如何使用LSM实现我自己的挂钩函数? [英] How can I implement my own hook function with LSM?

问题描述

我正在学习有关访问控制的知识.并尝试使用LSM API实现自己的挂钩函数.但是我发现我必须在内核版本 3.1.4 的内核源代码中进行编码.那么，我该如何开始?

I'm learning something about access control. And try to implement own hook function with LSM api. But I found I have to code in the kernel source in Kernel version 3.1.4. So , how can I get started?

有人可以举一个例子吗?非常感谢.

Could someone give an example about it? Thanks a lot.

PS:我找到了一些示例，但是在内核版本2.6.20中.由于已对LSM进行了修改，因此这些示例无法正常工作.

PS: I have found some examples, but in kernel version 2.6.20. As LSM have been modified, those examples cannot work.

推荐答案

从2.6.35开始，您无法加载LSM模块(请参阅c1e992b99603a84d7debb188542b64f2d9232c07 commit).因此，将LSM移出内核不是有效的任务.但是您始终可以尝试在运行时反汇编内核，并找到所有私有符号，例如 security_ops 指针.

You can't load an LSM module since 2.6.35 (see c1e992b99603a84d7debb188542b64f2d9232c07 commit). So, it isn't a valid task to get LSM outside the kernel. But you always can try to disassemble the kernel at run time and find all the private symbols such as security_ops pointer.

例如，看看导出的 security_sb_copy_data 符号:

For example, have a look at the exported security_sb_copy_data symbol:

int security_sb_copy_data(char *orig, char *copy)
{
        return security_ops->sb_copy_data(orig, copy);
}
EXPORT_SYMBOL(security_sb_copy_data);

它转储可能看起来像这样 (x86_64):

It dump may looks this (x86_64):

(gdb) x/7i security_sb_copy_data 
   0xffffffff811f61b0:  push   %rbp
   0xffffffff811f61b1:  mov    %rsp,%rbp
   0xffffffff811f61b4:  data32 data32 data32 xchg %ax,%ax
   0xffffffff811f61b9:  mov    0x881690(%rip),%rax        # 0xffffffff81a77850
   0xffffffff811f61c0:  callq  *0x98(%rax)
   0xffffffff811f61c6:  pop    %rbp
   0xffffffff811f61c7:  retq

因此， 0xffffffff81a77850 地址是确切的 security_ops 指针.我们来检查一下:

So, the 0xffffffff81a77850 address is the exact security_ops pointer. Let's check it out with:

(gdb) x/s* 0xffffffff81a77850
0xffffffff81850fa0:  "default"

好的，现在我们有了有效的 security_ops 指针，并且可以在内核外部使用LSM进行任何操作.

OK, now we have valid security_ops pointer and can do anything with LSM outside the kernel.

P.S.有一个很棒的Linux内核安全性项目-AKARI.它实现了有趣的私有符号解析方法，无需进行反汇编(有关详细信息，请参见源).

P.S. There is a great Linux kernel security project - AKARI. It implements interesting methods of private symbols resolution without disassembly (see sources for details).

这篇关于如何使用LSM实现我自己的挂钩函数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！