pwnkit### CREDITS
VULNERABILITY AUTHOR: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
# Reference
https://github.com/arthepsy/CVE-2021-4034/blob/main/cve-2021-4034-poc.c
https://linux.die.net/man/1/pkexec
man_page/pkexec:
Note that pkexec does no validation of the ARGUMENTS passed to PROGRAM.
In the normal case (where administrator authentication is required
every time pkexec is used), this is not a problem since if the user is
an administrator he might as well just run pkexec bash to get root.
However, if an action is used for which the user can retain
authorization (or if the user is implicitly authorized), such as with
pk-example-frobnicate above, this could be a security hole. Therefore,
as a rule of thumb, programs for which the default required
authorization is changed, should never implicitly trust user input
(e.g. like any other well-written suid program).
by the author David Zeuthen <davidz@redhat.com>
written in may 2009.
# GCONV resources
https://www.gnu.org/software/libc/manual/html_node/glibc-iconv-Implementation.html#:~:text=for%20all%20conversions.-,gconv,use%20of%20the%20conversion%20functions.
https://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/
# PwnFunction
EXPLANATION VIDEO: https://youtu.be/eTcVLqKpZJc
# TO DO
Port the exploit to rust
need to write an explanation for exploit
[4.0K] /data/pocs/ce94d59d5e456dffc87a5dc895eafe3c67c023c8
├── [1.2K] pkexec_exploit.c
├── [ 53] pkexec_exploit.rs
└── [1.6K] README.md
0 directories, 3 files