From 14f1f1faf68540cccabfc4057bf829b3cb17b22a Mon Sep 17 00:00:00 2001
From: Werner Sembach <werner.sembach@fau.de>
Date: Fri, 12 Oct 2018 15:18:54 +0200
Subject: [PATCH] Update scripts

---
 .gitignore |  2 ++
 README.md  |  5 +++++
 compile.sh |  1 +
 rcS        | 18 ++++++++++++++++++
 run.sh     |  2 ++
 5 files changed, 28 insertions(+)
 create mode 100755 rcS

diff --git a/.gitignore b/.gitignore
index 173d340..68bebfe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,8 @@
 /buildroot-2018.02.6.tar.gz
 /linux-3.10.105
 /linux-3.10.105.tar.gz
+/linux-3.18.55
+/linux-3.18.55.tar.gz
 /linux-4.4.70
 /linux-4.4.70.tar.gz
 /linux-4.14.75
diff --git a/README.md b/README.md
index 1a2edc3..bc9765c 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
 ### CVE-2017-8890
+Vulnerable kernel version:
+- 3.10.105
+- 3.18.55
+- 4.4.70
+
 vuln in inet_csk_clone_lock in net/ipv4/inet_connection_sock.c
 - https://elixir.bootlin.com/linux/v3.10.105/source/net/ipv4/inet_connection_sock.c#L674
 
diff --git a/compile.sh b/compile.sh
index d342151..55acaab 100755
--- a/compile.sh
+++ b/compile.sh
@@ -3,6 +3,7 @@
 SCRIPTDIR=$(dirname "$0")
 
 cd $SCRIPTDIR/busybox-1.29.3/_install/
+cp ../../rcS etc/init.d/rcS
 aarch64-linux-gnu-gcc ../../CVE-2017-8890_PoC.c -o CVE-2017-8890_PoC -static -pthread -O0
 aarch64-linux-gnu-gcc ../../test_ipv6_multicast.c -o test_ipv6_multicast -static -pthread -O0
 find . | cpio -o --format=newc > ../rootfs.img
diff --git a/rcS b/rcS
new file mode 100755
index 0000000..25ef022
--- /dev/null
+++ b/rcS
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+mount -t proc none /proc
+mount -t sysfs none /sys
+/sbin/mdev -s
+
+# enable localhost
+ip link set lo up
+# enable ethernet
+ip link set eth0 up
+# enable ipv6 over ipv4
+ip link set sit0 up
+
+# enable fake ipv4 multicast if eth0 is not available
+#ip route add 224.0.0.0/4 dev lo
+
+# this ipv6 variant does not work :(
+#ip route add ff00::/8 dev lo
diff --git a/run.sh b/run.sh
index 549201f..c4a2cd7 100755
--- a/run.sh
+++ b/run.sh
@@ -8,6 +8,8 @@ elif [ "$1" == "buildroot" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/buildroot-2018.02.6/output/images/rootfs.cpio -append "console=ttyAMA0 root=/dev/ram rdinit=/init" -s
 elif [ "$1" == "3.10" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.10.105/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
+elif [ "$1" == "3.18" ]; then
+    qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.18.55/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
 elif [ "$1" == "4.4" ]; then
     qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
 elif [ "$1" == "4.14" ]; then
-- 
GitLab