|
|
Subscribe / Log in / New account

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

Posted Jan 23, 2012 17:46 UTC (Mon) by dpquigl (guest, #52852)
In reply to: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4) by SEJeff
Parent article: Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

Not seeing any AVC denials for this.

Ran
semodule -DB to remove dontaudit rules
ran the exploit
ran semodule -B to reenable dontaudit rules.

Then did

ausearch -ts recent
and ausearch -m AVC and got nothing back for either.

to post comments

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

Posted Jan 23, 2012 17:52 UTC (Mon) by SEJeff (guest, #51588) [Link] (1 responses)

So SELinux isn't blocking it, must be the build chain denying this invocation of the exploid. I noticed that RHEL6 is vulnerable so it might just be a bit harder but still possible.

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

Posted Jan 24, 2012 17:09 UTC (Tue) by lkundrak (subscriber, #43452) [Link]

Really!

<= 2.6.39 was reported to be vulnerable and RHEL 6 runs patched 2.6.32. Thus I only checked changelog for the stock 6.1 kernel that I was running and thought it was safe, but apparently this broke with 6.2 kernel (I run Scientific Linux 6.1 and I got that new kernel in an update):

* Mon Oct 10 2011 Aristeu Rozanski <arozansk@redhat.com> [2.6.32-207.el6]
- [fs] proc: enable writing to /proc/pid/mem (Johannes Weiner) [692039]


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds