summary refs log tree commit diff stats
path: root/results/classifier/deepseek-2-tmp/output/permissions/807893
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/deepseek-2-tmp/output/permissions/807893')
-rw-r--r--results/classifier/deepseek-2-tmp/output/permissions/80789332
1 files changed, 0 insertions, 32 deletions
diff --git a/results/classifier/deepseek-2-tmp/output/permissions/807893 b/results/classifier/deepseek-2-tmp/output/permissions/807893
deleted file mode 100644
index 19cbdc2d..00000000
--- a/results/classifier/deepseek-2-tmp/output/permissions/807893
+++ /dev/null
@@ -1,32 +0,0 @@
-
-qemu privilege escalation
-
-If qemu is started as root, with -runas, the extra groups is not dropped correctly
-
-/proc/`pidof qemu`/status
-..
-Uid:    100     100     100     100
-Gid:    100     100     100     100
-FDSize: 32
-Groups: 0 1 2 3 4 6 10 11 26 27 
-...
-
-The fix is to add initgroups() or setgroups(1, [gid]) where appropriate to os-posix.c.
-
-The extra gid's allow read or write access to other files (such as /dev etc).
-
-Emulating the qemu code:
-
-# python
-...
->>> import os
->>> os.setgid(100)
->>> os.setuid(100)
->>> os.execve("/bin/sh", [ "/bin/sh" ], os.environ)
-sh-4.1$ xxd /dev/sda | head -n2
-0000000: eb48 9000 0000 0000 0000 0000 0000 0000  .H..............
-0000010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
-sh-4.1$ ls -l /dev/sda
-brw-rw---- 1 root disk 8, 0 Jul  8 11:54 /dev/sda
-sh-4.1$ id
-uid=100(qemu00) gid=100(users) groups=100(users),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),26(tape),27(video)
\ No newline at end of file