#!/bin/sh # MAKE ME EXECUTABLE !!! # # [EMAIL PROTECTED]:/home/sacrine/TEST# chmod +x anti-ptrace # [EMAIL PROTECTED]:/home/sacrine/TEST# ./anti-ptrace # [+] making anti-ptrace.c: OK # [+] compiling the script: OK # [+] loading the module : OK #
echo -n " [+] making anti-ptrace.c: " cat > anti-ptrace.c <<NETRIC
/* * Noodoplossing voor de ptrace race vuln * anti-ptrace.c by sacrine * netric.org */
#define __KERNEL__ #define MODULE #define LINUX
#include <linux/module.h> #include <linux/kernel.h> #include <linux/types.h> #include <linux/version.h> #include <linux/slab.h> #include <linux/sched.h> #include <linux/fs.h> #include <linux/ctype.h> #include <linux/tty.h> #include <sys/syscall.h>
#include <linux/ptrace.h>
long (*o_ptrace) ( pid_t pid,
void *addr,
void *data );extern void* sys_call_table[];
int anti_ptrace( pid_t pid,
uid_t uid,
void *addr,
void *data )
{
uid_t o_uid; if(current->uid == 0)
{
return(o_ptrace(pid,addr,data));
} printk("warning: ptrace(); violation\n"
"pid=[%i] uid=[%i]\n"
,current->pid
,current->uid);console_print("warning: non-root users are not allowed to use ptrace();\n");
return EPERM;
}
int init_module(void)
{
o_ptrace=sys_call_table[SYS_ptrace];
sys_call_table[SYS_ptrace]=anti_ptrace; printk("anti-ptrace kernel module loaded with pid=[%i]\n",
current->pid);return(0); }
void cleanup_module(void)
{
sys_call_table[SYS_ptrace]=o_ptrace;
printk("anti-ptrace kernel module ended with pid=[%i]\n",
current->pid);
}NETRIC echo "OK"; echo -n " [+] compiling the script: "; gcc -c anti-ptrace.c -I/lib/modules/$(uname -r)/build/include echo "OK"; echo -n " [+] loading the module : "; /sbin/insmod anti-ptrace.o >/dev/null echo "OK";
# sacrine [Netric Security]
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
