• roberto [any]@hexbear.netEnglish
    18·
    18 days ago

    My desktop is immune somehow, with a year old kernel. No idea why.

    [user@shithouse:/tmp/dirtyfrag] > uname -a
Linux shithouse 6.1.153_2 #1 SMP PREEMPT_DYNAMIC Tue Sep 30 13:38:47 UTC 2025 x86_64 GNU/Linux
[user@shithouse:/tmp/dirtyfrag] > ./exp
dirtyfrag: failed (rc=3)
[user@shithouse:/tmp/dirtyfrag] > ./exp
dirtyfrag: failed (rc=3)
[user@shithouse:/tmp/dirtyfrag] > ./exp
dirtyfrag: failed (rc=3)
[user@shithouse:/tmp/dirtyfrag] > id
uid=1002(user) gid=200(users) groups=200(users)
      • roberto [any]@hexbear.netEnglish
        8·
        18 days ago

        They are:

        [user@shithouse:/tmp/dirtyfrag] > lsmod | grep -E '(esp|rxrpc)'
esp6                   28672  0
rxrpc                 258048  0
ip6_udp_tunnel         16384  1 rxrpc
udp_tunnel             20480  1 rxrpc
esp4                   28672  0

        [user@shithouse:/tmp/dirtyfrag] > zgrep -Ei '(rxrpc|inet.?_esp)' /proc/config.gz 
CONFIG_INET_ESP=m
CONFIG_INET_ESP_OFFLOAD=m
CONFIG_INET_ESPINTCP=y
CONFIG_INET6_ESP=m
CONFIG_INET6_ESP_OFFLOAD=m
CONFIG_INET6_ESPINTCP=y
CONFIG_AF_RXRPC=m
# CONFIG_AF_RXRPC_IPV6 is not set
# CONFIG_AF_RXRPC_INJECT_LOSS is not set
# CONFIG_AF_RXRPC_DEBUG is not set
        • kungen@feddit.nuEnglish
          6·
          18 days ago

          What distro? Check dmesg, it’s probably AppArmor blocking unprivileged_userns.

          • roberto [any]@hexbear.netEnglish
            5·
            18 days ago

            Void.

            Kernel log has only these two messages from when the modules were loaded, none after that:

            [12660744.186643] Initializing XFRM netlink socket
[12660751.925450] NET: Registered PF_RXRPC protocol family

            No apparmor:

            CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"

            [user@shithouse:~] > aa-enabled
No - disabled at boot.

            Isn’t half of the exploit intended to work around apparmor?