Hi all, I'm recently doing research on
https://www.exploit-db.com/exploits/895/. It's about using the race between msync and uselib to get root. But the code can be really confusing. Can anyone help explain it a little bit?
I have at least 2 question:
- Why it needs to consume VMA?
- How does msync_interval get the fake VMA?
Many thanks for your time.