Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Exploit] Implement actual CAP_SYS_MODULE escape in CDK #22

Open
neargle opened this issue May 17, 2021 · 4 comments
Open

[Exploit] Implement actual CAP_SYS_MODULE escape in CDK #22

neargle opened this issue May 17, 2021 · 4 comments
Assignees
Labels
enhancement New feature or request

Comments

@neargle
Copy link
Member

neargle commented May 17, 2021

From: @nikitastupin in #20

The reason why I didn't implement actual CAP_SYS_MODULE escape in CDK is because each kernel version and architecture combination requires kernel module built specifically for it. Given how many kernel versions and architectures out there I see several options:

  • To make detailed instructions on how to build kernel module for arbitrary kernel version and architecture and put them to CDK.
  • To prebuilt kernel module for most popular distributions (e.g. Ubuntu 20.04) include them in CDK binary and leave note on how to build kernel module for other kernel versions.

Great thanks to Nikita.

@neargle neargle added the enhancement New feature or request label May 17, 2021
@neargle neargle self-assigned this May 17, 2021
@neargle
Copy link
Member Author

neargle commented May 17, 2021

To prebuilt kernel module for most popular distributions (e.g. Ubuntu 20.04) include them in CDK binary and leave note on how to build kernel module for other kernel versions.

I think we should do this first. What about your recommendation? @nikitastupin

@nikitastupin
Copy link
Contributor

Hi @neargle ! 😃 That's a good option. There is one open question though.

Does all Ubuntu 20.04 distributions use the same kernel?

As far as I understand Ubuntu 20.04 gets updates regularly. So it's quite possible that kernel is updated from time to time. Than it doesn't makes much sense to hard-code exploit for particular kerne version.

@neargle
Copy link
Member Author

neargle commented May 18, 2021

@nikitastupin I recommend building EXP for Kernel Version 3.10.107. After simple statistics, I found that the number of servers with Kernel Version 3.10.107 on the cloud is larger than that of other servers.

@kmahyyg
Copy link
Contributor

kmahyyg commented Mar 6, 2022

partially related to #32 . Obviously this is not a good idea... Since there's a lot kernel version for different distributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants