mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-23 10:15:57 +01:00
strlen_overflow and CONFIG_FORTIFY_SOURCE
This commit is contained in:
Ciro Santilli
24
README.adoc
24
README.adoc
@@ -952,7 +952,7 @@ Possibly asked at:
|
||||
|
||||
The kernel calls `module_init` synchronously, therefore it is not hard to step into that call.
|
||||
|
||||
As of 4.16, the call happens in `do_init_module`, so we can do in shell 1:
|
||||
As of 4.16, the call happens in `do_one_initcall`, so we can do in shell 1:
|
||||
|
||||
....
|
||||
./run
|
||||
@@ -961,7 +961,7 @@ As of 4.16, the call happens in `do_init_module`, so we can do in shell 1:
|
||||
shell 2 after boot finishes (because there are other calls to `do_init_module` at boot, presumably for the built-in modules):
|
||||
|
||||
....
|
||||
./rungdb do_init_module
|
||||
./rungdb do_one_initcall
|
||||
....
|
||||
|
||||
then step until the line:
|
||||
@@ -2995,6 +2995,26 @@ Looks like a recompile is needed to modify the image...
|
||||
* https://superuser.com/questions/736423/changing-kernel-bootsplash-image
|
||||
* https://unix.stackexchange.com/questions/153975/how-to-change-boot-logo-in-linux-mint
|
||||
|
||||
=== Hardening
|
||||
|
||||
Make it harder to get hacked and easier to notice that you were, at the cost of some (small?) runtime overhead.
|
||||
|
||||
==== CONFIG_FORTIFY_SOURCE
|
||||
|
||||
....
|
||||
insmod /strlen_overflow.ko
|
||||
....
|
||||
|
||||
detects the overflow:
|
||||
|
||||
....
|
||||
<4>[ 3.136382] strlen_overflow: loading out-of-tree module taints kernel.
|
||||
<0>[ 3.139534] detected buffer overflow in strlen
|
||||
<4>[ 3.141318] ------------[ cut here ]------------
|
||||
....
|
||||
|
||||
followed by a trace.
|
||||
|
||||
=== Linux kernel testing
|
||||
|
||||
https://stackoverflow.com/questions/3177338/how-is-the-linux-kernel-tested
|
||||
|
||||
@@ -197,3 +197,6 @@ CONFIG_ARM64_PTDUMP=y
|
||||
|
||||
# For record and replay.
|
||||
CONFIG_8139CP=y
|
||||
|
||||
# Hardening
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
|
||||
@@ -45,6 +45,8 @@
|
||||
.. link:netlink.c[]
|
||||
. Utilities
|
||||
.. link:kstrto.c[]
|
||||
. Hardening
|
||||
.. link:strlen_overflow.c[]
|
||||
. Arch
|
||||
.. x86
|
||||
... link:ring0.c[]
|
||||
|
||||
24
kernel_module/strlen_overflow.c
Normal file
24
kernel_module/strlen_overflow.c
Normal file
@@ -0,0 +1,24 @@
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/string.h>
|
||||
|
||||
static int myinit(void)
|
||||
{
|
||||
enum { size = 256 };
|
||||
int i = 1;
|
||||
char buf[size];
|
||||
char buf2[size];
|
||||
for (i = 0; i < size; i++) {
|
||||
buf[i] = 'a';
|
||||
buf2[i] = 'b';
|
||||
}
|
||||
/*char buf[] = {'p', 'w', 'n'};*/
|
||||
pr_info("%llu\n", (long long unsigned)strlen(buf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void myexit(void) {}
|
||||
|
||||
module_init(myinit)
|
||||
module_exit(myexit)
|
||||
MODULE_LICENSE("GPL");
|
||||
Reference in New Issue
Block a user