In order to use this exploit you need a program that has UID bit set and the file owned by the user you want to use itheir privilages.

For example su (among other commands) has that UID bit set and because the owner of the file is root then when you execute it, it always runs with root privileges

Most Android devices use SELinux (Security Enhanced Linux) which is configured in such way that you couldn’t have root access even if you could run a program owned by root and has the UID bit set.

What you could do - in theory - is finding a process already running with root privileges and happened to be executing certain command periodically. you could then override that certain program in cache using this exploit to do what you want.

I can at least tell you what it does because I tested it:

It override your /usr/bin/su so that it now let you run as root with no password.

My guess is that the payload is an su command that was modified to run without requiring password but it’s also possible - though unlikely - that it just patch your existing su.

either way if you will run the script, you need to backup your existing su command first.

Correction: The script doesn’t permanently modify the su file instead it modifies a cached copy of the file in memory. restarting your device or doing echo 3 > /proc/sys/vm/drop_caches to flush the cache restore the su file to its original state

Here it is after improving readability a little

https://pastebin.com/iW8BRrdX

there is no su binary in most android devices sadly

Regarding VPN being slow, two possibilities here:

1. They analyze internet packets, detect VPN connections and deliberately throttle them.
2. They just slow down anything that is not a common protocol (not http, https, ftp, …) that would make other things like torrent or even ssh session to be also equally slow.

If it is the first possibility, I know that OpenVPN with static key tend to be very difficult to detect if not impossible. Its also a bit faster but it has its cons that I encourage you to read about.

If it is the second possibility then you need to disguise your VPN traffic as https. I know its doable but I am fuzzy on the details.

I have started with Mandrake (later renamed to Mandriva) then went through few other distros before settling on Gentoo.

Gentoo installation is one of the most complicated because there is no installer, you do everything yourself.

This is like buying car parts and assembling them together into a car using a manufacturer’s manual. its painful but once the car is assembled you almost never have to take it to a repair shop. Not because it doesn’t breakdown but because you know well how it function and thus how to fix it yourself.

Its multiple states plus some countries too.

But anyway the law as it stand is not problematic to any one. When installing an OS and asked for birth date put any random date.

If the law require actual verification or make it illegal - for you as a user - to provide false date then its fascist in my book

Your point was around age verification which I am saying systemd’s update doesn’t do such thing

Its similar but not the same. Original was for input birthdate but this one is for specify general age group

if I’m not mistaken the systemd PR implementing the birthdate change is closed wihout the code being merged. For now. it was merged and another pull request was created to revert that change. that pull request was closed.

To be clear the code went into the repo

Think of the boiling frog metaphore.

You’re saying - if I get you right - that if we let systemd add birthdate field today, tomorrow or after tomorrow we won’t revolt if we have to upload an ID to install an OS.

I respectfully disagree. I have a clear red line which is “don’t force me to do stuff”.

You want to add an optional field? I couldn’t care less.

You want me to input my valid birthdate or I can’t use your system. That’s when I revolt.

so you want them to comply after the deadline?

I think xdg-desktop protocol was already rejected

I know there is a lot of misleading information online regarding this matter so please allow me to write down my version and feel free to correct me.

1. The law - as it is now - doesn’t require any actual verification, it just wants OS to require users to provide a birth date. You - as a user - can put whatever date your heart desire. The purpose is that parents performing OS setup for their children could input their correct date of birth so that apps know that a minor is using the PC not an Adult.

2. Systemd provides field for you to store your birth date. It is an optional field and it will obviously be blank in your system unless you dig around to find out how to set it.

3. The ones who would enforce the date of birth thing is installers of various Linux distribution who wish to comply. ArchLinux has an open merge request that would require providing a birth date (again no verification, you put what you want)

Happy to provide links to support any of my claims above

what difference does it make to you if you don’t mind me asking

This is a law that companies are required to implement or stop making business in the states enforcing that law.

You probably feel that companies should just stop doing business in those states “to show them”. Sadly a lot of profitable Linux companies that fund Linux development disagree with your high morals. They want to continue doing business there.

Adding that field help those company comply with the law and doesn’t hurt you in anyway except maybe taking few bytes in your disk drive.

Even if the field is not added, those companies would come up with another place to store date of birth or even use systemd fork.

Its not like they will say since we can’t store date of birth in systemd’s user model then we’ll have to abandon this project and close our branches in those states instead.

I have read the git thread related to the merge request.

I don’t see what’s the big deal. You have a user model that already contain fields like user’s full name, location, … among others and all this developer did was adding yet another optional field called date of birth.

This does nothing to verify user’s age and enforce nothing. They’ve stressed that repeatedly in the comments.

What that does is making it easy for a Linux distro to store user’s birthday - should they wish to do so - and making that bit of info accessible to running apps so that each app can do what it wants with it.

User’s fullname and location are already there which are also optional so what’s the big deal?

I didn’t like Nvidia products even before hearing that.

Guess that another reason to avoid it.

are you able to ping a website? try this command “ping google.com” without quotes

if you press “Alt+F2” a popup should appear with a text field where you can type in a command like “terminal”

are you able to open terminal inside your KDE by any chance?