A dirty module-loading library for the Linux kernel.
This abuses Linux modules auto-loading mechanism to trick
the kernel into shelling out to the userspace
A side-effect of
SIOCGIFINDEX ioctl results in
the kernel looking up and loading arbitrary modules by name.
This isn't strictly a privilege escalation as the caller must
CAP_SYS_MODULE capability; however it allows containerized
process to load modules in the host namespace.
This is a dirty mechanism, as the ioctl syscall will induce a context-switch back from kernel-space to user-space to run a host binary outside of caller context.
Typically this results in
modprobe being called in the host,
however arbitrary binaries can be run by tweaking the usermode
helper sysctl at
Try to load a host kernel module via the modprobe userspace helper.