On Tue, 19 Jan 2016 21:55:12 +0100, shraptor wrote in message <0f6f017d5d303a92526f829661e84...@epost.bahnhof.se>:
> On 2016-01-19 19:07, Rainer Weikusat wrote: > > In this particular case, an unprivileged local user could gain root > > access by running a program which does billions of syscalls as fast > > as it can for ca 30 minutes (according the 'real' article). > > I tested the program in the 'real' article but it didn't work? > > But I guess you have to adjust addresses of commit_creds and > prepare_kernel_cred functions for my kernel version? > The article says they are static and can be determined per Linux > kernel version. > > How to determine those? some kind of stacksmashing? ..recipe suggestions: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f https://phoronix.com/scan.php?page=news_item&px=Linux-Kernel-2016-0-Day https://www.debian.org/security/2016/dsa-3448 -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng