The PoC does not actually work for me in its entirety as user process can't chdir("/etc/sudoers.d"), the dir is root:root 750. However, if I chmod 755 the dir, it does work. And either way, it always gets far enough to write a crafted core dump. So I have enough to go on with.
The PoC does not actually work for me in its entirety as user process can't chdir(" /etc/sudoers. d"), the dir is root:root 750. However, if I chmod 755 the dir, it does work. And either way, it always gets far enough to write a crafted core dump. So I have enough to go on with.