On Thu, Jan 9, 2025 at 10:22 AM Moritz Sanft <greek...@gmail.com> wrote: > > Thanks for your swift response. Let me clarify some things that I didn't seem > to convey well in my initial question. > > Probably the most important; I'm not looking to disclose a vulnerability in > Go here. If I was to disclose that, I would use the points of contact you've > mentioned. > I'm trying to understand the implications of an attacker being able to write > into the inodes created by the Go runtime. > > Also, I must apologize for the wrong usage of the term "anonymous pipe". I > must have mixed it up with what's being used in the link I've mentioned while > writing my question. > When I create a "Hello world" Go application, I see that it creates two > anonymous inodes (not anonymous pipes) via epoll_create(2) and eventfd(2). > These are, as you have mentioned correctly, what the pointers are being > passed to in the example I've sent. Now, my question is, what can an attacker > do if he gains write access to said inodes? Or, to phrase it more generally, > what happens with the data that's being sent there?
I see. I don't know what access Linux provides to an anonymous epoll inode. I don't know what it would mean to write to an epoll descriptor. I also don't know what it would mean to have write access to an eventfd, but that is used similarly to the anonymous pipes on other systems. The runtime writes to the eventfd when it needs to wake up the network poller due to a timer change. The actual data sent on the eventfd is ignored. The epoll descriptor is used as epoll normally is: to record a list of descriptors of interest, and to track I/O events on those descriptors. > Can you point to a code location in the runtime I could look at to better > understand what's going on there? See runtime/netpoll_epoll.go, which is the Linux-specific side of the more general API in runtime/netpoll.go. Ian -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/CAOyqgcX_g%2BA_3ED8%3DWatJV740jttmSS3Cq5e4G1z4QH7QpwLhw%40mail.gmail.com.
