my personal poc and exploit of CVE-2022-0847(dirty pipe)

Just a simply POC of this CVE, compile the file poc.c as follow:

$ gcc poc.c -o poc -static

You shall run it as follow:

./poc target_file offset_in_file data

You shall make sure the destination file is at least readable.

Result tested on Linux kernel 5.13.19:

I choose to gain a ROT privilege by overwriting SUID application to provide a ROOT SHELL Just compile the file exploit_suid.c and run it as follow:

$ gcc exploit_suid.c -o exp -static
$ ./exp target_file

For test I chose the /bin/passwd as the target SUID file, result tested on Ubuntu 21.10 (kernel 5.13.0) is as follow:

You can visit my blog for more information about this CVE