On Tue, 19 Jan 2016 21:55:12 +0100, shraptor wrote in message
<0f6f017d5d303a92526f829661e8400d@???>:

> On 2016-01-19 19:07, Rainer Weikusat wrote:
> > In this particular case, an unprivileged local user could gain root
> > access by running a program which does billions of syscalls as fast
> > as it can for ca 30 minutes (according the 'real' article).
>
> I tested the program in the 'real' article but it didn't work?
>
> But I guess you have to adjust addresses of commit_creds and
> prepare_kernel_cred functions for my kernel version?
> The article says they are static and can be determined per Linux
> kernel version.
>
> How to determine those? some kind of stacksmashing?

..recipe suggestions:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f
https://phoronix.com/scan.php?page=news_item&px=Linux-Kernel-2016-0-Day
https://www.debian.org/security/2016/dsa-3448

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.