$ uname -a
Linux test 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux
If I run the ./lucky0, I get this:
xfrm 3.x - 5.x kernels poc
vitaly [at] duasynt.com
[+] trying to win the race. wait...
[-] unshare: Operation not permitted
This is, if I understand correctly, because I don't have unprivileged user_namespaces enabled.
If I enable them with sysctl -w kernel.unprivileged_userns_clone=1, then I'm able to run the binary.
My assumption is that this system is safe because you need to have admin rights to run sysctl, so at that time the attacker doesn't need to run the exploit. So unless someone accidentally or foolishly enables this, the system is safe?
I'm on Debian:
If I run the
./lucky0, I get this:This is, if I understand correctly, because I don't have unprivileged user_namespaces enabled. If I enable them with
sysctl -w kernel.unprivileged_userns_clone=1, then I'm able to run the binary.My assumption is that this system is safe because you need to have admin rights to run
sysctl, so at that time the attacker doesn't need to run the exploit. So unless someone accidentally or foolishly enables this, the system is safe?