[giis]

As soon as I read this

>Shared dev boxes, shell-as-a-service, jump hosts, build servers — anywhere multiple users share a kernel. any user becomes root

jumped out of bed and went straight into webminal.org servers as local user and ran the python code. It says permission denied on sock() call.

Then I tested with local laptop with it:

```

$ uname -a

Linux debian 6.12.43+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1~bpo12+1 (2025-09-06) x86_64 GNU/Linux

$ python3 copy_fail_exp.py

# cd /root && ls

bluetooth_fix_log.txt dead.letter overcommit_memorx~ overcommit_memory~ overcommit_memorz~ resize.txt snap

```

It does provide the root access!

[a96]

Beware that running this kind of thing even as a test on a host you don't own may well be a criminal offense!

[TZubiri]

Everything MAY be a criminal offense. Whether it has any merit is another matter.

If I were accused of anything criminal for running this in a host, my defense would be that I was checking the safety of a service I was being offered. If the service was vulnerable, I would counterclaim, if you are on the defense you are already losing.

[danparsonson]

You understand there's a difference between how the law is, and how you think it should be, right? Only one of those things will actually help you in court.

[TZubiri]

It probably depends more on the facts than the law.

Whether local access to a system was lawfully granted, whether the af alg module was probed, whether page cache in memory was corrupted, whether su binary on disk was modified, whether other users could access su after the intervention, what the terms of services were. Whether information from other users was accessed, whether the server is private or government related, whether the vuln was actually present, what actions were taken in notifying the server owner if the vuln was present etc..

To claim that X is illegal without regard for any of these variable facts is unlikely to hold generally.

Additionally, as a plaintiff I would be looking at a civil claim, so that would be my concern when evaluating defendant liabilities as well.

[m-ueberall]

I also tested this on an Ubuntu 24.04 (x86_64) host w/ GA kernel ("6.8.0-103-generic #103-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 10 13:34:59 UTC 2026 x86_64 GNU/Linux") and wasn't able to reproduce the "problem", although `canonical-livepatch` tells me that there are currently "no livepatches available".

[tommy_axle]

Could be worse (we'll see) as this could be a wild ride along with react2shell or some of the compromised packages as of late.

[Joe_Cool]

Anyone tried in an Azure Cloud Shell?

Asking for a friend ;)

EDIT: Don't. "/s" in case not obvious.