Increasing Readability
This commit is contained in:
0xVoodoo
@@ -6,7 +6,9 @@ This exploit has caused quite the panic among defenders, so I re-wrote/unminifie
|
||||
|
||||
In short, this exploit abuses the way `splice()` works and the AF_ALG socket type within [authencesn.c](https://github.com/torvalds/linux/blob/26fd6bff2c050196005312d1d306889220952a99/crypto/authencesn.c#L3) from the Linux crypto libraries. More or less, it allows the attacker to write 4 bytes of memory at a time to pagefiles, leading to the overwrite of the in-cache version of open files. When this is done with a SUID binary, like `/bin/su` the attacker is able to then execute the binary, which will pulls from the cache. This leaves the legit version of the overwritten binary in place while allowing arbitrary non-privileged users to gain root perms.
|
||||
|
||||
*Note* - this version needs at least Python 3.10
|
||||
*Note* - This exploit needs at least Python 3.10
|
||||
|
||||
*Additional Note* - For sake of readibility, I've replaced the direct int descriptors with their named socket.* versions, this may slightly reduce portability.
|
||||
|
||||
# License
|
||||
|
||||
|
||||
Reference in New Issue
Block a user