Hello,
Thiemo Seufer wrote:
this is a major cleanup for the o32 syscall handling.
While we're here, there is an ptrace exploit in the syscall handling.
The kernel parses arguments, gets the address of the syscall handling routine in t2, and goes to the process which ptraces. On return from this process, the kernel restores t2 from the user stack and jumps there. I've got an example that gets root from this.
Regards, Gleb.
