On 2016-01-19 23:07, Rainer Weikusat wrote:
You can find them in the System.map file for your kernel, eg,
...
Found it in my System.map
ffffffff810a97d2 T prepare_kernel_cred
ffffffff810a94b7 T commit_creds
Thanks for hint
some kind of stacksmashing?
No. The bug in the kernel function causes a reference to some object to
...
Thank you for that concise explanation, understanding a bit better now.
Entered the addresses from my kernel and ran the program.
It took 37 min to complete
$ ./cve_2016_0728 PP_KEY
uid=1000, euid=1000
Increfing...
finished increfing
forking...
finished forking
caling revoke...
uid=1000, euid=1000
$ id -u
1000
$ id -un
alpha
I am still not root at the end? Maybe a bit overestimated this bug?
I am on kernel 4.1.6
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
