f11ba7bd38
when mmapping a file, permissions are checked as it should be. When mprotect()-ing the address range afterwards, no protection was checked regarding the protection of the file originally opened. So when you open /usr/bin/su RDONLY and SHARED you could afterwards change the mmapped region to READ|WRITE. This gave the possibility to obtain root privs obviously.
2 lines
35 B
C
2 lines
35 B
C
revision 1.2 intentionally removed
|