On 2016-01-19 19:07, Rainer Weikusat wrote:
> In this particular case, an unprivileged local user could gain root
> access by running a program which does billions of syscalls as fast as
> it can for ca 30 minutes (according the 'real' article).

I tested the program in the 'real' article but it didn't work?

But I guess you have to adjust addresses of commit_creds and
prepare_kernel_cred functions for my kernel version?
The article says they are static and can be determined per Linux kernel
version.

How to determine those? some kind of stacksmashing?