sgkdev/ptrace_may_dream

This repository is a proof of concept exploit for a Linux kernel security flaw, tracked as CVE-2026-46333. The README explains, in technical terms, that the bug is a race condition inside a kernel function called ptrace_may_access. When a process is dying and the kernel has already released its memory map, the access check that normally protects one process from peeking into another is skipped. The exploit races a system call called pidfd_getfd against process exit to steal file descriptors from a more privileged process. In plain terms, the kernel briefly opens a small window where an unprivileged user on the same Linux machine can reach into a privileged program and borrow one of its open connections. The README says the demonstration targets a system service called accounts-daemon. By stealing the daemon's connection to D-Bus, the program then sends commands that change another user account, setting its shell, account type, and password, which promotes the attacker to an administrator with a known password. The author notes that the exploit hardcodes the password it sets and tells anyone building it to edit that value in the source first. It has been tested on Red Hat Enterprise Linux 10 and Fedora 44, where the D-Bus broker exposes its socket on file descriptor number 5. Building and running, according to the README, is just make followed by ptrace_may_dream, with optional flags for the number of retries, the number of threads, and which file descriptor slot to target. The README closes with a joke quoting the kernel: the process is dead, long live the process. The repository has no separate license file mentioned and no other documentation.