dead [he/him]@hexbear.net to technology@hexbear.netEnglish · edit-219 days ago"Dirty Frag" exploit gets root on most Linux systems released after 2017hexbear.netexternal-linkmessage-square17fedilinkarrow-up181file-text
arrow-up181external-link"Dirty Frag" exploit gets root on most Linux systems released after 2017hexbear.netdead [he/him]@hexbear.net to technology@hexbear.netEnglish · edit-219 days agomessage-square17fedilinkfile-text
https://xcancel.com/v4bel/status/2052464007857185136#m https://github.com/V4bel/dirtyfrag https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken
minus-squarekungen@feddit.nulinkfedilinkEnglisharrow-up6·18 days agoWhat distro? Check dmesg, it’s probably AppArmor blocking unprivileged_userns.
minus-squareroberto [any]@hexbear.netlinkfedilinkEnglisharrow-up5·18 days agoVoid. Kernel log has only these two messages from when the modules were loaded, none after that: [12660744.186643] Initializing XFRM netlink socket [12660751.925450] NET: Registered PF_RXRPC protocol family No apparmor: CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" [user@shithouse:~] > aa-enabled No - disabled at boot. Isn’t half of the exploit intended to work around apparmor?
What distro? Check dmesg, it’s probably AppArmor blocking unprivileged_userns.
Void.
Kernel log has only these two messages from when the modules were loaded, none after that:
[12660744.186643] Initializing XFRM netlink socket [12660751.925450] NET: Registered PF_RXRPC protocol familyNo apparmor:
CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"Isn’t half of the exploit intended to work around apparmor?