Closed tjyang closed 2 years ago
or after rooting the OS , only run a whoami command then return the username and exit the program? Goal is to have one exe binary not shell script.
A single binary needs some rewriting, because it requires a directory (which can be created by the binary) a library (which must then wirtten and compiled by the binary using system or similar methods).
Otherwise we can just create another process, execute true
and check if the return code is different from zero.
The whoami tactic is probably a little easier to code, let me know if you require this to be a single binary and if the binary can compile stuff (otherwise we can just pack the stage1 and the library in a single dezipping loader).
@berdav thanks for the reply. One single binary and run "whoami" return 1 when hacked approach will be very helpful for CM tool like saltstack/ansible. We can then use this for detection and verification purpose.
I've pushed a branch issue-14-dry-run with a fix of what you're asking for.
You need to compile it with make dry-run
and then execute the binary in the dry-run directory.
I've tested it, if it is what you intended I will merge it into the main branch.
me@ubuntu18t03:~/github/CVE-2021-4034/dry-run$ ./dry-run-cve-2021-4034
root
me@ubuntu18t03:~/github/CVE-2021-4034/dry-run$ echo $?
1
me@ubuntu18t03:~/github/CVE-2021-4034/dry-run$
[me@centos7t01 CVE-2021-4034]$ make dry-run
make -C dry-run
make[1]: Entering directory `/home/me/github/CVE-2021-4034/dry-run'
cc -Wall -DTRUE='"/usr/bin/true"' -DWHOAMI='"/usr/bin/whoami"' --shared -o pwnkit-dry-run.so pwnkit-dry-run.c
/usr/bin/ld: /tmp/ccVUUTUM.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
make[1]: *** [pwnkit-dry-run.so] Error 1
make[1]: Leaving directory `/home/me/github/CVE-2021-4034/dry-run'
make: *** [dry-run] Error 2
[me@centos7t01 CVE-2021-4034]$
dry-run-cve-2021-4034 binary created on ubuntu 18 was able to run on centos 7. Pls consider merging this branch into main.
oops! You're right. I had missed the -fPIC compilation flag :disappointed: also there was a problem in the code with old compilers default beaviour.
I've added it to the branch. Can you retest it?
Merging into main.
What I need is to deploy a safe C binary to detect this CVE . Return 1 code if not already patched without actually rooting the system, return 0 if the system is patched. Can this RFE be added ?