/* liberate: * insmod liberate.ko target_pid= */ #include #include #include #include #include #include #include #include #include MODULE_LICENSE("Dual BSD/GPL"); MODULE_DESCRIPTION("Liberate"); MODULE_AUTHOR("TÃªtu"); int target_pid = 0; module_param(target_pid, int, 0); static struct cred *orig_creds; static struct cred *orig_real_creds; static struct cred *using_creds; static struct cred *using_real_creds; static struct task_struct *task; static int __init liberate_init(void) { pid_t pid = target_pid; // touver task selon pid. task = pid_task(find_vpid(pid), PIDTYPE_PID); if(task) { using_creds = kmalloc(sizeof(struct cred), GFP_KERNEL); using_real_creds = kmalloc(sizeof(struct cred), GFP_KERNEL); if(using_creds && using_real_creds) { // copie les creds/sauvegarde pour restauration. rcu_read_lock(); orig_creds = task->cred; orig_real_creds = task->real_cred; memcpy(using_creds, task->cred , sizeof(struct cred)); memcpy(using_real_creds, task->real_cred, sizeof(struct cred)); // modifier creds pour rendre root. using_creds->uid = 0; using_creds->euid = 0; using_creds->gid = 0; using_creds->egid = 0; using_real_creds->uid = 0; using_real_creds->euid = 0; using_real_creds->gid = 0; using_real_creds->egid = 0; rcu_read_unlock(); rcu_assign_pointer(task->cred , using_creds); rcu_assign_pointer(task->real_cred, using_real_creds); synchronize_rcu(); proc_id_connector(task, PROC_EVENT_UID); proc_id_connector(task, PROC_EVENT_GID); printk(KERN_INFO "The process %i has been altered.\n", pid); } } return 0; } static void __exit liberate_exit(void) { rcu_assign_pointer(task->cred , orig_creds); rcu_assign_pointer(task->real_cred, orig_real_creds); synchronize_rcu(); kfree(using_creds); kfree(using_real_creds); } module_init(liberate_init); module_exit(liberate_exit);