lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 17 Jul 2010 15:51:06 +0800
From: supercodeing35271 supercodeing35271 <supercodeing35271@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: who know about this--can not catch the absolute
	path on intercept the mkdir() syscall in linux.

Hi,i am now write a simple file comparison and protect program in
linux kernel module using the way of intercepting the syscall.What i
have done is that when the module insmod into kernel,i can appoint a
path that make any action which intend to mkdir in the path return a
fail,so the path can be protect against  malicious tamper.
How the module work is very simply as a way of  intercept the mkdir()
syscall,i think lots of guy know about the theory.
But,it is not perfect.Because the module can only identify the
absolute path.Then situation,when we open a shell like this:
root@...ame-desktop:/home/myname/test# mkdir dirkkk
As this command running, a directory named dirkkk in the path
/home/myname/test has been created.Also use the command mkdir
/home/myname/test/dirkkk is the same.
But the module i wrote only realize the mkdir
/home/myname/test/dirkkk.This is the mkdir syscall function in 2.6.34:
asmlinkage long sys_mkdir(const char __user *pathname, int mode);
In my module,i intercept it and make a function named my_mkdir which
has the same parameters:
asmlinkage long my_mkdir(const char __user *pathname, int mode)
{
    if(strcmp(pathname,"/home/myname/test/dirkkk") == 0)
    {
        return -1;
    }
    return sys_mkdir(pathname,mode);
}
The module strcmp the pathname,if the pathname is which has been
setting as forbid,then return -1.Command mkdir
/home/myname/test/dirkkk may return a fail,but if mkdir dirkkk,it
doesn't forbid.Because the pathname is "dirkkk",not the
"/home/myname/test/dirkkk",it may return a original sys_mkdir.
So my question is that is any idea of identify the shell command like
mkdir if it is a absolute path or not,and how to change relative path
into absolute for my module can intercept the relative path

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ