Hey William exploit is run as a normal user and privilege escalates to a root shell
On Tue, 25 Oct 2016 at 15:09 William Roberts <[email protected]> wrote: > On Oct 25, 2016 05:12, "teroz" <[email protected]> wrote: > > > > I used one of the dirtycow root exploits on Fedora24 configured > with 30-pci-dss-v31.rules. I was expecting an ANOM_ROOT_TRANS record but > didn't get one. What triggers an ANOM_ROOT_TRANS record? What then is the > best way to trivially audit for a successful privilege escalation? > > > > I would imagine that if it's hijacking an already root or setuid binary, > you won't see anything. As far as that record goes, I have no idea, I'll > let an auditing expert answer that question. > > > > > > > > > > > > -- > > Linux-audit mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/linux-audit >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
