oss-sec mailing list archives
Re: Re: Problems in automatic crash analysis frameworks
From: Tavis Ormandy <taviso () google com>
Date: Wed, 15 Apr 2015 12:55:53 -0700
On Wed, Apr 15, 2015 at 11:48 AM, Tavis Ormandy <taviso () google com> wrote:
FWIW, I verified this is exploitable.
Here's the script I used to verify, it should create the file /etc/rootfiletest. By using the partial trick or creating parse errors, this is easy to turn into a root shell. Note: I'm a c programmer, I don't know python at all, it's probably the worlds worst python code - I used python because I was reading the python3-lxc code. taviso@ubuntu:~/tmp$ ls -l /etc/rootfiletest ls: cannot access /etc/rootfiletest: No such file or directory taviso@ubuntu:~/tmp$ rm -rf /tmp/?0* /tmp/exploit/ taviso@ubuntu:~/tmp$ python3 test.py taviso@ubuntu:~/tmp$ ls -l /etc/rootfiletest -rw-rw---- 1 root root 0 Apr 15 12:53 /etc/rootfiletest Tavis.
Attachment:
exploit.py
Description:
Current thread:
- Re: Re: Problems in automatic crash analysis frameworks, (continued)
- Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 16)
- Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 16)
- Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Michael Samuel (Apr 14)
- Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
- Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)