# cve_2016_0728 not fully fixed in 4.3.3-hardened-r7 ?

## toralf

compiled the exploit of https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f - but do land not in back in my bash, but in a shell instead:

```
tfoerste@t44 ~/tmp $ ./cve_2016_0728 bla; date

uid=1000, euid=1000

Increfing...

finished increfing

forking...

finished forking

caling revoke...

uid=1000, euid=1000

sh-4.3$ whoami

tfoerste

sh-4.3$ exit

exit

Wed Jan 20 17:58:21 CET 2016

```

expected ?

Update: -r6 prevented my hardened system from suffering from that issue - tested it, PaX worked fine, but with -r6 I was back in my current bash shell after PaX jumped in. The version -r7 has the official patch incorporated by spengler, so I do wonder about the different behaviour now.Last edited by toralf on Sat Jan 23, 2016 10:17 am; edited 1 time in total

----------

## khayyam

 *toralf wrote:*   

> expected?

 

toralf ... that depends on if you were expecting "security experts" to know what linux is, and what exactly is "built into the various flavors of Linux". I'd advise you to play Abba's Dancing Queen at some volume, stare into a mirror'ed disco ball, do a silly dance ... and then forget all about it ;) 

souce ... in case anyone wonders what this is all about.

edit: and btw, grsecurity/PaX does prevent the exploit.

best ... khay

----------

