capability change through execve syscall 2024-02-24 The issue I have encountered an interesting is... 2024-2-24 08:0:0 | 阅读: 19 | 收藏 | 不忘初心 方得始终 - terenceli.github.io cap1 privs unset permitted bprm

Why Golang eat my fd 3 in child process Recently I analyzed the runc vulnerability CVE-2024-21626. The root cause of this vuln... 2024-2-3 08:0:0 | 阅读: 11 | 收藏 | 不忘初心 方得始终 - terenceli.github.io runc openat2 extrafiles 21626 pipewrite

mount procfs in unprivileged container 2023-12-29 Background gVisor is an application kernel tha... 2023-12-29 08:0:0 | 阅读: 14 | 收藏 | 不忘初心 方得始终 - terenceli.github.io gvisor procfs runsc security eperm

CVE-2021-3493 Ubuntu overlayfs privilege escalation vulnerability analysis CVE-2021-3493 is a logic vulnerability in overlayfs filesystem, with a change of Ubunt... 2022-9-12 08:0:0 | 阅读: 44 | 收藏 | terenceli.github.io overlayfs setxattr vfs upperdir nscap

containerd CVE-2022-23648: path traversal never die The spec Path traversal is a classical kind of security issue in computer world. Th... 2022-3-26 08:0:0 | 阅读: 36 | 收藏 | terenceli.github.io containerd 23648 cri crictl cni

Container escape using dirtypipe Background The story begins with the pictures that Yuval Avrahami shows in twitter.... 2022-3-19 08:0:0 | 阅读: 45 | 收藏 | terenceli.github.io runc dirtypipe sendfile execfd md5sum

CVE-2022-0492: how release_agent escape become a vulnerability The cgroup release_agent escape is a classical user mode helper escape issue several y... 2022-3-6 08:0:0 | 阅读: 206 | 收藏 | terenceli.github.io sysfs procfs iflags 0492 runc

Java反序列化漏洞研究前序: Transformer、动态代理与注解 今年给自己定了一个研究清楚Java反序列化漏洞的KPI，反序列化漏洞本身原理并不复杂，但是网上的资料都不甚满意，大部分都是只是知道怎么用别人的PoC，并没有对具体的原理做深... 2022-1-30 08:0:0 | 阅读: 21 | 收藏 | terenceli.github.io 注解 annotation var2 var6 var1

runc internals, part 3: runc double clone Now that we have analyzed the general process of ‘runc create’ and know that the ‘runc... 2021-12-28 08:0:0 | 阅读: 13 | 收藏 | terenceli.github.io runc grandchild socketpair nsenter pipenum

runc internals, part 2: create and run a container runc create analysis We can create a container by run ‘runc create’, for not consid... 2021-12-23 08:0:0 | 阅读: 22 | 收藏 | terenceli.github.io runc extrafiles initprocess

runc internals, part 1: usage, build and source architecture 2021-12-22 runc is the foundation of container technology. T... 2021-12-22 08:0:0 | 阅读: 14 | 收藏 | terenceli.github.io runc github ldflags rootfs

seccomp user notification seccomp user notification defers the seccomp decisions to userspace. This post Seccomp Notify has a... 2021-05-21 01:33:27 | 阅读: 170 | 收藏 | terenceli.github.io seccomp errexit notifyfd notif sockpair

hello world driver 2021-05-12 After several years kernel development, I still c... 2021-05-21 01:33:27 | 阅读: 97 | 收藏 | terenceli.github.io uname pwd templeate gpl goodbye

QEMU RCU implementation 2021-03-14 RCU is a synchronization mechanism that firstly u... 2021-03-15 00:57:37 | 阅读: 172 | 收藏 | terenceli.github.io ctr gp qatomic qlist synchronize

Why ping uses UDP port 1025 2021-02-19 Recently I noticed that the ping source code has... 2021-02-20 01:44:33 | 阅读: 172 | 收藏 | terenceli.github.io saddr fl4 strace icmp 1025

kvm performance optimization technologies, part two In full virtualization the guest OS doesn’t aware of it is running in an VM. If the OS... 2020-10-09 02:27:58 | 阅读: 249 | 收藏 | terenceli.github.io vcpu pv apic poll halt

My qemu/kvm book has been publicated During my study/work of virtualization, I have to dig into the code. It’s a lot of cod... 2020-10-09 02:27:58 | 阅读: 287 | 收藏 | terenceli.github.io emulation analysis seabios firmware