search

timwr / CVE-2016-5195

CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android
959 stars 395 forks source link

Root Shell With permission denied #28

Closed ghost closed 7 years ago

ghost commented 8 years ago

Hello, I've successfully spawn a root shell but i can't run any root commands. Here is an example:

root@HWLYO-L6735:/ # id
uid=0(root) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
root@HWLYO-L6735:/ # mount -o remount,rw /system 
mount: Permission denied
255|root@HWLYO-L6735:/ #

Can you help me?

refi64 commented 8 years ago

9

TL;DR: the root shell is spawned in the wrong SELinux context, so you can't actually do too much with it.

sigma-random commented 8 years ago

you just got the shell with context=>"u:r:shell:s0", so the shell belongs to user:shell, whatever the uid is.

timwr commented 7 years ago

duplicate of #9