FatGid: FreeBSD 14.x kernel local privilege escalation
Source: News.Ycombinator
Published:
<p>File: sys/kern/kern_prot.c Function: kern_setcred_copyin_supp_groups() Lines: 528-533</p> <p>The function signature uses a double pointer for the groups argument:</p> <p>Because groups has type gid_t ** , the expression sizeof(*groups) evaluates to sizeof(gid_t *) == 8 on LP64, rather than the in