-
Notifications
You must be signed in to change notification settings - Fork 6
/
exploit.h
40 lines (35 loc) · 1022 Bytes
/
exploit.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#ifndef LAUNCHD_PORTREP__EXPLOIT_H_
#define LAUNCHD_PORTREP__EXPLOIT_H_
#include "threadexec/threadexec.h"
#include <unistd.h>
/*
* exploit
*
* Description:
* Use the launchd-portrep vulnerability to create a threadexec execution context inside the
* sysdiagnose process, which is root and has the task_for_pid-allow entitlement.
*
* Returns:
* Returns an execution context inside the sysdiagnose process on success.
*
* Notes:
* The exploit will fail if the sysdiagnose process is already running.
*/
threadexec_t exploit(void);
/*
* threadexec_task_for_pid
*
* Description:
* Use the threadexec execution context inside a task_for_pid-allow process to get the task
* port for the specified PID.
*
* Parameters:
* threadexec The threadexec context.
* pid The PID of the target process.
* task out On return, the task port of the process.
*
* Returns:
* Returns true on success.
*/
bool threadexec_task_for_pid(threadexec_t threadexec, pid_t pid, mach_port_t *task);
#endif