kernel-modul compile/install

To: debian-security <debian-security@lists.debian.org>
Subject: kernel-modul compile/install
From: 520016764909-0001@t-online.de (id)
Date: Sat, 22 Dec 2001 17:58:41 +0100
Message-id: <[🔎] 16HpVC-0KF1DEC@fwd11.sul.t-online.com>
Reply-to: ingo@cimdata.de

hello list,
A question with a security aspect and a genral programming:
today I tryes to compile and install the StMichael kernel module:
  StMichael is a LKM that attempts to detect and divert attempts to install a 
  kernel-module backdoor into a running linux system. This is done by         
  monitoring the init_module and delete_module process for changes in the     
  system call table. Detects most modern LKM's, including KIS. Changes: Fixed 
  a   serious bug that could cause a kernel Oops if StMichael was not the     
  first module loaded into the system.  Homepage:    
  http://www.sourceforge.net/projects/stjude. By Tim Lawless

I get it compiled, but coud't load it. So I tryes a real Simple one let us 
call it lkm.c youst to see how kernelmodules work. 
 http://www.linuxdoc.org/LDP/lkmpg/mpg.html ...
-----------------------8<------------------------------
//#define MODULE
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/modversions.h>

int init_module(void) { printk("<1>Hello World\n"); return 0; }
void cleanup_module(void) { printk("<1>Bye, Bye"); }
-----------------------8<------------------------------
youst a small kenel modul from a tutorial, I compile it with:
gcc-3.0 -Wall -DMODULE -D__KERNEL__ -DLINUX  -c lkm.c     
-I/usr/src/kernel-headers-2.4.12-686/include/
or:
gcc-2.95 -Wall -DMODULE -D__KERNEL__ -DLINUX  -c lkm.c     
-I/usr/src/kernel-headers-2.4.12-686/include/

Whenn I try to insmod it, Nothing youst this output:
#insmod lkm.o
Warning: loading lkm.o will taint the kernel: no license
Segmentation fault
in the /var/log/mesages I found:
.Dec 22 17:35:15 ingwer kernel:  <1>Unable to handle kernel NULL pointer     
.dereference at virtual address 00000000
Dec 22 17:35:15 ingwer kernel:  printing eip:
Dec 22 17:35:15 ingwer kernel: 00000000
Dec 22 17:35:15 ingwer kernel: Oops: 0000
Dec 22 17:35:15 ingwer kernel: CPU:    0
Dec 22 17:35:15 ingwer kernel: EIP:    0010:[<00000000>]    Tainted: P
Dec 22 17:35:15 ingwer kernel: EFLAGS: 00010293
Dec 22 17:35:15 ingwer kernel: eax: 00000000   ebx: 0000000a   ecx: 00000000  
 edx: 4001600a
Dec 22 17:35:15 ingwer kernel: esi: 40016000   edi: 00000000   ebp: c339bf9c  
 esp: c339bf70
Dec 22 17:35:15 ingwer kernel: ds: 0018   es: 0018   ss: 0018
Dec 22 17:35:15 ingwer kernel: Process insmod (pid: 1090, stackpage=c339b000)
Dec 22 17:35:15 ingwer kernel: Stack: cc89114c 40016000 00000000 00000000 
c339bfa4 00000150 0805f640 00000000
Dec 22 17:35:15 ingwer kernel:        00000000 c01347f3 c339bfa4 c339bfbc 
cc8908d3 c339a000 0805f640 bfffab3c
Dec 22 17:35:15 ingwer kernel:        cbaca000 c1306360 c0106e1c bfffea6c 
c0106d2b 0805f640 00000150 bfffea6c
Dec 22 17:35:15 ingwer kernel: Call Trace: [sys_stat64+103/116] 
[error_code+52/60] [system_call+51/56]
Dec 22 17:35:15 ingwer kernel:
Dec 22 17:35:15 ingwer kernel: Code:  Bad EIP value.

My kernel #uname -a
Linux ingwer 2.4.12-686 #2 Sat Oct 13 20:13:05 EST 2001 i686 unknown

coud managed kenel modules, I built it my own. This are the first 
kernelmodules I build , StMichel came with a configure script , for lkm.c I 
cut and paste the compiler instructions. None is working.
So where coud I find hints, or anybody an Idear what I make wrong???

thanks ingo

Reply to:

Prev by Date: RE: Secure 2.4.x kernel
Next by Date: Re: Secure 2.4.x kernel
Previous by thread: Who wanted program, which react on syslogd messages in realtime?
Next by thread: iptables missing library
Index(es):
- Date
- Thread