mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-28 12:34:26 +01:00
strlen_overflow and CONFIG_FORTIFY_SOURCE
This commit is contained in:
Ciro Santilli
24
README.adoc
24
README.adoc
@@ -952,7 +952,7 @@ Possibly asked at:
|
|||||||
|
|
||||||
The kernel calls `module_init` synchronously, therefore it is not hard to step into that call.
|
The kernel calls `module_init` synchronously, therefore it is not hard to step into that call.
|
||||||
|
|
||||||
As of 4.16, the call happens in `do_init_module`, so we can do in shell 1:
|
As of 4.16, the call happens in `do_one_initcall`, so we can do in shell 1:
|
||||||
|
|
||||||
....
|
....
|
||||||
./run
|
./run
|
||||||
@@ -961,7 +961,7 @@ As of 4.16, the call happens in `do_init_module`, so we can do in shell 1:
|
|||||||
shell 2 after boot finishes (because there are other calls to `do_init_module` at boot, presumably for the built-in modules):
|
shell 2 after boot finishes (because there are other calls to `do_init_module` at boot, presumably for the built-in modules):
|
||||||
|
|
||||||
....
|
....
|
||||||
./rungdb do_init_module
|
./rungdb do_one_initcall
|
||||||
....
|
....
|
||||||
|
|
||||||
then step until the line:
|
then step until the line:
|
||||||
@@ -2995,6 +2995,26 @@ Looks like a recompile is needed to modify the image...
|
|||||||
* https://superuser.com/questions/736423/changing-kernel-bootsplash-image
|
* https://superuser.com/questions/736423/changing-kernel-bootsplash-image
|
||||||
* https://unix.stackexchange.com/questions/153975/how-to-change-boot-logo-in-linux-mint
|
* https://unix.stackexchange.com/questions/153975/how-to-change-boot-logo-in-linux-mint
|
||||||
|
|
||||||
|
=== Hardening
|
||||||
|
|
||||||
|
Make it harder to get hacked and easier to notice that you were, at the cost of some (small?) runtime overhead.
|
||||||
|
|
||||||
|
==== CONFIG_FORTIFY_SOURCE
|
||||||
|
|
||||||
|
....
|
||||||
|
insmod /strlen_overflow.ko
|
||||||
|
....
|
||||||
|
|
||||||
|
detects the overflow:
|
||||||
|
|
||||||
|
....
|
||||||
|
<4>[ 3.136382] strlen_overflow: loading out-of-tree module taints kernel.
|
||||||
|
<0>[ 3.139534] detected buffer overflow in strlen
|
||||||
|
<4>[ 3.141318] ------------[ cut here ]------------
|
||||||
|
....
|
||||||
|
|
||||||
|
followed by a trace.
|
||||||
|
|
||||||
=== Linux kernel testing
|
=== Linux kernel testing
|
||||||
|
|
||||||
https://stackoverflow.com/questions/3177338/how-is-the-linux-kernel-tested
|
https://stackoverflow.com/questions/3177338/how-is-the-linux-kernel-tested
|
||||||
|
|||||||
@@ -197,3 +197,6 @@ CONFIG_ARM64_PTDUMP=y
|
|||||||
|
|
||||||
# For record and replay.
|
# For record and replay.
|
||||||
CONFIG_8139CP=y
|
CONFIG_8139CP=y
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
CONFIG_FORTIFY_SOURCE=y
|
||||||
|
|||||||
@@ -45,6 +45,8 @@
|
|||||||
.. link:netlink.c[]
|
.. link:netlink.c[]
|
||||||
. Utilities
|
. Utilities
|
||||||
.. link:kstrto.c[]
|
.. link:kstrto.c[]
|
||||||
|
. Hardening
|
||||||
|
.. link:strlen_overflow.c[]
|
||||||
. Arch
|
. Arch
|
||||||
.. x86
|
.. x86
|
||||||
... link:ring0.c[]
|
... link:ring0.c[]
|
||||||
|
|||||||
24
kernel_module/strlen_overflow.c
Normal file
24
kernel_module/strlen_overflow.c
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
#include <linux/kernel.h>
|
||||||
|
#include <linux/module.h>
|
||||||
|
#include <linux/string.h>
|
||||||
|
|
||||||
|
static int myinit(void)
|
||||||
|
{
|
||||||
|
enum { size = 256 };
|
||||||
|
int i = 1;
|
||||||
|
char buf[size];
|
||||||
|
char buf2[size];
|
||||||
|
for (i = 0; i < size; i++) {
|
||||||
|
buf[i] = 'a';
|
||||||
|
buf2[i] = 'b';
|
||||||
|
}
|
||||||
|
/*char buf[] = {'p', 'w', 'n'};*/
|
||||||
|
pr_info("%llu\n", (long long unsigned)strlen(buf));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void myexit(void) {}
|
||||||
|
|
||||||
|
module_init(myinit)
|
||||||
|
module_exit(myexit)
|
||||||
|
MODULE_LICENSE("GPL");
|
||||||
Reference in New Issue
Block a user