Linux Kernel instant intrusion detection security enhancement-Background

Linux Kernel real-time Intrusion Detection security enhancement-Background-general Linux technology-Linux programming and kernel information. For more information, see the following. V. Background
Ice cubes

I have not found the whole patch code in this article, probably because this person has abandoned the development of this item. Haha, if anyone can find it. Please tell us that the original url they provided is:
Www. iac. rm. cnr. it/tecno/software/indexs. HTML
This and previous LIDS articles are about kernel module-level system security. This article mainly aims to prevent the buffer overflow vulnerability. Although there is no code prototype, it provides several code examples to help us better understand how Linux Kernel Modules intercept system calls, or how to implement process operation permission analysis. It is helpful for us to understand Linux and other operating system kernels. I hope that you can better understand this article and help you develop system security software in the future. The code for the check_rootproc function is as follows:

/* Check_rootproc.c */

Int check_rootproc (struct inode * ino ){

Int cont = 0, iproc = 0, error = 0;

Suidp_t * suidproc;

Efile_t f;

Suidp_t p;


If (IS_SETUID_TO_ROOT (current) | (IS_A_ROOT_DAEMON (current ))){

For (; cont

If (permitted. lst [cont]. efid. device = ino-> I _dev &&

Permitted. lst [cont]. efid. inode = ino-> I _ino )){

If (permitted. lst [cont]. efid. size = ino-> I _size )&&

Permitted. lst [cont]. efid. modif = ino-> I _mtime )){

Suidproc = permitted. lst [cont]. processes;

For (iproc = 1; iproc <= permitted. lst [cont]. proc_nr; iproc ++ ){

If (! Strcmp (suidproc-> suidp_id.comm, current-> comm )){

Suidproc-> suidp_id.count ++;

Return PSA;

}

If (iproc

Suidproc = suidproc-> next;

}

}

} Else {

Error = EFNA;

Goto file_exe_unauthorized;

}

}

}

Error = EXENA;/* EXE is not in the database */

Goto file_exe_unauthorized;

}

Return PNS;/* the process is not setuid to root or root daemon */


File_exe_unauthorized:

F. efid. device = ino-> I _dev;

F. efid. inode = ino-> I _ino;

F. efid. size = ino-> I _size;

F. efid. modif = ino-> I _mtime;

Strncpy (p. suidp_id.comm, current-> comm,

Sizeof (p. suidp_id.comm ));

P. suidp_id.count = 1;

Do {

While (writer_pid! = 0 ){

Cli ();/* interrupt disabled */

If (writer_pid! = 0)

Interruptible_sleep_on (& pid_queue );

Sti ();

}

}

While (! Atomic_access (& writer_pid, current-> pid ));

/* Start of critical section */

Do_setuid_put (& (f. efid), & (p. suidp_id), FAILURE );

Writer_pid = 0;/* end of critical section */

Atomic_access (& writer_pid, 0);/* release of the lock */

Return error;


}