hello list, A question with a security aspect and a genral programming: today I tryes to compile and install the StMichael kernel module: StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS. Changes: Fixed a serious bug that could cause a kernel Oops if StMichael was not the first module loaded into the system. Homepage: http://www.sourceforge.net/projects/stjude. By Tim Lawless
I get it compiled, but coud't load it. So I tryes a real Simple one let us call it lkm.c youst to see how kernelmodules work. http://www.linuxdoc.org/LDP/lkmpg/mpg.html ... -----------------------8<------------------------------ //#define MODULE #include <linux/kernel.h> #include <linux/module.h> #include <linux/modversions.h> int init_module(void) { printk("<1>Hello World\n"); return 0; } void cleanup_module(void) { printk("<1>Bye, Bye"); } -----------------------8<------------------------------ youst a small kenel modul from a tutorial, I compile it with: gcc-3.0 -Wall -DMODULE -D__KERNEL__ -DLINUX -c lkm.c -I/usr/src/kernel-headers-2.4.12-686/include/ or: gcc-2.95 -Wall -DMODULE -D__KERNEL__ -DLINUX -c lkm.c -I/usr/src/kernel-headers-2.4.12-686/include/ Whenn I try to insmod it, Nothing youst this output: #insmod lkm.o Warning: loading lkm.o will taint the kernel: no license Segmentation fault in the /var/log/mesages I found: .Dec 22 17:35:15 ingwer kernel: <1>Unable to handle kernel NULL pointer .dereference at virtual address 00000000 Dec 22 17:35:15 ingwer kernel: printing eip: Dec 22 17:35:15 ingwer kernel: 00000000 Dec 22 17:35:15 ingwer kernel: Oops: 0000 Dec 22 17:35:15 ingwer kernel: CPU: 0 Dec 22 17:35:15 ingwer kernel: EIP: 0010:[<00000000>] Tainted: P Dec 22 17:35:15 ingwer kernel: EFLAGS: 00010293 Dec 22 17:35:15 ingwer kernel: eax: 00000000 ebx: 0000000a ecx: 00000000 edx: 4001600a Dec 22 17:35:15 ingwer kernel: esi: 40016000 edi: 00000000 ebp: c339bf9c esp: c339bf70 Dec 22 17:35:15 ingwer kernel: ds: 0018 es: 0018 ss: 0018 Dec 22 17:35:15 ingwer kernel: Process insmod (pid: 1090, stackpage=c339b000) Dec 22 17:35:15 ingwer kernel: Stack: cc89114c 40016000 00000000 00000000 c339bfa4 00000150 0805f640 00000000 Dec 22 17:35:15 ingwer kernel: 00000000 c01347f3 c339bfa4 c339bfbc cc8908d3 c339a000 0805f640 bfffab3c Dec 22 17:35:15 ingwer kernel: cbaca000 c1306360 c0106e1c bfffea6c c0106d2b 0805f640 00000150 bfffea6c Dec 22 17:35:15 ingwer kernel: Call Trace: [sys_stat64+103/116] [error_code+52/60] [system_call+51/56] Dec 22 17:35:15 ingwer kernel: Dec 22 17:35:15 ingwer kernel: Code: Bad EIP value. My kernel #uname -a Linux ingwer 2.4.12-686 #2 Sat Oct 13 20:13:05 EST 2001 i686 unknown coud managed kenel modules, I built it my own. This are the first kernelmodules I build , StMichel came with a configure script , for lkm.c I cut and paste the compiler instructions. None is working. So where coud I find hints, or anybody an Idear what I make wrong??? thanks ingo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
