Sunday, February 6, 2011

Exporting System Call Table in 2.6.x Kernel

System call table was exported till 2.4 kernels, because of security reasons and preventing kernel crash from malicious applications system call table is no more exported. Here is the patch to export system call table.
                Hey...! patch is not something strange programming concept :), its just to edit few source files in kernel to export system call table. 

+ symbol implies the line of code to be added.
 - symbol implies the line of code to be removed.

Here is the patch....! (I am implementing for i386 architecture, as most of desktops are with this architecture)

1) open the file: /src/linux-2.6.32.21/arch/i386/kernel/entry.s

-.section .rodata,"a"
+.section .data,"aw"
 #include "syscall_table.S"

 syscall_table_size=(.-sys_call_table)
2) open the file: /src/linux-2.6.32.21/kernel/kallsyms.c
 
__initcall(kallsyms_init);

 EXPORT_SYMBOL(__print_symbol);
+
+extern void *sys_call_table;
+EXPORT_SYMBOL(sys_call_table);
 
After modifications save changes to above files and rebuild the kernel so that System Call Table is exported in the next boot.

Read Me: I have ever read somewhere on the Internet, implementing a new system call is not the right way to control a module. The right way is to use ioctl() instead. More importantly, it is a silly thing to expose `sys_call_table' for modules to fiddle with it. For experimentation its not big deal.....! have fun exporting sys_call_table.





 




3 comments:

  1. hello, I am trying to modified the kernel sources as you did in this post, but I got this error:

    CHK include/linux/version.h
    CHK include/generated/utsrelease.h
    CALL scripts/checksyscalls.sh
    CHK include/generated/compile.h
    CC kernel/kallsyms.o
    kernel/kallsyms.c:36:1: error: ‘kallsyms_init’ undeclared here (not in a function)
    kernel/kallsyms.c:38:1: error: expected identifier or ‘(’ before ‘+’ token
    kernel/kallsyms.c:40:1: error: expected identifier or ‘(’ before ‘+’ token
    kernel/kallsyms.c:41:1: error: expected identifier or ‘(’ before ‘+’ token
    kernel/kallsyms.c:41:2: error: ‘sys_call_table’ undeclared here (not in a function)
    kernel/kallsyms.c:427:1: error: redefinition of ‘__kstrtab___print_symbol’
    kernel/kallsyms.c:38:1: note: previous definition of ‘__kstrtab___print_symbol’ was here
    kernel/kallsyms.c:427:1: error: redefinition of ‘__ksymtab___print_symbol’
    kernel/kallsyms.c:38:1: note: previous definition of ‘__ksymtab___print_symbol’ was here
    kernel/kallsyms.c:597:1: error: redefinition of ‘__initcall_kallsyms_init6’
    kernel/kallsyms.c:36:1: note: previous definition of ‘__initcall_kallsyms_init6’ was here
    make[2]: *** [kernel/kallsyms.o] Error 1
    make[1]: *** [kernel] Error 2
    make[1]: *** Waiting for unfinished jobs....
    VDSOSYM arch/x86/vdso/vdso-syms.lds
    VDSOSYM arch/x86/vdso/vdso32-int80-syms.lds
    VDSOSYM arch/x86/vdso/vdso32-syscall-syms.lds
    VDSOSYM arch/x86/vdso/vdso32-sysenter-syms.lds

    the differences that I have noticed are that my kernel version is 2.6.39 and I do not have just a single file entry.S but 2: entry_32.s and entry_64.s
    The mod for the file entry.S I have inserted only in entry_32.s

    Can you help me?

    thanks

    ReplyDelete
  2. Hi jonno,
    I could export the system call table in 2.6.38.5, I thought of implementing it in 2.6.39 but kernel.org is hacked...!

    I have repeated the above steps like this.

    -> Here in the src/linux-2.6.38.5/arch/x86/kernel/entry_32.s file by default it will be "section .data."a"" instead you make it as "section .data."aw""

    -> In /src/linux-2.6.38.5/kernel/kallsyms.c, I have added these to lines

    extern void *sys_call_table;
    EXPORT_SYMBOL(sys_call_table);

    below the line "EXPORT_SYMBOL(__print_symbol)"

    -> Saved the above changes and started building the kernel, I did not come across any errors. For building kernel there is post in this blog can check out that, here is the link below.

    http://linuxkernel51.blogspot.com/2011/02/how-to-build-linux-kernel.html

    If you still face issue please let me know i will try to rectifie that.

    ReplyDelete
  3. https://www.blockchain.com/btc/payment_request?address=3MBiVS79A41Q6sEgwYyQJ5Syrc1uqcJMMo&message=Investissement&amount=0.7328

    ReplyDelete