LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

It's far from complete

It's far from complete

Posted Feb 25, 2008 0:19 UTC (Mon) by cras (guest, #7000)
In reply to: It's far from complete by fbh
Parent article: vmsplice(): the making of a local root exploit 

I don't know if the exploit was supposed to work as a 64bit binary (I crashed my machine when 
testing one version of it), but that code doesn't translate to "NULL" on 64bit systems.

(Log in to post comments)

It's far from complete

Posted Feb 25, 2008 9:02 UTC (Mon) by fbh (guest, #49754) [Link] 

Acutally you're right.

It's a trick to compute the addresses of the fake "struct page" structures on both 32 and 64
bits platforms.

It should work on 64 bits platforms. I don't know why it doesn't in your case though but it's
just a matter of tuning some values in the exploit code probably.

Thanks.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds