Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Oct 2017 12:42:41 +0200
From: up201407890@...nos.dcc.fc.up.pt
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling
	access_ok()

Hello,

I've written a quick exploit for that vulnerability.
Instead of using it for malicious purposes, I use it to actually  
increase my systems security.

$ id
uid=1000
$ ./a.out
[+] Leak size=144 bytes
[+] Got kernel base: 0xffffffffb5200000
[+] Got selinux_enforcing: 0xffffffffb611cc90
[+] Got selinux_enabled: 0xffffffffb5eb1350
[+] Overwriting selinux_enforcing...
[+] Overwriting selinux_enabled...
[+] SELinux disabled!

Enjoy,
Federico Bento.

PS: It's just a joke :)


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


View attachment "selinux.c" of type "text/x-csrc" (2943 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ