I have written a kernel module which reads and writes /proc files, and it is working fine. Now I want to use permissions with it, but when I write the function for permissions shown below it gives me an error. The goal is for everyone to be able to read the file but only root can write to it.
int my_permission(struct inode *inode, int op)
{
if(op == 4||(op == 2 && current->euid = 0)) //euid is not a member of task_struct
return 0;
return -EACCES;
}
const struct inode_operations my_iops = {
.permission = my_permission,
};
The error I'm getting is:
/home/karan/practice/procf/testproc1.c: In function ‘my_permission’:
/home/karan/practice/procf/testproc1.c:50:32: error: ‘struct task_struct’ has no member named ‘euid'
I know that current is #defined to get_current(). Why is this happening? Is there a list of members of the struct returned from get_current()?
The struct task_struct is defined in include/linux/sched.h in the kernel source tree, you can view the members there. The current credentials would be in get_current()->cred , and the effective user id is get_current()->cred->euid
It's not safe to access those members directly, you must rather call current_euid() from include/linux/cred.h
http://www.kernel.org/doc/Documentation/security/credentials.txt might be of interest to you as well
Related
I need to get page-cache statistics of an open file. There is a address_space pointer(f_mapping) in file struct which in turn has the root of the radix tree called page_tree. I need to traverse that tree to get information about all the cached pages for that open file.
There are some functions like radix_tree_for_each_chunk(to iterate over chunks), radix_tree_for_each_chunk_slot (to iterate over slots in one chunk) etc, using these the functionality can be achieved. I am unsure about the proper use (arguments) of the same. It would be helpful if any example is posted.
I figured it out from Linux kernel source code.
struct file *file = filp_open("filename",O_RDONLY,0);
struct address_space *file_addr_space = file->f_mapping;
if(file_addr_space==NULL){
printk("error")
}
struct radix_tree_root file_page_tree_root = file_addr_space->page_tree; //contains all pages in page cache
struct radix_tree_iter iter;
void **slot;
int num_dirty = 0;
radix_tree_for_each_slot(slot,&file_page_tree_root,&iter,0){
struct page *page = radix_tree_deref_slot(slot);
if(page!=NULL){
//printk("information about page");
}
}
A logging structure that depends on logging related functions looks like this:
typedef struct
{
TFkt_vlogf vlogf;
TFkt_outf outf;
void* logData;
} TLogger;
In this logging function there is an abstract logData that is assigned with different pointers depending on the job that the logger has.
A Filelogger would at one point access a stored filehandle like this.
FILE * fileHandle = (FILE *)(logger->logData);
Although this compiles SPLint is unhappy about this and complains with this message:
Cast to underlying abstract type FILE *: (FILE *)(logger->logData)
What can i do to satisfy SPLint?
i tried to sprinkle some /*#abstract#*/ around but it did not help
Is there a better way in C90 to store and access data while still keeping the structure signature to pass the type around independent of its implementation?
The better Solution is to use a union and have all possible Data inside that union.
typedef union
{
FILE * fileHandle;
char something;
long int other;
} TLog_data;
typedef struct
{
TFkt_vlogf vlogf;
TFkt_outf outf;
TLog_data logData;
} TLogger;
At some point during execution you would use:
((TLogger*) logger)->logData.fileHandle
Is it possible to find hidden kernel modules by reading kernel memory directly?
By hiding I mean a LKM that removes itself from the kernel module list.
If so, what structure should I expect, or what document should I read?
following #Eugene, I find a way to read kernel memory directly to find the so called not-so-clever hidden module: just compare the module from both procfs perspective and sysfs perspective:
static int detect_hidden_mod_init(void)
{
char *procfs_modules[MAX_MODULE_SIZE];
char *sysfs_modules[MAX_MODULE_SIZE];
int proc_module_index = 0, sys_module_index = 0;
struct module *mod;
struct list_head *p;
// get modules from procfs perspective
list_for_each(p, &__this_module.list){
mod = list_entry(p, struct module, list);
procfs_modules[proc_module_index++] = mod->name;
}
// get modules from sysfs perspective
struct kobject *kobj;
struct kset *kset = __this_module.mkobj.kobj.kset;
list_for_each(p, &kset->list) {
kobj = container_of(p, struct kobject, entry);
sysfs_modules[sys_module_index++] = kobj->k_name;
}
//compare the procfs_modules and sysfs_modules
...
}
Actually it can detect most of current module-hidden rootkit, however as Eugene said, "A clever rootkit could try to hide that data as well". So it is not a perfect way.
I need to read certain statistics from iw_statistics structure, here's the code:
struct net_device *dev;
struct iw_statistics *wi_stats;
dev = first_net_device(&init_net);
while (dev)
{
if (strncmp(dev->name , "wlan",4)==0 )
{
if (dev->wireless_handlers->get_wireless_stats(dev) !=NULL ) // <--- here's where the code crashes.
{
wi_stats = dev-wireless_handlers->get_wireless_stats(dev);
printk(KERN_INFO "wi_stats = dev-wireless_handlers->get_wireless_stats(dev); worked!!! :D\n");
}
}
}
I'm working on linux kernel 2.6.35 and I'm writing a kernel module. What am I doing wrong here?
Looks like wireless_handlers struct is Null ... Just because a net device has it's name field filled doesn't mean it's configured.
This is where wireless_handlers gets set:
#ifdef CONFIG_WIRELESS_EXT
/* List of functions to handle Wireless Extensions (instead of ioctl).
* See <net/iw_handler.h> for details. Jean II */
const struct iw_handler_def * wireless_handlers;
/* Instance data managed by the core of Wireless Extensions. */
struct iw_public_data * wireless_data;
#endif
You should check the value called CONFIG_WIRELESS_EXT if it's not set , the wireless_handler struct is not set and thus you''ll be pointing to a Null and your module will get stuck
You should check that dev->wireless_handlers is not null. Can you paste the actual code snippet? What is the error you get?
I have a simple Image cache class in my MFC application, to keep track of images loaded from the file system:
typedef boost::shared_ptr<Gdiplus::Image> ImagePtr;
typedef std::map<std::string, ImagePtr> ImageMap;
Whenever an image is requested by file name, a look up is done, or if it is already loaded, the appropriate ImagePtr is returned.
The problem occurs when I exit my application, and the shared pointer gets destructed. I get an access violation here, in checked_delete.hpp:
// verify that types are complete for increased safety
template<class T> inline void checked_delete(T * x)
{
// intentionally complex - simplification causes regressions
typedef char type_must_be_complete[ sizeof(T)? 1: -1 ];
(void) sizeof(type_must_be_complete);
delete x; // <-------- violation here!!
}
Is GDI+ managing these objects for me? If so, what do I need to do to my shared_ptr so that it doesn't call delete? Or is something else awry?
Thanks in advance!
That might be a symptom of calling GdiplusShutdown before the pointers are destroyed.