Gavin <netmatters@gmail.com> writes: > On 14 May 2013 18:36, John Andreasson <andreassonjohn@gmail.com> wrote: >> Was just alerted of a kernel bug in RHEL [1], but when testing the >> sample code on Wheezy as an unprivileged user it successfully gives >> me a root prompt. Kind of suboptimal. :-( >> >> Any idea when this is fixed? >> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792 > > Hi John, > > I'm unable to replicate this 'issue' on my up to date Wheezy laptop. > > gavin@caelyn:~$ uname -a > Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux > > When I run the compiled binary of this exploit as my unprivileged user > I get the following error:- > > gavin@caelyn:~$ ./getroot > 2.6.37-3.x x86_64 > sd@f***sheep.org 2010 > getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024, > &needle, 8)' failed. > Aborted > > What kernel are you able to replicate this bug with ? At first I thought the same thing, however compile with -O2: $ gcc -O2 semtex.c && ./a.out 2.6.37-3.x x86_64 sd@fucksheep.org 2010 root@xo-laptop:/tmp# uname -a Linux xo-laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux -- Gerald Turner Email: gturner@unzane.com JID: gturner@unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
Attachment:
pgpbRHCJYjeV5.pgp
Description: PGP signature