metasploit-gs

adam/metasploit-gs

Fork 0

Commit Graph

Author	SHA1	Message	Date
Gustaf Blomqvist	c5751a240b	Fix incorrect offset in BPF sign extension LPE The uid field of the cred struct is normally the second field, followed by the gid field. The first field is of type atomic_t, which has the size of an int. Since the size of an int is usually 4 bytes, the uid is normally located at an offset of 4 bytes from the start of the cred struct, and not 8. Since the uid also is int-sized, the code set test_uid to the gid, making the exploit fail for cases where uid != gid.	2020-10-17 19:46:35 -04:00
Brendan Coles	9bdec97b2e	Fix bpf_sign_extension_priv_esc	2018-07-13 23:01:17 +00:00

Author

SHA1

Message

Date

Gustaf Blomqvist

c5751a240b

Fix incorrect offset in BPF sign extension LPE

The uid field of the cred struct is normally the second field, followed
by the gid field. The first field is of type atomic_t, which has the
size of an int. Since the size of an int is usually 4 bytes, the uid is
normally located at an offset of 4 bytes from the start of the cred
struct, and not 8. Since the uid also is int-sized, the code set
test_uid to the gid, making the exploit fail for cases where uid != gid.

2020-10-17 19:46:35 -04:00

Brendan Coles

9bdec97b2e

Fix bpf_sign_extension_priv_esc

2018-07-13 23:01:17 +00:00

2 Commits