[Exploit] Implement actual CAP_SYS_MODULE escape in CDK
neargle opened this issue · 4 comments
From: @nikitastupin in #20
The reason why I didn't implement actual CAP_SYS_MODULE escape in CDK is because each kernel version and architecture combination requires kernel module built specifically for it. Given how many kernel versions and architectures out there I see several options:
- To make detailed instructions on how to build kernel module for arbitrary kernel version and architecture and put them to CDK.
- To prebuilt kernel module for most popular distributions (e.g. Ubuntu 20.04) include them in CDK binary and leave note on how to build kernel module for other kernel versions.
Great thanks to Nikita.
To prebuilt kernel module for most popular distributions (e.g. Ubuntu 20.04) include them in CDK binary and leave note on how to build kernel module for other kernel versions.
I think we should do this first. What about your recommendation? @nikitastupin
Hi @neargle ! 😃 That's a good option. There is one open question though.
Does all Ubuntu 20.04 distributions use the same kernel?
As far as I understand Ubuntu 20.04 gets updates regularly. So it's quite possible that kernel is updated from time to time. Than it doesn't makes much sense to hard-code exploit for particular kerne version.
@nikitastupin I recommend building EXP for Kernel Version 3.10.107. After simple statistics, I found that the number of servers with Kernel Version 3.10.107 on the cloud is larger than that of other servers.