reveng_rtkit icon indicating copy to clipboard operation
reveng_rtkit copied to clipboard

Published 20 hours ago verified publisher icon reveng007

Nice...but...SELINUX?

Open Zibri opened this issue 1 year ago • 5 comments

Nice and all, but with selinux enforcing, getting root is not enough.

Zibri avatar Oct 20 '22 15:10 Zibri

Anhh... actually Yes, u r correct... Thanks for pointing it out, as I haven't mentioned that in the To-Do list section of the README.md file. I haven't worked with SELinux much, till now I don't know how to get around SELinux But yes, I do have plans for it. If u have any good resource related to it, or have any ideas, u are very much welcome to implement/ perform PR (if u want) !

Thanks again, for reminding me.

reveng007 avatar Oct 20 '22 20:10 reveng007

Also:

  1. it won't work on android (ARM64)
  2. a nice trick.. instead of
	struct cred *root = prepare_creds();

	if (root == NULL)
	{
		return;
	}

	// Updating ids to 0 i.e. root
	root->uid.val = root->gid.val = 0;
	root->euid.val = root->egid.val = 0;
	root->suid.val = root->sgid.val = 0;
	root->fsuid.val = root->fsgid.val = 0;

	// Setting the updated value to cred structure
	commit_creds(root);

how about this nice oneliner?

commit_creds(prepare_kernel_cred(pid_task(find_vpid(0), PIDTYPE_PID)));

Use 0 to become "kernel" and 1 to become "init" :D I wonder why nobody uses that.. it's so elegant ;)

Zibri avatar Oct 21 '22 20:10 Zibri

Or an even shorter: commit_creds(prepare_kernel_cred(NULL));

Zibri avatar Oct 21 '22 22:10 Zibri