DOCSLIB.ORG

Hands-On with Btrfs

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hands-On with Btrfs Hands-on with Btrfs Course ATT1800 Lecture Manual Version 1.0.0 September 6,2012 Proprietary Statement Disclaimer Copyright © 2012 Novell, Inc. All rights reserved. Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and Novell, Inc., has intellectual property rights relating to specifically disclaims any express or implied warranties technology embodied in the product that is described in of merchantability or fitness for any particular purpose. this document. In particular, and without limitation, these intellectual property rights may include one or more of Further, Novell, Inc., reserves the right to revise this the U.S. patents listed on the Novell Legal Patents Web publication and to make changes to its content, at any page (http://www.novell.com/company/legal/patents/) time, without obligation to notify any person or entity of and one or more additional patents or pending patent such revisions or changes. Further, Novell, Inc., makes applications in the U.S. and in other countries. no representations or warranties with respect to any software, and specifically disclaims any express or No part of this publication may be reproduced, implied warranties of merchantability or fitness for any photocopied, stored on a retrieval system, or transmitted particular purpose. Further, Novell, Inc., reserves the without the express written consent of the publisher. right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any Novell, Inc. person or entity of such changes. 404 Wyman Street, Suite 500 Waltham, MA 02451 Any products or technical information provided under this U.S.A. Agreement may be www.novell.com subject to U.S. export controls and the trade laws of Novell Trademarks other countries. You agree to comply with all export For Novell trademarks, see the Novell Trademark and control regulations and to obtain any required licenses or Service Mark list classification to export, re-export or import deliverables. (http://www.novell.com/company/legal/trademarks/tmlist. You agree not to export or re-export to entities on the html). current U.S. export exclusion lists or to any embargoed Third-Party Materials or terrorist countries as specified in the U.S. export laws. All third-party trademarks are the property of their You agree to not use deliverables for prohibited nuclear, respective owners. missile, or chemical biological weaponry end uses. See Software Piracy the Novell International Trade Services Web page Throughout the world, unauthorized duplication of (http://www.novell.com/info/exports/) for more software is subject to both information on exporting Novell software. Novell criminal and civil penalties. assumes no responsibility for your failure to obtain any necessary export approvals. If you know of illegal copying of software, contact your local Software Antipiracy Hotline. For the Hotline This Novell Training Manual is published solely to number for your area, access Novell’s World Wide Web instruct students in the use of Novell networking page (http://www.novell.com) and look for the piracy software. Although third-party application software page under “Programs.” packages are used in Novell training courses, this is for Or, contact Novell’s anti-piracy headquarters in the U.S. demonstration purposes only and shall not constitute an at 800-PIRATES (747-2837) or 801-861-7101. endorsement of any of these software applications. Further, Novell, Inc. does not represent itself as having any particular expertise in these application software packages and any use by students of the same shall be done at the student’s own risk. Proprietary Statement Disclaimer Copyright © 2011 Novell, Inc. All rights reserved. Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, Novell, Inc., has intellectual property rights relating to and specifically disclaims any express or implied technology embodied in the product that is described in warranties of merchantability or fitness for any particular this document. In particular, and without limitation, these purpose. intellectual property rights may include one or more of the U.S. patents listedFront on the Novell Legal Patents Web MatterFurther, Novell, Inc., reserves the right to revise this page (http://www.novell.com/company/legal/patents/) publication and to make changes to its content, at any and one or more additional patents or pending patent time, without obligation to notify any person or entity of applications in the U.S. and in other countries. such revisions or changes. Further, Novell, Inc., makes no representations or warranties with respect to any No part of this publication may be reproduced, software, and specifically disclaims any express or photocopied, stored on a retrieval system, or transmitted implied warranties of merchantability or fitness for any without the express written consent of the publisher. particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell Novell, Inc. software, at any time, without any obligation to notify any 404 Wyman Street, Suite 500 person or entity of such changes. Waltham, MA 02451 U.S.A. Any products or technical information provided under www.novell.com this Agreement may be Novell Trademarks subject to U.S. export controls and the trade laws of For Novell trademarks, see the Novell Trademark and other countries. You agree to comply with all export Service Mark list control regulations and to obtain any required licenses or (http://www.novell.com/company/legal/trademarks/tmlist. classification to export, re-export or import deliverables. html). You agree not to export or re-export to entities on the Third-Party Materials current U.S. export exclusion lists or to any embargoed All third-party trademarks are the property of their or terrorist countries as specified in the U.S. export laws. respective owners. You agree to not use deliverables for prohibited nuclear, Software Piracy missile, or chemical biological weaponry end uses. See Throughout the world, unauthorized duplication of the Novell International Trade Services Web page software is subject to both (http://www.novell.com/info/exports/) for more criminal and civil penalties. information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any If you know of illegal copying of software, contact your necessary export approvals. local Software Antipiracy Hotline. For the Hotline number for your area, access Novell’s World Wide Web This Novell Training Manual is published solely to page (http://www.novell.com) and look for the piracy instruct students in the use of Novell networking page under “Programs.” software. Although third-party application software Or, contact Novell’s anti-piracy headquarters in the U.S. packages are used in Novell training courses, this is for at 800-PIRATES (747-2837) or 801-861-7101. demonstration purposes only and shall not constitute an endorsement of any of these software applications. Further, Novell, Inc. does not represent itself as having any particular expertise in these application software packages and any use by students of the same shall be done at the student’s own risk. Contents SECTION 1: Hands-on with Btrfs 4 Objective 1: Introduction to Btrfs 6 Objective 2: Btrfs Architecture 12 Objective 3: Btrfs Copy on Write 18 Objective 4: Btrfs Subvolunes 23 Objective 5: Btrfs Migration 36 Objective 6: Snapper 39 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES Table of Contents Hands-on with Btrfs ATT1800: Hands-on with Btrfs Section 1: Introduction to Btrfs Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 4 Hands-on with Btrfs Objectives • Configure Disk Partitions and File Systems • Traditional Linux File Systems • Logical Volume Manager • Introduction to Btrfs • Snapper • Filesystem Quota Support • Introduction to iSCSI Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 5 Hands-on with Btrfs Introduction to Btrfs Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 6 Hands-on with Btrfs What is Btrfs? • Rising star in the open source filesystem universe • Linux correspondent for ZFS • Btrfs Solves a number of storage challenges: ‒ Massive Scalability ‒ Data Integrity ‒ Dynamic Expand and Shrink ‒ Built-in Volume Management ‒ Ubiquitous use: Server, Cloud-thru-Desktop, Even Mobile ‒ Cloud ready Btrfs is the 'rising star' in the open source file system universe. It builds the foundation for the Ceph distributed filesystem and its RADOS object store layer for "cloud" technologies. Btrfs encompasses ideas from the ext series of file systems (*ext2, ext3, ext4) as well as the Reiser file system, the XFS file system and the HP aufs file system. Btrfs implements most of the same concepts as the Sun/Oracle ZFS but does so in a much more open ended manner that will allow much more headroom for development. Its architecture is much more scalable than ZFS. Btrfs was built with scalability and extensibility in mind. ZFS was developed in 2006 by Sun but its license was incompatible to Linux. Btrfs is very actively developed and
Load more

Recommended publications
  • IT1100 : Introduction to Operating Systems Chapter 15 What Is a Partition? What Is a Partition? Linux Partitions What Is Swap? M
    IT1100 : Introduction to Operating Systems Chapter 15 What is a partition? A partition is just a logical division of your hard drive. This is done to put data in different locations for flexibility, scalability, ease of administration, and a variety of other reasons. One reason might be so you can install Linux and Windows side-by-side. What is a partition? Another reason is to encapsulate your data. Keeping your system files and user files separate can protect one or the otherfrom malware. Since file system corruption is local to a partition, you stand to lose only some of your data if an accident occurs. Upgrading and/or reformatting is easier when your personal files are stored on a separate partition. Limit data growth. Runaway processes or maniacal users can consume so much disk space that the operating system no longer has room on the hard drive for its bookkeeping operations. This will lead to disaster. By segregating space, you ensure that things other than the operating system die when allocated disk space is exhausted. Linux Partitions In Linux, a minimum of 1 partition is required for the / . Mounting is the action of connecting a filesystem/partition to a particular point in the / root filesystem. I.e. When a usb stick is inserted, it is assigned a particular mount point and is available to the filesytem tree. - In windows you might have an A:, or B:, or C:, all of which point to different filesystems. What is Swap? If RAM fills up, by running too many processes or a process with a memory leak, new processes will fail if your system doesn’t have a way to extend system memory.
    [Show full text]
  • File Formats
    man pages section 4: File Formats Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 817–3945–10 September 2004 Copyright 2004 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, docs.sun.com, AnswerBook, AnswerBook2, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.
    [Show full text]
  • Advanced Services for Oracle Hierarchical Storage Manager
    ORACLE DATA SHEET Advanced Services for Oracle Hierarchical Storage Manager The complex challenge of managing the data lifecycle is simply about putting the right data, on the right storage tier, at the right time. Oracle Hierarchical Storage Manager software enables you to reduce the cost of managing data and storing vast data repositories by providing a powerful, easily managed, cost-effective way to access, retain, and protect data over its entire lifecycle. However, your organization must ensure that your archive software is configured and optimized to meet strategic business needs and regulatory demands. Oracle Advanced Services for Oracle Hierarchical Storage Manager delivers the configuration expertise, focused reviews, and proactive guidance to help optimize the effectiveness of your solution–all delivered by Oracle Advanced Support Engineers. KEY BENEFITS Simplify Storage Management • Preproduction Readiness Services including critical patches and Putting the right information on the appropriate tier can reduce storage costs and updates, using proven methodologies maximize return on investment (ROI) over time. Oracle Hierarchical Storage Manager and recommended practices software actively manages data between storage tiers to let companies exploit the • Production Optimization Services substantial acquisition and operational cost differences between high-end disk drives, including configuration reviews and SATA drives, and tape devices. Oracle Hierarchical Storage Manager software provides performance reviews to analyze existing
    [Show full text]
  • Where Do You Want to Go Today? Escalating
    Where Do You Want to Go Today? ∗ Escalating Privileges by Pathname Manipulation Suresh Chari Shai Halevi Wietse Venema IBM T.J. Watson Research Center, Hawthorne, New York, USA Abstract 1. Introduction We analyze filename-based privilege escalation attacks, In this work we take another look at the problem of where an attacker creates filesystem links, thereby “trick- privilege escalation via manipulation of filesystem names. ing” a victim program into opening unintended files. Historically, attention has focused on attacks against priv- We develop primitives for a POSIX environment, provid- ileged processes that open files in directories that are ing assurance that files in “safe directories” (such as writable by an attacker. One classical example is email /etc/passwd) cannot be opened by looking up a file by delivery in the UNIX environment (e.g., [9]). Here, an “unsafe pathname” (such as a pathname that resolves the mail-delivery directory (e.g., /var/mail) is often through a symbolic link in a world-writable directory). In group or world writable. An adversarial user may use today's UNIX systems, solutions to this problem are typ- its write permission to create a hard link or symlink at ically built into (some) applications and use application- /var/mail/root that resolves to /etc/passwd. A specific knowledge about (un)safety of certain directories. simple-minded mail-delivery program that appends mail to In contrast, we seek solutions that can be implemented in the file /var/mail/root can have disastrous implica- the filesystem itself (or a library on top of it), thus providing tions for system security.
    [Show full text]
  • File Permissions Do Not Restrict Root
    Filesystem Security 1 General Principles • Files and folders are managed • A file handle provides an by the operating system opaque identifier for a • Applications, including shells, file/folder access files through an API • File operations • Access control entry (ACE) – Open file: returns file handle – Allow/deny a certain type of – Read/write/execute file access to a file/folder by – Close file: invalidates file user/group handle • Access control list (ACL) • Hierarchical file organization – Collection of ACEs for a – Tree (Windows) file/folder – DAG (Linux) 2 Discretionary Access Control (DAC) • Users can protect what they own – The owner may grant access to others – The owner may define the type of access (read/write/execute) given to others • DAC is the standard model used in operating systems • Mandatory Access Control (MAC) – Alternative model not covered in this lecture – Multiple levels of security for users and documents – Read down and write up principles 3 Closed vs. Open Policy Closed policy Open Policy – Also called “default secure” • Deny Tom read access to “foo” • Give Tom read access to “foo” • Deny Bob r/w access to “bar” • Give Bob r/w access to “bar • Tom: I would like to read “foo” • Tom: I would like to read “foo” – Access denied – Access allowed • Tom: I would like to read “bar” • Tom: I would like to read “bar” – Access allowed – Access denied 4 Closed Policy with Negative Authorizations and Deny Priority • Give Tom r/w access to “bar” • Deny Tom write access to “bar” • Tom: I would like to read “bar” – Access
    [Show full text]
  • Installing Oracle Goldengate
    Oracle® Fusion Middleware Installing Oracle GoldenGate 12c (12.3.0.1) E85215-07 November 2018 Oracle Fusion Middleware Installing Oracle GoldenGate, 12c (12.3.0.1) E85215-07 Copyright © 2017, 2018, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency- specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • 21Files2.Pdf
    Here is a portion of a Unix directory tree. The ovals represent files, the rectangles represent directories (which are really just special cases of files). A simple implementation of a directory consists of an array of pairs of component name and inode number, where the latter identifies the target file’s inode to the operating system (an inode is data structure maintained by the operating system that represents a file). Note that every directory contains two special entries, “.” and “..”. The former refers to the directory itself, the latter to the directory’s parent (in the case of the slide, the directory is the root directory and has no parent, thus its “..” entry is a special case that refers to the directory itself). While this implementation of a directory was used in early file systems for Unix, it suffers from a number of practical problems (for example, it doesn’t scale well for large directories). It provides a good model for the semantics of directory operations, but directory implementations on modern systems are more complicated than this (and are beyond the scope of this course). Here are two directory entries referring to the same file. This is done, via the shell, through the ln command which creates a (hard) link to its first argument, giving it the name specified by its second argument. The shell’s “ln” command is implemented using the link system call. Here are the (abbreviated) contents of both the root (/) and /etc directories, showing how /unix and /etc/image are the same file. Note that if the directory entry /unix is deleted (via the shell’s “rm” command), the file (represented by inode 117) continues to exist, since there is still a directory entry referring to it.
    [Show full text]
  • Oracle ZFS Storage Appliance: Ideal Storage for Virtualization and Private Clouds
    Oracle ZFS Storage Appliance: Ideal Storage for Virtualization and Private Clouds ORACLE WHITE P A P E R | MARCH 2 0 1 7 Table of Contents Introduction 1 The Value of Having the Right Storage for Virtualization and Private Cloud Computing 2 Scalable Performance, Efficiency and Reliable Data Protection 2 Improving Operational Efficiency 3 A Single Solution for Multihypervisor or Single Hypervisor Environments 3 Maximizing VMware VM Availability, Manageability, and Performance with Oracle ZFS Storage Appliance Systems 4 Availability 4 Manageability 4 Performance 5 Highly Efficient Oracle VM Environments with Oracle ZFS Storage Appliance 6 Private Cloud Integration 6 Conclusion 7 ORACLE ZFS STORAGE APPLIANCE: IDEAL STORAGE FOR VIRTUALIZATION AND PRIVATE CLOUDS Introduction The Oracle ZFS Storage Appliance family of products can support 10x more virtual machines (VMs) per storage system (compared to conventional NAS filers), while reducing cost and complexity and improving performance. Data center managers have learned that virtualization environment service- level agreements (SLAs) can live and die on the behavior of the storage supporting them. Oracle ZFS Storage Appliance products are rapidly becoming the systems of choice for some of the world’s most complex virtualization environments for three simple reasons. Their cache-centric architecture combines DRAM and flash, which is ideal for multiple and diverse workloads. Their sophisticated multithreading processing environment easily handles many concurrent data streams and the unparalleled
    [Show full text]
  • Performance Tuning the Oracle ZFS Storage Appliance for Microsoft Exchange 2013
    Performance Tuning the Oracle ZFS Storage Appliance for Microsoft Exchange 2013 ORACLE WHITE PAPER | MARCH 2016 Table of Contents Introduction 2 Performance Tuning 3 Tuning the File System 4 Tuning the Oracle ZFS Storage Appliance 5 Log Volume Characteristics and Challenges 5 Database Volumes 6 Performance Test Procedure 6 Latency in Exchange Volume Types 8 Log Volume Blocksize for Latency 9 Database Volume Blocksize for Latency 10 Selecting Volume Blocksize for Throughput 12 Log Volume Blocksize for Throughput 12 Database Volume Blocksize for Throughput 12 ZFS Database Blocksize 13 Enabling Compression 13 Conclusion 17 Introduction The Oracle ZFS Storage Appliance is formed by a combination of advanced hardware and software architecture with the purpose of offering a multiprotocol storage subsystem. The unified storage model enables you to simultaneously run a variety of application workloads while benefitting from advanced data services. The first-class performance characteristics of the Oracle ZFS Storage Appliance are illustrated by the results of industry-standard benchmarks like SPC-1, SPC-2 and SPECsfs. As a unified storage solution, the Oracle ZFS Storage Appliance provides an excellent base for building Windows solutions with iSCSI or Fibre Channel block storage for Microsoft Exchange Server, for example, and NFS or SMB file storage for Microsoft Windows client access. This paper discusses the performance tuning available as part of the infrastructure of the Oracle ZFS Storage Appliance to support Microsoft Exchange Server in various scenarios. The test procedure used throughout this document is based on the Microsoft Exchange Solution Reference Program tools – JETstress – which is designed to simulate Microsoft Exchange Server disk I/O load and to produce performance statistics on the resulting operations.
    [Show full text]
  • Oracle Optimized Solution for Oracle E-Business Suite a High-Performance, Flexible Architecture on SPARC T5-2 Servers and Oracle Exadata
    Oracle Optimized Solution for Oracle E-Business Suite A High-Performance, Flexible Architecture on SPARC T5-2 Servers and Oracle Exadata ORACLE WHITE P A P E R | OCTOBER 2015 Table of Contents Introduction 1 Solution Overview 2 Oracle Technologies—Everything Needed for Oracle E-Business Suite Deployment 2 Platform Infrastructure 3 Network Infrastructure and Remote Management 4 Built-in Virtualization for Simplified Oracle E-Business Suite Application Consolidation 4 High Availability Features to Keep Oracle E-Business Suite Running 6 Backup, Restore, and Disaster Recovery Solutions 6 Built-in Security Technology and Comprehensive Tools for Secure Deployment 7 Cryptographic Acceleration for Oracle E-Business Suite 7 Secure Isolation 9 Secure Access Control 9 Data Protection 9 Compliance 10 Security Best Practices for Oracle E-Business Suite Deployments 10 Security Technical Implementation Guides 11 My Oracle Support Documents 11 Component-Level Security Recommendations 12 Mapping an Oracle E-Business Suite Deployment to SPARC T5 Servers and Oracle Exadata 13 Consolidating to Oracle Systems 14 ORACLE OPTIMIZED SOLUTION FOR ORACLE E-BUSINESS SUITE A Basic Production System 15 Test Systems, Disaster Recovery Systems, and Other Systems 17 Solution Scalability 18 Consolidation of Quality Assurance, Disaster Recovery, and Other Systems 18 Consolidating onto a Single Oracle System 18 Cloud-Based Deployments 19 Additional Oracle Optimized Solutions for Oracle E-Business Suite Deployments 20 Oracle Optimized Solution for Secure Backup and Recovery
    [Show full text]
  • A Brief Technical Introduction
    Mac OS X A Brief Technical Introduction Leon Towns-von Stauber, Occam's Razor LISA Hit the Ground Running, December 2005 http://www.occam.com/osx/ X Contents Opening Remarks..............................3 What is Mac OS X?.............................5 A New Kind of UNIX.........................12 A Diferent Kind of UNIX..................15 Resources........................................39 X Opening Remarks 3 This is a technical introduction to Mac OS X, mainly targeted to experienced UNIX users for whom OS X is at least relatively new This presentation covers primarily Mac OS X 10.4.3 (Darwin 8.3), aka Tiger X Legal Notices 4 This presentation Copyright © 2003-2005 Leon Towns-von Stauber. All rights reserved. Trademark notices Apple®, Mac®, Macintosh®, Mac OS®, Finder™, Quartz™, Cocoa®, Carbon®, AppleScript®, Bonjour™, Panther™, Tiger™, and other terms are trademarks of Apple Computer. See <http://www.apple.com/legal/ appletmlist.html>. NeXT®, NeXTstep®, OpenStep®, and NetInfo® are trademarks of NeXT Software. See <http://www.apple.com/legal/nexttmlist.html>. Other trademarks are the property of their respective owners. X What Is It? 5 Answers Ancestry Operating System Products The Structure of Mac OS X X What Is It? Answers 6 It's an elephant I mean, it's like the elephant in the Chinese/Indian parable of the blind men, perceived as diferent things depending on the approach X What Is It? Answers 7 Inheritor of the Mac OS legacy Evolved GUI, Carbon (from Mac Toolbox), AppleScript, QuickTime, etc. The latest version of NeXTstep Mach, Quartz (from Display PostScript), Cocoa (from OpenStep), NetInfo, apps (Mail, Terminal, TextEdit, Preview, Interface Builder, Project Builder, etc.), bundles, faxing from Print panel, NetBoot, etc.
    [Show full text]
  • Windows Task Scheduler – Privileges Escalation Vulnerability
    CERT-EU Security Advisory 2018-024 Windows Task Scheduler – Privileges Escalation Vulnerability August 29, 2018 — v1.0 History: • 29/08/2018 — v1.0: Initial publication Summary On August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Sched- uler uses Advanced Local Procedure Call (ALPC) to read and set permissions. This allows a user with read access to an object to change his rights on it. Eventually, this vulnerability allows a user to run code with SYSTEM privileges. It is important to notice that a POC has been already published on Internet and there is no available patch yet [1, 2]. Technical Details The POC has been distributed with a text document giving some technical details about the exploit. This advisory is based on that [2]. The Windows Task Scheduler uses an ALPC method - SchRpcSetSecurity - to deal with the rights of the created tasks. As side effect, this function checks if a .job file exists under c:\windows\tasks and tries to set the permissions there too. Since all users have write per- mission there, an attacker can create a hard link in this folder in order to rewrite the privileges he has over other objects of the system. After that he can modify the object ending up with his code running as SYSTEM. This is the path followed by the POC with a DLL hijacking as outcome. It is important to note that this technique for rights rewriting could be used in other unforeseen ways.
    [Show full text]