On Wednesday, April 29th, 2026 at 7:36 PM, King Beowulf <[email protected]> wrote:
> On 4/29/26 17:17, Russell Senior wrote: > > In case people haven't see this, there is a local priviledge escalation: > > > > https://copy.fail/ > > > > a short python script can give you a root shell. > > > > Nope. Ya'll be using the wrong Linux distro! > > Xfce terminal > Python 3.9.25 kernel-5.15.193 > > Slackware64-15.0 "permission denied" > > > Python 3.12.13 kernel-6.18.13 > > Slackware64-Current "permission denied" > > On Slackware "su" only works with the correct password: > > ---- > https://xkcd.com/424/ > ---- > > -Ed > "No. Any setuid-root binary readable by the user works. passwd, chsh, chfn, mount, sudo, pkexec are all viable. The PoC defaults to su because it's present on every distro tested." -from the copy fail write-up. su and sudo on Slackware are not readable by the user and the kernel module this exploits is not loaded by default. Strict filesystem permissions can greatly reduce the severity of this exploit. -Ben
