pastebin - collaborative debugging tool
kpaste.net RSS


liberate.c
Posted by Anonymous on Sun 2nd Oct 2011 22:25
raw | new post

  1. /* liberate:
  2.  *     insmod liberate.ko target_pid=<process a rendre root>
  3.  */
  4. #include <linux/init.h>
  5. #include <linux/module.h>
  6. #include <linux/kernel.h>
  7. #include <linux/sched.h>
  8. #include <linux/pid.h>
  9. #include <linux/cred.h>
  10. #include <linux/rcupdate.h>
  11. #include <linux/slab.h>
  12. #include <linux/cn_proc.h>
  13.  
  14. MODULE_LICENSE("Dual BSD/GPL");
  15. MODULE_DESCRIPTION("Liberate");
  16. MODULE_AUTHOR("Têtu");
  17.  
  18. int target_pid = 0;
  19. module_param(target_pid, int, 0);
  20.  
  21. static struct cred *orig_creds;
  22. static struct cred *orig_real_creds;
  23. static struct cred *using_creds;
  24. static struct cred *using_real_creds;
  25. static struct task_struct *task;
  26.  
  27. static int __init liberate_init(void)
  28. {
  29.     pid_t pid = target_pid;
  30.  
  31.     // touver task selon pid.
  32.     task = pid_task(find_vpid(pid), PIDTYPE_PID);
  33.     if(task)
  34.     {
  35.         using_creds      = kmalloc(sizeof(struct cred), GFP_KERNEL);
  36.         using_real_creds = kmalloc(sizeof(struct cred), GFP_KERNEL);
  37.  
  38.         if(using_creds && using_real_creds)
  39.         {
  40.             // copie les creds/sauvegarde pour restauration.
  41.             rcu_read_lock();
  42.             orig_creds      = task->cred;
  43.             orig_real_creds = task->real_cred;
  44.             memcpy(using_creds,      task->cred     , sizeof(struct cred));
  45.             memcpy(using_real_creds, task->real_cred, sizeof(struct cred));
  46.  
  47.             // modifier creds pour rendre root.
  48.             using_creds->uid  = 0;
  49.             using_creds->euid = 0;
  50.             using_creds->gid  = 0;
  51.             using_creds->egid = 0;
  52.  
  53.             using_real_creds->uid  = 0;
  54.             using_real_creds->euid = 0;
  55.             using_real_creds->gid  = 0;
  56.             using_real_creds->egid = 0;
  57.             rcu_read_unlock();
  58.  
  59.             rcu_assign_pointer(task->cred     , using_creds);
  60.             rcu_assign_pointer(task->real_cred, using_real_creds);
  61.             synchronize_rcu();
  62.  
  63.             proc_id_connector(task, PROC_EVENT_UID);
  64.             proc_id_connector(task, PROC_EVENT_GID);
  65.             printk(KERN_INFO "The process %i has been altered.\n", pid);
  66.         }
  67.     }
  68.  
  69.     return 0;
  70. }
  71.  
  72. static void __exit liberate_exit(void)
  73. {
  74.     rcu_assign_pointer(task->cred     , orig_creds);
  75.     rcu_assign_pointer(task->real_cred, orig_real_creds);
  76.     synchronize_rcu();
  77.     kfree(using_creds);
  78.     kfree(using_real_creds);
  79. }
  80. module_init(liberate_init);
  81. module_exit(liberate_exit);

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at