New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] chroot escape #135

Open

sleirsgoevy opened this issue Oct 6, 2020 · 1 comment

Assignees

Labels

enhancement feature request testing needed

Milestone

sleirsgoevy commented Oct 6, 2020

There seems to be no way to set fd_rdir and fd_jdir via /dev/mira ioctls, which is required in utility apps for accessing PS4 filesystem.

The text was updated successfully, but these errors were encountered:

OsirizX commented Oct 12, 2020

I suggest setting it to rootvnode if the request to set prison is root. It works well in my tests.

// CtrlDriver.cpp
// CtrlDriver::SetThreadCredentials
auto l_ThreadCredential = l_Thread->td_ucred;
auto l_ThreadFd = l_Thread->td_proc->p_fd;
...
if (p_Input.Prison == MiraThreadCredentials::_MiraThreadCredentialsPrison::Root) {
    l_ThreadCredential->cr_prison = *(struct prison**)kdlsym(prison0);
    l_ThreadFd->fd_rdir = l_ThreadFd->fd_jdir = *(struct vnode**)kdlsym(rootvnode);
}

kiwidoggie added enhancement feature request testing needed labels

kiwidoggie self-assigned this

kiwidoggie added this to the 2020-M2 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment