Skip to content

Commit c4b67ea

Browse files
backslashxxbackslashxx
committed
kernel: sucompat: provide getname_flags (kernel) ultimatum hook
put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_kernel(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <[email protected]>
1 parent 51629ea commit c4b67ea

File tree

1 file changed

+23
-9
lines changed

1 file changed

+23
-9
lines changed

kernel/sucompat.c

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -136,17 +136,20 @@ int ksu_getname_flags_user(const char __user **filename_user, int flags)
136136
return ksu_sucompat_user_common(filename_user, "getname_flags", !!!flags);
137137
}
138138

139-
static int ksu_do_execveat_common(void *filename_ptr, const char *function_name)
139+
static int ksu_sucompat_kernel_common(void *filename_ptr, const char *function_name, bool escalate)
140140
{
141-
const char sh[] = KSUD_PATH;
142-
const char su[] = SU_PATH;
143141

144-
if (likely(memcmp(filename_ptr, su, sizeof(su))))
142+
if (likely(memcmp(filename_ptr, SU_PATH, sizeof(SU_PATH))))
145143
return 0;
146144

147-
pr_info("%s su found\n", function_name);
148-
memcpy(filename_ptr, sh, sizeof(sh));
149-
escape_to_root();
145+
if (escalate) {
146+
pr_info("%s su found\n", function_name);
147+
memcpy(filename_ptr, KSUD_PATH, sizeof(KSUD_PATH));
148+
escape_to_root();
149+
} else {
150+
pr_info("%s su->sh\n", function_name);
151+
memcpy(filename_ptr, SH_PATH, sizeof(SH_PATH));
152+
}
150153
return 0;
151154
}
152155

@@ -164,7 +167,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
164167
// return ksu_do_execveat_common((void *)filename->name, "do_execveat_common");
165168
// nvm this, just inline
166169

167-
return ksu_do_execveat_common((void *)(*filename_ptr)->name, "do_execveat_common");
170+
return ksu_sucompat_kernel_common((void *)(*filename_ptr)->name, "do_execveat_common", true);
168171
}
169172

170173
int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
@@ -182,10 +185,21 @@ int ksu_legacy_execve_sucompat(const char **filename_ptr,
182185
if (!is_su_allowed((const void *)filename_ptr))
183186
return 0;
184187

185-
return ksu_do_execveat_common((void *)*filename_ptr, "do_execve_common");
188+
return ksu_sucompat_kernel_common((void *)*filename_ptr, "do_execve_common", true);
186189
}
187190
#endif
188191

192+
// getname_flags on fs/namei.c, this hooks ALL fs-related syscalls.
193+
// put the hook right after usercopy
194+
// NOT RECOMMENDED for daily use. mostly for debugging purposes.
195+
int ksu_getname_flags_kernel(char **kname, int flags)
196+
{
197+
if (!is_su_allowed((const void *)kname))
198+
return 0;
199+
200+
return ksu_sucompat_kernel_common((void *)*kname, "getname_flags", !!!flags);
201+
}
202+
189203
// dummified
190204
int ksu_handle_devpts(struct inode *inode)
191205
{

0 commit comments

Comments
 (0)