- Excerpts from Linux, showing the evolution and fix of the bug
- Exploit code from Perception Point with added comments that explain what each line does.
- A short script that uses the leak to increment usage count, useful for determining whether the bug exists on your system.
- A version of the exploit that bypasses the syscall wrappers (for systems that don't implement the keycntl wrappers).
- The first emergency patch from January 2016
- The best way to duplicate this exploit is to find an affected version of a Linux build, Listed below. ISO's may contain back-ported patches, so you need to download the source code and compile it yourself.
- Running the exploit on a modern version of Ubuntu (edited to retain the bug) gave strange results. I wrote test.c to track it, outputting to the keylog file. The program runs independently of the exploit, using nanosleep to control sample frequency. keylog is the output from running at 500 nanosecond period for about 1/2 second.
- Interpreting the keylog file: The number on left is the iteration number. It outputs a value when the slope changes. tState counts how many iterations since the slope last changed. It is completely random and not worth studying.
- For this test there was unpredictable output and no integer overflow, which means the exploit fails on a modern version, edited or not. Instead, compile a version from the list.
- Red Hat Enterprise Linux 7
- CentOS Linux 7
- Scientific Linux 7
- Debian Linux stable 8.x (jessie)
- Debian Linux testing 9.x (stretch)
- SUSE Linux Enterprise Desktop 12
- SUSE Linux Enterprise Desktop 12 SP1
- SUSE Linux Enterprise Server 12
- SUSE Linux Enterprise Server 12 SP1
- SUSE Linux Enterprise Workstation Extension 12
- SUSE Linux Enterprise Workstation Extension 12 SP1
- Ubuntu Linux 14.04 LTS (Trusty Tahr)
- Ubuntu Linux 15.04 (Vivid Vervet)
- Ubuntu Linux 15.10 (Wily Werewolf)
- Opensuse Linux LEAP 42.x and version 13.x
- Oracle Linux 7