Linux 2.6.30 and the "init_cred" symbol

Linux 2.6.30 and the "init_cred" symbol

am 05.03.2010 04:54:37 von cyril

Hello all !

I have recently become interested in understanding some recent exploits
written by Brad Spengler, and especially the one using a null-pointer
dereference in tun_chr_poll() (this exploit can be found here :

After taking a look at his code, I decided to compile Linux 2.6.30, so I
could run the exploit and play with the code a little. I ended up
cloning the following repository
( 30.y.git;a=summary)
and doing a checkout of an older branch (in which the patch 0.y.git;a=commit;h=3f8fd3f9f677ce452556aca82473b7fcac370830
had not been applied). I compiled the kernel as a .deb package, and it
works perfectly on a virtual machine running Debian.

The problem is I can't get to run the exploit : to do so, I would need
to be able to resolve the address of the "init_cred" symbol. The fact is
that the following command does not return anything :
$ grep init_cred /proc/kallsyms

According to, init_cred is "the set of
credentials used by the init process and by all kernel daemons", which
makes me think this symbol should be there. Do you think I did something
wrong when compiling the kernel, or is that normal not to find this
symbol on certain versions of Linux ?

Thanks in advance !

Cyril Roelandt.
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to
More majordomo info at
Please read the FAQ at