LinuxQuestions.org - Explanation on uselib() Local Privilege Escalation Exploit

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Explanation on uselib() Local Privilege Escalation Exploit (https://www.linuxquestions.org/questions/linux-security-4/explanation-on-uselib-local-privilege-escalation-exploit-4175557018/)

huangjie

10-24-2015 02:57 AM

Explanation on uselib() Local Privilege Escalation Exploit

Hi all, I'm recently doing research on https://www.exploit-db.com/exploits/895/. It's about using the race between msync and uselib to get root. But the code can be really confusing. Can anyone help explain it a little bit?
I have at least 2 question:

Why it needs to consume VMA?
How does msync_interval get the fake VMA?

Many thanks for your time.

unSpawn

10-29-2015 02:17 AM

It needs to consume VMA to buy time to exploit the race condition?
As for the second question: how about you explain in detail what "msync_interval" does?

All times are GMT -5. The time now is 12:32 AM.