CVE-2019-13272 PoC — Linux kernel 权限许可和访问控制问题漏洞

Title:Linux kernel 权限许可和访问控制问题漏洞 (CVE-2019-13272)
Description:In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

To check for vulnerability CVE-2019-13272

# ptrace-vuln
To check for vulnerability CVE-2019-13272
***


It is just a sample proof of concept generated by LLM and does not cover all cases.
The basic idea is if the system is not hardened and ptrace is not removed, the vulnerability should be considered applicable.


***


Steps to compile code and run it:
```
gcc poc.c -o test
chmod +x test
./test
```
***


Sample output:
```
<..SNIP..>
Syscall: 158
Syscall: 158
Syscall: 218
Syscall: 218
Syscall: 273
Syscall: 2
Syscall: 5
Syscall: 1
Hello, ptrace!
Syscall: 1
Syscall: 3
<..SNIP..>
```
***
&NewLine;

 [4.0K]  /data/pocs/c520e43e76f0766c7ac4550a1ebb640cdbd60fe9
├── [1.0K]  LICENSE
├── [ 771]  poc.c
└── [ 595]  README.md

0 directories, 3 files