From e77a8b36367bf0a95581f7512e470e787771406b Mon Sep 17 00:00:00 2001
From: spsf <swoshswosh@proton.me>
Date: Tue, 24 Feb 2026 00:01:39 -0600
Subject: [PATCH] AsyncSyscall3 exploit fix

---
 .../lib/modules/Hyperion/30_userspace.kmod       |  6 +++---
 .../lib/modules/Hyperion/45_hypervisor.kmod      | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod
index 6947cac..2621138 100644
--- a/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod
+++ b/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod
@@ -21,7 +21,7 @@ local function readonly(tbl)
             error("Attempt to modify global variable '" .. k .. "'", 2)
         end,
 
-        __pairs = function()
+        __pairs = function(self)
             local function iter(_, key)
                 local nextKey, value = next(tbl, key)
                 if type(value) == "table" then
@@ -29,7 +29,7 @@ local function readonly(tbl)
                 end
                 return nextKey, value
             end
-            return iter, tbl, nil
+            return iter, self, nil
         end,
 
         __ipairs = function()
@@ -54,4 +54,4 @@ local origLoad = load
 
 kernel._U = readonly(kernel._G)
 kernel._U._G = kernel._U
-kernel._U.load = function(a, b, c, d) return origLoad(a, b, c, d or kernel._U) end
\ No newline at end of file
+kernel._U.load = function(a,b,c,d) return origLoad(a,b,c,d or kernel._U) end
diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/45_hypervisor.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/45_hypervisor.kmod
index f59d3a1..c23be56 100644
--- a/Src/Hyperion-kernel/lib/modules/Hyperion/45_hypervisor.kmod
+++ b/Src/Hyperion-kernel/lib/modules/Hyperion/45_hypervisor.kmod
@@ -5,6 +5,8 @@ local sys    = {}
 local nextpid = 2
 kernel.exitMain = false
 
+local resumeWithTimeout = coroutine.resumeWithTimeout
+
 local function bit_is_set(num, bit)
     return math.floor(num / (2 ^ bit)) % 2 == 1
 end
@@ -206,10 +208,14 @@ function sys.kill(pid)
         return false, "Task does not exist"
     elseif task.status == "Z" then
         return false, "Task is already dead"
-    else
-        task.status = "Z"
-        return true
     end
+    local caller = kernel.currentTask
+    local ceuid  = caller and (caller.euid or caller.uid) or kernel.uid
+    if ceuid ~= 0 and task.uid ~= (caller and caller.uid or kernel.uid) then
+        return false, "EPERM"
+    end
+    task.status = "Z"
+    return true
 end
 
 function sys.stop(pid)
@@ -352,7 +358,7 @@ function kernel.main()
                 if task.sigq and #task.sigq ~= 0 and task.sigh then
                     local coro = coroutine.create(task.sigh)
                     if kernel.config.preempt then
-                        coroutine.resumeWithTimeout(coro, task.timeSlice, table.remove(task.sigq, 1))
+                        resumeWithTimeout(coro, task.timeSlice, table.remove(task.sigq, 1))
                     else
                         coroutine.resume(coro, table.remove(task.sigq, 1))
                     end
@@ -363,7 +369,7 @@ function kernel.main()
                     local ret
 
                     if kernel.config.preempt then
-                        ret = { coroutine.resumeWithTimeout(task.coro, task.timeSlice, table.unpack(task.syscallReturn)) }
+                        ret = { resumeWithTimeout(task.coro, task.timeSlice, table.unpack(task.syscallReturn)) }
                     else
                         ret = { coroutine.resume(task.coro, table.unpack(task.syscallReturn)) }
                     end