[826] in bugtraq
Anti Hijacking tools
daemon@ATHENA.MIT.EDU (Pete Shipley)
Sat Jan 28 00:15:38 1995
To: bugtraq@fc.net
Cc: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>, cert@cert.org
In-Reply-To: Your message of Tue, 24 Jan 1995 12:52:08 -0500.
<199501241752.MAA11290@Collatz.McRCIM.McGill.EDU>
Date: Fri, 27 Jan 1995 19:33:33 -0800
From: Pete Shipley <shipley@merde.dis.org>
------- =_aaaaaaaaaa0
Content-Type: text/x-pgp; charset="us-ascii"
Content-ID: <22906.791264012.1@merde.dis.org>
Content-Description: Pgp signed cleartext
-----BEGIN PGP SIGNED MESSAGE-----
Here is a program that does some of what der Mouse's device
driver does but runs as program that edits /dev/kmem to disable
the device /dev/vd.
I did what can to bullet proof the code so that it does not stomp on
the wrong device driver.
Written and tested under 4.1.3u1
-Pete
shipley@dis.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQBVAwUBLym6sXynuL1gkffFAQG7FAH+MJ/fdxXDHsppsWTaBWJ78EnKlCRglK8w
x1VF5tudzrqYPcc5alrulZJAUCNM3GTLReerHucxeROOqYjVKmAzCQ==
=5xve
-----END PGP SIGNATURE-----
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <22906.791264012.2@merde.dis.org>
Content-Description: noload.shar
#! /bin/sh
mkdir Noload
cd Noload
#! /bin/sh
echo x - Makefile
cat >Makefile <<'!E!O!F!'
CC=gcc -Wall
#CC=cc
CFLAGS=-g -pipe
noload: noload.o
$(CC) -g -pipe -o $@ $@.o -lkvm
yesload: yesload.o
$(CC) -g -pipe -o $@ $@.o -lkvm
clean:
/bin/rm -f noload noload.o
!E!O!F!
#! /bin/sh
echo x - README
cat >README <<'!E!O!F!'
noload.c by Peter Shipley
<shipley@complete.dis.org>
Fri Jan 27 03:02:59 PST 1995
inspired by a device driver by der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
This program disables and open and ioctl of /dev/vd thus
blocking modload and modstat from from funtioning. The
use of this is to disable people (crackers) from installing
"unwanted" drivers.
!E!O!F!
#! /bin/sh
echo x - noload.c
cat >noload.c <<'!E!O!F!'
/* noload.c by Peter Shipley */
/* Fri Jan 27 03:02:59 PST 1995 */
/* this program disables and open and ioctl of /dev/vd */
/* thus blocking modload from funtioning. */
/* inspired by a device driver by der Mouse <mouse@Collatz.McRCIM.McGill.EDU> */
#include <stdio.h>
#include <kvm.h>
#include <fcntl.h>
#include <nlist.h>
#include <sys/conf.h>
static struct nlist nl[] = {
{ "_cdevsw" },
#define CDEVSW 0
{ "_vdopen" },
#define VDOPEN 1
{ "_vdclose" },
#define VDCLOSE 2
{ "_nodev" },
#define NODEV 3
{ "" },
};
#define nlsize (sizeof (nl) / sizeof (struct nlist))
#define VD 57
static char *kmemf, *swapf, *nlistf;
static kvm_t *kvmp;
static struct cdevsw cd;
static struct cdevsw *cd_p;
extern errno;
int printf();
int fprintf();
void exit();
static debug=0;
int
main(ac, av)
int ac;
char *av[];
{
int i;
/* open the kmem device */
kvmp = kvm_open(nlistf, kmemf, swapf, O_RDWR, av[0]);
/* if kvm_open had failed it would have printed at error string for us */
if(kvmp == NULL) {
exit(1);
}
/* get the name list from the kernal */
i = kvm_nlist(kvmp, nl);
/* test that we obtained the namelist we wanted */
if ( i > 0 ) {
(void) fprintf(stderr,
"%s: kvm_nlist failed to read all symbols, aborting...\n",
av[0]);
exit(1);
}
if (debug) {
(void) printf("n_name = %s n_type=%x n_value=%x\n",
nl[CDEVSW].n_name, nl[CDEVSW].n_type, nl[CDEVSW].n_value);
(void) printf("n_name = %s n_type=%x n_value=%x\n",
nl[VDOPEN].n_name, nl[VDOPEN].n_type, nl[VDOPEN].n_value);
(void) printf("n_name = %s n_type=%x n_value=%x\n",
nl[NODEV].n_name, nl[NODEV].n_type, nl[NODEV].n_value);
}
/* calc the address the the 57'th array index */
cd_p = &( ((struct cdevsw *) nl[0].n_value)[VD]);
if(debug) {
(void) printf("%x %x\n", (int) nl[0].n_value, (int) cd_p);
}
/* read in the 57'th index if cdevsw */
(void) kvm_read(kvmp, cd_p, &cd, sizeof(struct cdevsw));
/* test that we got the right one */
if( (caddr_t) cd.d_close != (caddr_t) nl[VDCLOSE].n_value ) {
(void) fprintf(stderr,
"%s: Error loadable modules interface driver no at index %d, aborting...\n",
av[0], VD);
exit(1);
}
/* test that we have not done this already */
if( (caddr_t) cd.d_open == (caddr_t) nl[NODEV].n_value ) {
(void) fprintf(stderr,
"%s: loadable modules interface driver has already been disabled, exiting..\n",
av[0]);
exit(1);
}
cd.d_open = (caddr_t) nl[NODEV].n_value;
cd.d_ioctl = (caddr_t) nl[NODEV].n_value;
/* update the entery in the character device table */
i = kvm_write(kvmp, cd_p, &cd, sizeof(struct cdevsw));
/* report the sucess of the write */
if (i == sizeof(struct cdevsw) ) {
(void) printf("%s: loadable modules interface driver is now disabled\n",
av[0]);
} else {
(void) printf("%s: write error occored while updating the character device table\n",
av[0]);
}
/* it is safe to ignore the result of this operation */
(void) kvm_close(kvmp);
exit(0);
}
!E!O!F!
cd ..
------- =_aaaaaaaaaa0--