This one is so generic it let’s you get around any of that very easily.
You don’t even need to interact with the filesystem, you can just change a cron script or system library and let some other process execute it. Or you can change /etc/passwd to give yourself access to a root user, which iirc is what this dirtyfrag vulnerability proof of concept did.
You can pretty much write to any file on the filesystem with one syscall (that is not a write syscall) and in a way that does not count as writing in any of the normal ways, so won’t even trigger file change events etc.
Even if it was built in it probably wouldn’t get full root, SELinux borks a lot of root exploits even if they privesc correctly.
This one is so generic it let’s you get around any of that very easily.
You don’t even need to interact with the filesystem, you can just change a cron script or system library and let some other process execute it. Or you can change /etc/passwd to give yourself access to a root user, which iirc is what this dirtyfrag vulnerability proof of concept did.
You can pretty much write to any file on the filesystem with one syscall (that is not a write syscall) and in a way that does not count as writing in any of the normal ways, so won’t even trigger file change events etc.