Add kernelCTF CVE-2024-26642_mitigation #131
Conversation
koczkatamas
force-pushed
the
master
branch
2 times, most recently
from
b2e2b9f to
43a5a81
Compare
koczkatamas
force-pushed
the
master
branch
3 times, most recently
from
933028d to
c111d81
Compare
koczkatamas
force-pushed
the
master
branch
13 times, most recently
from
76d6b57 to
bf0d68f
Compare
There was a problem hiding this comment.
Hey,
This is just a quick code quality review. We're planning to review the submissions more deeply (actually understanding what the exploit does) in two weeks.
Please read our new (although still draft) style guide and refactor your exploit to follow the recommendations there.
I've also left some explicit comments. Please fix the similar issues found in your other PRs as well, especially in #130 in addition to the comments in this PRs and also fix the similar issues found here in the other PRs.
Thanks for the submission and PR!
| // This rule than has 4 expressions which will run our payload. | ||
| struct payload { | ||
| // This is provided by struct xt_table_info->size | ||
| #if 0 |
There was a problem hiding this comment.
Please remove commented out code: https://google.github.io/security-research/kernelctf/style_guide#commented-out-code
| return sched_setaffinity(getpid(), sizeof(set), &set); | ||
| } | ||
|
|
||
| #define MY_TABLE "foo_tab", strlen("foo_tab") |
There was a problem hiding this comment.
Please remove unused code: https://google.github.io/security-research/kernelctf/style_guide#unused-code
| u64 add_rsp_0x88 = 0xffffffff810ebbdd; | ||
|
|
||
|
|
||
| #define FOR_ALL_OFFSETS(x) do { \ |
There was a problem hiding this comment.
This logic seems to be overly complicated. We prefer this format better: https://google.github.io/security-research/kernelctf/style_guide#rop-chains
| i64 diff = 0xffffffff81000000 - base; | ||
| printf("diff: %lld\n", diff); | ||
|
|
||
| #define x(name) { name -= diff; printf("corrected %s to %llx\n", #name, name); } |
There was a problem hiding this comment.
This logic seems to be overly complicated. We prefer this format better: https://google.github.io/security-research/kernelctf/style_guide#rop-chains
No description provided.