Sumo is a Linux Kernel module that grants root access credentials to any user-space process by PID. # TL;DR *.bashrc* ```bash make # build sudo insmod sumo.ko # install ./whoami # test ``` # How it works In it's `init()` function, *sumo* kernel module creates `/proc/sumo` file and waits for PID to be written. Afterwards, it fetches instance of a `task_struct` [kernel structure](https://medium.com/@boutnaru/linux-kernel-task-struct-829f51d97275) associated with the given PID and modifies its values accordingly. The main point of interest is the data stored in [credentials structure](https://docs.kernel.org/security/credentials.html). ```text sumo __ SUdo ,;.'--'. MOdule /"/=,=( \( __/ ___/ (____ .' - - '. / v \ __/ , | \ '-/'_ {z, ,__/__,__/\__,_ )__( z} \>' ( \_ `--c/ _.-'\_ , / \_ ( `.______.' '. \ , \ ( __ ) \ )-'-\__/-' | / | | / .' / ,) ( \_ oooO' '--Ooo ```