Tags: DirtyCow

Mitigating dirtyc0w with systemd

Basic mitigation Known exploits for the CVE-2016–5195 vulnerability involve the madvise syscall, so it’s possible to mitigate by excluding the necessary call via a systemd service or container configuration. This is easy with for a systemd unit: [Service] SystemCallFilter=~madviseThe tilde after...
Read 0 Comments
Click Here!