Why you should Close Your Files | bin 0x02
Вставка
- Опубліковано 8 вер 2024
- #BinaryExploitation #FileDescriptor #Attack
In this video, we're gonna look at how one can abuse file descriptors in some cases to get access to "sensitive" documents.
🔗 Code + Build Instructions: old.hackercamp...
🔗 Original Blog: www.sektionein...
💬 Discord: / discord
🐤 Twitter: / pwnfunction
🎵 Track: Warriyo - Mortals (feat. Laura Brehm)
NCS link: • Warriyo - Mortals (fea...
Bois I've got covid, I'll be back soon.
cool
RIP
the fact you commented 13 minutes ago is insane, ive gotten this in my recommended like every refresh for like the past week and just now decided to watch it
F
rip
0:27 “guys I gotta close my keyboard hold on”
Unplug it after using XD
@@jhonreydaffon8156 just cut the wire
Hold on... Lets close my network socket as well. 0:28
This whole channel is so good, I'm glad i stumbled upon this gem of the internet today!
same!
Same
well, I did today!1
"Why you should close your files." "Network sockets are a file"
Okay, closed them. How do I connect to the internet again now?
linux be like: "everything is a file"
--> sudo shutdown now -h
@@julians.2597 Wait if everythings a file am I a file?
This is like OOP, everything is an object
@@Rudxain Imagine programming with FOP
@@Handlessuck1 That would be an interesting concept. Like accessing file metadata using computed property access. Setting permissions using object descriptors (file descriptors). Classes would be programs specifically designed to create a certain kind of file, so VIM is a class whose constructor returns a new plaintext file object.
The only problem is that *EVERY* file is allowed to have own function properties, which means they can come bundled with method scripts that aren't inherited from the prototype, possibly allowing arbitrary code execution lol
with sincere admiration, between the art style and the narrator’s voice I fully expected him to end with “now, fire ze missiles!”
But I am le tired
so old school before even UA-cam was out and flash cartoons were all the rave!
@@kevinalexander4959 hell yeah, just like burnt face man
I want youtube to start recommending this type of videos more! sadly I can't help but watch cat videos every now and then...
Go to the 3 dot menu against those videos and select 'Not Interested'.
I know it'll be hard but you gotta do it😥
Bruh, YT recommended this video to me today, I saw the channel name, I saw the video title, and I immediately subscribed
Thanks, Rust, for closing files on drop (standard: when the variable goes out of scope), as do many others. Sometimes I think RAII is kinda the wrong term, as closing/deallocating/whatever on dropping your value seem equally if not more important in practice.
RAII has always been the wrong term, but it caught on. And I guess C(lose)O(n)D(estruction) would remind too much Call of Duty
Yup, let's all have the compiler do stuff for us because it's too complex to do it ourselves!! It's what makes the difference between a good coder who is aware of such things and people who need a runtime to remember all the things they forget because resource management is too complex for them. You might as well just advocate for gameSpaceInvaders.create(); gameSpaceInvaders.run() and have the compiler generate the entire thing for you. Coding and coding well is a skill, but NOT today, it's, let the runtime handle that, import some else's library, job done.
@@thewelder3538 It's a matter of efficiency. Why have people write the same code hundreds or thousands of times? Consumers (because that is who needs to pay for software at the end, even internal software) don't want to pay for developers writing boilerplate code over and over. You want working code the smallest possible amount of effort. Of course, it needs to be fast and safe as well, but nobody has time and money for developers to mess around and try to perfect every little thing.
It's generally not that people couldn't do it, but simply that they don't want to.
@@jort93z I'm not sure if you're actually arguing what you think you are. It's simple, if a class opens a file handle, it should close it. It has nothing to do with efficiency. Your arguing that the runtime should close the file handles that YOU forgot to close. This is like the ultimate lazy coders paradigm, where you rely on the runtime and compiler to fix all your bad code for you. Sure, there are always deadlines and stuff, but releasing a badly bugged product affects reputation WAY more than a release delay. The problem with many coders nowadays, is they have literally NO idea what is going on under the hood of the languages they are writing in. I think they should all do a stint writing x86 or ARM assembly because then you HAVE to take care and do things properly. None of this... whoopsie, I accidently left a file handle open, not to worry, the runtime will sort that for me, mentality. You do things right, or you resource leak and your program dies. Then, once you've got that level of understanding, apply it to a higher level and then you'll realise just how much nonsense it is letting a runtime close a file handle, just because it can. This applies to more than just file handles though, it applies to any resource. The same as a GOOD coder has no concept of a string, it's just a list of bytes. Dynamic containers, like vector/map/set etc, most have no idea what's actually going on. But work in assembly for a bit and then you realise how much pain and suffering these dynamic containers save you from.
@@thewelder3538 "This is like the ultimate lazy coders paradigm, where you rely on the runtime and compiler to fix all your bad code for you"
Well, or you look at it another way, you rely on the compiler/runtime, so you need to write less code for the same thing. Just because your code is less verbose, doesn't make it worse. If you know you can rely on the compiler/runtime, there is no need to write it out explicitly.
Your problem is you seem to think that people just forget to close it. It isn't that people forget, but simply that people don't want to.
Being stupid, and being lazy, are very different things. Generally, smart and lazy people are the best programmers.
I appreciate you and your work so much. As someone with a learning disability, my learning curves are fucked to shit. Sometimes I'll go a month feeling like no progress had been made, then all in one jump every subject and related ones click. Watching your videos, speed this learning process up for me immensely, and I'm so grateful. I hope your Covid-19 is gone by now. We need you ❤️
This video is literally the most informative piece of media about this topic in the entire platform. Instantly subscribed to the channel. Great stuff.
bro uploaded this content for absolutely free. you are a legend
That's why we use 'with open...' so it get closed when the code is finished.
python
that's why they made 'with' keyword so we don't fck up, another amazing thing is defer in golang.
That's all fine and good in python, but there's no such thing in C, and all the "real" code that does actual work is written mostly in C
@@gorak9000 you’re watching this on UA-cam, on a website written in html, with effects written in JavaScript, with a backend of C++. Take your elitism elsewhere
@@techheck3358 Uh, I'm not sure where you got this sense of "elitism" from, but thank you for re-enforcing my point that not all software is written in Python, so saying "use 'with' in Python" is not a solution to this issue. I'm just trying to quell the "python fanbois" that no, there actually do exist other languages out there that don't have "auto" file closing. So many "coders" these days think they can string 5 lines of python together, so now they're "software developers". I interviewed 5 or 6 such people in the last couple of weeks. I don't know wtf they are teaching in CS these days, but it's either not getting through to people, or CS education has really taken a nosedive in the last 5 or 6 years. You ask these "software developers" basic data structures questions, or complexity (big oh) questions, and they look at you with a blank stare like you're talking a foreign language.
Java actually has some edge cases that keeping a file open helps in, like, for example, temporarily adding a certificate to the certificate store without having permissions to actually write to it, because your CA is relatively recent and has compatibility issues with Java (talking about Let's Encrypt here lol)
this works because Java keeps a copy of the file in memory until you close it that it writes any changes to, before dumping them into the file when you close it. but if that never happens, the file will stay resident in memory, and Java being Java will reuse that copy in memory rather than reloading it into memory when something else in the same vm tries to access that same file, that file being the Java certificate store in this case
I thought buffered IO was a thing in most programming languages?
Got worried that your last pinned message was 2 weeks ago saying you got COVID. Had to sort the comments by date to see if you made other replies since then. Saw one from last week and then one from today. Glad you're still with us. I hope you're feeling better.
I'm good now, writing script for the next video :)
Much awaited ❤ i hope this playlist grows n grows 😍
thanks liveoverflow for introducing me to this channel
Your visualisations are on point! Everything feels smooth. Thank you!
That is not the case when you try doing it yourself!
I am trying just right now and file 3 is not left behind, I think that is a patch of the ubuntu that made this for now but I may return to edit this comm if I figure out what is the wrong
i just started watching this series today
wasn't expecting 3rd ep so soon
btw
Nice PFP bro
@@callumery119 commendable to you too, lol
someone who notices :)
U did it worng it's btw >& this 😂😂
This channel is actually amazing. I love it!
This channel is amazing. I just love the graphics and how you explain those things. Wish you'd do more videos about linux filesystem, and low level stuff.
use the with statement to ensure files close automatically
[code]
with open ("filepath") as file:
process(file)
[more code]
like so, as soon as execution leaves the "with" block your files will be always closed, even during exceptions.
EDIT: Turns out I was wrong, cat is not a shell builtin
5:07 it doesn't work, but not because it's "an external program" (cat is a shell builtin). It's because by using the symlink in /proc/.../fd/ you're trying to open a _new_ descriptor for the symlink, different from the first one opened as root for the actual file.
Using the redirection syntax works because then you're reading from the _existing_ descriptor and not opening a new one.
EDIT: After listening to that bit again I realize you pretty much tried to say the same thing. I think the wording confused me for some reason. Anyway, great video!
I should've said it better. Noted, thanks.
Which shell has cat as a builtin? No shell I tested (bash, sh, dash, zsh) has has it, it's just a regular executable at /bin/cat (in my testing).
@@Gramini Wow you're totally right. I assumed it was a shell builtin because it was such a simple program. I'm sorry, I should have looked into it before spreading misinformation
@@seerlite5256Most implementations of cat are not simple programs as they have flags to symbolically print out non printable characters. The theoretical POSIX cat only requires copying from 1 or more files and/or stdin to standard out.
You might be thinking of the echo command which is built into many shells and is relatively simple.
Havent finished vid but at 1:22 the screen looks cool with the asian code running in background like the Matrix. NICE !
So after this long time....this channel get recomend in everyone's homepage....I wish, I got this channel before
This has legit made me start closing files, even though I dont work with anything that needs security.
Great explanation and examples. Thanks for making this video!
I like your terminal theme btw, very nice colours
Devices are a file in the /dev/ directory, so on and so forth.
Ok I just found your channel thanks to your XSS vid, and it’s amazing ! You really helps to understand some complicated contexts, especially for someone who is new to this environment. Keep up the good work 👌
This just popped up in my feed. Watched 4 minutes and I love it. Subscribed 🔥🔥
I love it that people call C a bad programming language then go on to write code like this without thoroughly checking.
this just blow my mind. How a simple mistake can open a backdoor to any system it ran on.
Really good videos! It definitively makes me a better developer.
I also like your video style with the hand drawn aestetics. What do you use to record your drawing? Just curious 😇
man u are the best rare to find someone that explaines the subjects that good
Seeing technical videos of such high quality is mind-blowing. My regards=)
This is awesome. I'm so happy I got this recommended. Keep up the great work!
Windows solves all of your issues by remembering you that if you don't close the file handler you won't be able to use the file >:D
lmao
lmao
You can still read from a file handler on Windows even if it's open as write or read in another program. You just can't write to it if it's open as write in another program.
@@PyPylia Whether you can depends on how the file has been opened. You can open a file for read and still block everyone else from accessing it.
@@Aidiakapi Which is what PowerPoint does. So annoying
@filedescriptor a huge fan of him, since long time.
Very smooth and well explained love it!
This is a hella cool video
Bruh. This is amazin, you killin it
Respect for mahboiz who use with or using.
on recommended today, immediately subbed. Is there a way to scan for open handles with elevated privileges, that are 'not supposed to be there'?
This is channel is addictive
So good as always, pwn! Hope you get better and get plenty of rest 🍻
Thanks for the warning, I will keep it in mind.
Nice drawings, i like your explanation, keep going!
Thank you, I will
In python i always use:
With open ("file.txt", "a") as f:
If you do it like this the file closes when you're done.
Thanks, made this ‘mistake’ a lot and never cared, thanks for explaining(am a python programmer)
Python has the with statement, which makes this easier:
with open("file") as file:
# do stuff with file
# file is auto-closed here
@@laurinneff4304 yes, I know about this though I did not know why I should care
Amazing visual style!
so underrated, keep it up!
It makes sense to me except the exploit part at 7:04, we are piping to stdin of newgrp an echo command into a setuid binary/binary with permissions to write "/etc/sudoers"?
I don't get the shell script.
Also the OSX case is part of the semingly same "mistake", except it doesn't use exec(); except exec() is never used, and the linker should run with permissions of the target binary.
1:11 this is a very honest beginners mistake of "exec() runs a new program, so kernel has to clean up everything that made up the old process"(and this behavior can have usefull usecases).
Definition of file - named region of memory. If it has name, and some memory associated, then it is file. Note that, there is no requirements for memory in this definition, neither nor requirements for name. As long as it refers to at least bit of any kind of memory, and it is somehow named (and that includes index-names), object is technically file! Even if object is possess properties that can classify it more precisely, it still considered file.
This is basics, undisputed basics! And if video starts with demonstration of ignorance of basics, it ends for me at that point.
Excellent explanation! 🔥 also, your terminal theme is sick! what theme is it?
A File Descriptor is NOT a file handle. It has NEVER been a file handle. It is a collection of information about a file, that may or may not be opaque depending of the os/function used to obtain one. A handle may be a component of a descriptor. On Windows for instance, a HANDLE is opaque, I think it's a typedef to a void*, but it's actually also a collection of information, but it's STILL NOT file descriptor.
i love you
This guy seems cool. Top class teaching.
You deserve way more subbs lol. You convinced me from the first video. Great job.
I love finding dota 2 soundtrack in random intros
0:39 "Everything is not a file" is wrong and means that everything is something but a file. That would mean that file do not exist.
The correct way would be: "Not everything is a file".
It's hard to not subscribe, it's like another LiveOverflow channel.
i finished this video subscribed to the channel went to check more from your channel then realised that i have watched all your videos already now i feel what crack addicts feel :(
if you need the file for the entire length of the program, closing it is kinda redundant since the operating system already does it for you after you exit the process
True, and that's why I thought the video would be pointless. But after watching, I realized that he's raising an actual point, pointing out the risk you have to leak down secrets and stuff to forked processes. Quite useful
Wish you strength! Your videos are super, pls pls keep it up
Amazing vid sir! Please, keep them coming! :D
Awesome vídeo, thank you!
Oh, that was good, I didn't knew that... THX!
Any language without really easy-to-use RAII should be reconsidered, in my opinion
Thank you for linking to the original blog!
هذا أفضل فيديو على الإطلاق
one of the best channels with quality content.
Heyo, could you share your terminal colorscheme? I've been looking for a contrasty/vibrant colorscheme for quite some time and yours looks absolutely amazing.
I need some clarification about the Apple bug - isn't the ability for a regular user to overwrite a root owned file with logs a huge issue already, even if you didn't have control of the contents?
What about the time the process use the file? I mean it do close it but it takes time - users can still read the content during that time or am i missing something?
Epic channel btw
loving this series so far :)))))00
So using the method you showed would the normal user only be able to perform actions on that file? Or does it expose bigger vulnerabilities, like manipulating other root files?
This was a really cool video! Loved when it all tied together with a real world example
You could edit the sudoers file and then you have admin access to the system
That intro was really slick. Where and how did you make this?
Always set FD_CLOEXEC on descriptors which you don't want to pass to a new process image.
Great video, maybe boost the volume a bit in your next video.
Two things:
1) I love your animation, what program do you use?
2) Is there a reason you chose japanese as a background? I'm curious...
1. Adobe animate cc
2. Imma weeb
1:15 I was also thinking of this guy. Nice video btw
the new liveoverflow
I hope you will continue this series
Love this content
You are smart. Subscribed :)
Awesome work mr.pwn !
Amazing explanation keep going hero
We need more..this is so addictive
Very good one!
Great find as always mate.
so when you leave a file open, the root permission of that system can be accessed by another program having access to the running program?
I think he's saying the process that opened it while elevated can continue to access it after changing to plain user. Perhaps some system API in OSX did this while starting a new process and didn't close the file, which would give the new process (now running as a user) access to the file.
@@Christobanistan correct. The vulnerability was in dyld, macOS's dynamic linker (a program that adds the code for libraries your program uses to the code for your program). BTW, the equivalent on Linux is usually ld-linux
@@laurinneff4304 Dang.
This is very important and not clearly state in the video. The video can suggest that every file open by a running programm can be accessed
Don't think you explained why the redirect is dependent on not closing the file. No way anything can just read from an opened file just because it's opened. So why then can we read despite it not being opened by or even by the shell?
This channel is sooo dope
I really like your video style
that's a beautiful font
OOOOOOOOH THAT SOOOOOONG I REMEMBER IT subscribed
glad i found this on my recommendation
I've usually got like three different text files open in the background, felt attacked when I read the title.
Crazy stuff as always 🔥
The colors and art style of this video are eye candy uwu
I would've spent a little more time on the
Oh, ok let me try again.
cat
What are the fonts you use? Quite aesthetic!
"Oops my computer crashed BECAUSE I CLOSED IT IDIOT is a valid argument to this" is a valid argument to this
It isn't even a coherent sentence, let alone an argument.