Re: local root exploit
Ok, more data.
[...]
> Sarge, 2.6.7-1-686 and sid, 2.6.9 custom kernel (same behavior):
>
> $ ./elflbl
>
> child 1 VMAs 0
> [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
> [+] vmalloc area 0xc8000000 - 0xcfc32000
>
> (at this point it eats all the cpu and ram it can get, until killed)
>
If not killed, it seems to come to some sort of eventual conclusion. I've run it several times on each box, and on the sarge box (2.6.7-1-686) I get:
$ ./elflbl
child 1 VMAs 0
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xc8000000 - 0xcfc32000
[-] FAILED: try again (Cannot allocate memory)
Killed
On my sid box I get a segfault after ~5 minutes of thrashing every time.
So it looks like it could work in theory, but I still haven't gotten a root shell out of it, and I've been trying about an hour.
Cheers,
L
Reply to: