Hello and thank you for your awesome post.
I am getting stuck at how the systemtap file builds up throughout the first part of your guide. Specifically, at the first part you mention:
Let's add a probe to every function invoked in mq_notify() to see the code flowing and re-run the exploit:
and then you get the output you show on the table. I really don't know anything about systemtap and I can't modify the one that you show above so as to "probe every function invoked in mq_notify()" and therefore I can't actually trace all the i/o flow between the functions called in there. Can you please provide the full systemtap script for this?
Also, at the other systemtap script you include the net/netlink_sock.h. What package should I install for this? Should I do it from apt or find an older one that matches more my vuln kernel?
Hello and thank you for your awesome post.
I am getting stuck at how the systemtap file builds up throughout the first part of your guide. Specifically, at the first part you mention:
and then you get the output you show on the table. I really don't know anything about systemtap and I can't modify the one that you show above so as to "probe every function invoked in mq_notify()" and therefore I can't actually trace all the i/o flow between the functions called in there. Can you please provide the full systemtap script for this?
Also, at the other systemtap script you include the
net/netlink_sock.h. What package should I install for this? Should I do it from apt or find an older one that matches more my vuln kernel?