Skip to content

Commit 73859f5

Browse files
backslashxxbackslashxx
committed
kernel: sucompat: provide getname_flags (kernel) ultimatum hook
put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_sucompat(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <[email protected]>
1 parent acba231 commit 73859f5

File tree

1 file changed

+23
-9
lines changed

1 file changed

+23
-9
lines changed

kernel/sucompat.c

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -135,17 +135,20 @@ int ksu_handle_getname_flags(const char __user **filename_user, int flags)
135135
return ksu_sucompat_user_common(filename_user, "getname_flags", !!!flags);
136136
}
137137

138-
static int ksu_do_execveat_common(void *filename_ptr, const char *function_name)
138+
static int ksu_sucompat_kernel_common(void *filename_ptr, const char *function_name, bool escalate)
139139
{
140-
const char sh[] = KSUD_PATH;
141-
const char su[] = SU_PATH;
142140

143-
if (likely(memcmp(filename_ptr, su, sizeof(su))))
141+
if (likely(memcmp(filename_ptr, SU_PATH, sizeof(SU_PATH))))
144142
return 0;
145143

146-
pr_info("%s su found\n", function_name);
147-
memcpy(filename_ptr, sh, sizeof(sh));
148-
escape_to_root();
144+
if (escalate) {
145+
pr_info("%s su found\n", function_name);
146+
memcpy(filename_ptr, KSUD_PATH, sizeof(KSUD_PATH));
147+
escape_to_root();
148+
} else {
149+
pr_info("%s su->sh\n", function_name);
150+
memcpy(filename_ptr, SH_PATH, sizeof(SH_PATH));
151+
}
149152
return 0;
150153
}
151154

@@ -162,7 +165,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
162165
// return ksu_do_execveat_common((void *)filename->name, "do_execveat_common");
163166
// nvm this, just inline
164167

165-
return ksu_do_execveat_common((void *)(*filename_ptr)->name, "do_execveat_common");
168+
return ksu_sucompat_kernel_common((void *)(*filename_ptr)->name, "do_execveat_common", true);
166169
}
167170

168171
int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
@@ -179,10 +182,21 @@ int ksu_legacy_execve_sucompat(int *fd, const char **filename_ptr,
179182
if (!is_su_allowed((const void *)filename_ptr))
180183
return 0;
181184

182-
return ksu_do_execveat_common((void *)*filename_ptr, "do_execve_common");
185+
return ksu_sucompat_kernel_common((void *)*filename_ptr, "do_execve_common", true);
183186
}
184187
#endif
185188

189+
// getname_flags on fs/namei.c, this hooks ALL fs-related syscalls.
190+
// put the hook right after usercopy
191+
// NOT RECOMMENDED for daily use. mostly for debugging purposes.
192+
int ksu_getname_flags_sucompat(char **kname, int flags)
193+
{
194+
if (!is_su_allowed((const void *)kname))
195+
return 0;
196+
197+
return ksu_sucompat_kernel_common((void *)*kname, "getname_flags", !!!flags);
198+
}
199+
186200
// dummified
187201
int ksu_handle_devpts(struct inode *inode)
188202
{

0 commit comments

Comments
 (0)