fix: improve pwnkit detection (#79)

liamg · Mar 9, 2022 · 368dee5 · 368dee5
1 parent 2c76630
commit 368dee5
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 323 deletions.
diff --git a/pkg/exploits/cve20214034/exploit.go b/pkg/exploits/cve20214034/exploit.go
@@ -7,6 +7,8 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strconv"
+	"strings"
 
 	"github.com/google/uuid"
 	"github.com/liamg/traitor/pkg/logger"
@@ -34,6 +36,27 @@ func (v *cve20214034Exploit) IsVulnerable(ctx context.Context, s *state.State, l
 		return false
 	}
 
+	data, err := exec.Command("pkexec", "--version").Output()
+	if err != nil {
+		return false
+	}
+
+	bits := strings.Split(string(data), " ")
+	last := bits[len(bits)-1]
+
+	versionBits := strings.Split(last, ".")
+	if versionBits[0] != "0" || len(versionBits) <= 1 {
+		return false
+	}
+	minorStr := strings.Split(versionBits[1], "-")[0]
+	minor, err := strconv.Atoi(minorStr)
+	if err != nil {
+		return false
+	}
+	if minor > 105 {
+		return false
+	}
+
 	if err := v.Exploit(ctx, s, log.Silenced(), payloads.Payload("true")); err != nil {
 		return false
 	}

diff --git a/pkg/exploits/exploit_docker_socket.go b/pkg/exploits/exploit_docker_socket.go