著者: Rainer Weikusat 日付: To: dng 題目: Re: [DNG] Beware
Rainer Weikusat <rainerweikusat@???> writes: > shraptor <shraptor@???> writes:
>> On 2016-01-19 19:07, Rainer Weikusat wrote:
>>> In this particular case, an unprivileged local user could gain root
>>> access by running a program which does billions of syscalls as fast as
>>> it can for ca 30 minutes (according the 'real' article).
>>
>> I tested the program in the 'real' article but it didn't work?
>>
>> But I guess you have to adjust addresses of commit_creds and
>> prepare_kernel_cred functions for my kernel version?
>> The article says they are static and can be determined per Linux
>> kernel version.
>>
>> How to determine those?
>
> You can find them in the System.map file for your kernel, eg,
>
> [rw@doppelsaurus]~#grep prepare_kernel_cred /boot/System.map-4.4.0-net
I meant to write this in a different context and then forgot about
it. The name has nothing to do with grab (or any other English word) but
before there was grep, the text editor could be used to accomlish the
same, eg,
[rw@doppelsaurus]~#ed /boot/System.map-4.4.0-net
2095848
g/prepare_kernel_cred/p
ffffffff810555f0 T prepare_kernel_cred
ffffffff8179d680 R __ksymtab_prepare_kernel_cred
ffffffff817acd40 r __kstrtab_prepare_kernel_cred
q
The first part of the ed command is an address whose meaning is 'for all
lines match re' (a regexp), the absract definition is