cormander / tpe-lkm Goto Github PK

Trusted Path Execution (TPE) Linux Kernel Module

License: Other

Shell 37.64% C 59.59% Makefile 2.77%

tpe-lkm's Issues

Case of large file name

In case of file name larger than you MAX_FILE_LEN you will have a crash because the pointer will point to the error number.
You have to use the IS_ERR macro in the exe_from_mm in order to catch this case from d_path call. Then just return a NULL in order to use it for error handling when calling the exe_from_mm function.

Cheers!
Panos

kernel: tpe: warning: cred->security was not remapped; the soften_mmap flag won't persist to child processes.

Is this something serious?

kernel: tpe: loading out-of-tree module taints kernel.
kernel: fopskit: fopskit_find_sym_addr() failed with return code -14 for fops_hook { name => selinux_enabled, addr => 0, found => 0, hooked => 0 } at fopskit_find_sym_addr() line 223
kernel: fopskit: fopskit_find_sym_addr() failed with return code -14 for fops_hook { name => selinux_disabled, addr => 0, found => 0, hooked => 0 } at fopskit_find_sym_addr() line 223
kernel: tpe: warning: cred->security was not remapped; the soften_mmap flag won't persist to child processes.
kernel: fopskit: fopskit_find_sym_addr() failed with return code -14 for fops_hook { name => sys_newuname, addr => 0, found => 0, hooked => 0 } at fopskit_find_sym_addr() line 223
kernel: tpe: added to kernel

Kernel:

$ uname -a
Linux morfikownia 4.20.16-amd64-morficzny+ #1 SMP PREEMPT Sun Mar 10 14:48:11 CET 2019 x86_64 GNU/Linux

#error "Arch not currently supported.

Have plans to support Arch？

extras disabled by softmode in 2.0

I am not currently able to get tpe.extra features to work on el7 with the latest kernel (3.10.0-514.16.1.el7.x86_64) running tpe-lkm 2.0.1. I am using the elrepo kmod-tpe package and also tried the in-testing 2.0.2 version with no difference built by @pjperry a few days ago.

I even went as far as to rebuild the rpm manually against latest commit from the elrepo spec file and it made no difference. I am not sure if this is an issue with the spec and how elrepo rpm is built (@pjperry ) or if its a tpe-lkm issue directly (@cormander).

Testing has been conducted on two separate el7 sytems, one KVM based and one bare metal with same results.

All extra features are not working, that is to say all processes are visible for non-root users, lsmod can be run without issue, kallsyms can be cat'd and hide_uname makes no difference (when enabled).

Find below current sysctl values for TPE.

tpe.admin_gid = 0
tpe.check_file = 0
tpe.dmz_gid = 0
tpe.extras.harden_ptrace = 1
tpe.extras.hide_uname = 0
tpe.extras.lsmod = 1
tpe.extras.proc_kallsyms = 1
tpe.extras.ps = 1
tpe.extras.ps_gid = 0
tpe.extras.restrict_setuid = 0
tpe.group_writable = 1
tpe.hardcoded_path =
tpe.kill = 0
tpe.lock = 0
tpe.log = 0
tpe.log_floodburst = 5
tpe.log_floodtime = 5
tpe.log_max = 50
tpe.log_verbose = 1
tpe.paranoid = 0
tpe.softmode = 1
tpe.strict = 0
tpe.trusted_apps =
tpe.trusted_gid = 0
tpe.trusted_invert = 0
tpe.xattr_soften = 1

Setting tpe.extras.hide_uname=1 doesn't work.

Most of the tpe.extras.* options work well, but tpe.extras.hide_uname doesn't.

When I set it to "0", I get:

# sysctl -w tpe.extras.hide_uname=0
tpe.extras.hide_uname = 0

$ uname -a
Linux morfikownia 4.20.12-amd64-morficzny+ #3 SMP PREEMPT Sat Feb 23 18:43:09 CET 2019 x86_64 GNU/Linux

When I change it to "1", I get:

# sysctl -w tpe.extras.hide_uname=1
tpe.extras.hide_uname = 1
$ uname -a
Linux morfikownia 4.20.12-amd64-morficzny+ #3 SMP PREEMPT Sat Feb 23 18:43:09 CET 2019 x86_64 GNU/Linux

Also when I try to check the sysctl value using:

# sysctl -a | grep tpe.extras.hide_uname

I get the following log and the sysctl command hangs:

tpe: Denied untrusted uname of /sbin/sysctl (uid:0) by /sbin/sysctl (uid:0), parents: /bin/zsh (uid:0), /bin/su (uid:1000), /bin/zsh (uid:1000), /usr/bin/tmux (uid:1000), /lib/systemd/systemd (uid:0). Deny reason: tpe_extras
kernel: tpe: If this uname was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_uname" /sbin/sysctl. To silence this message, run; sysctl tpe.log_verbose = 0

Here are my current TPE settings:

# sysctl -a | grep tpe
tpe.admin_gid = 0
tpe.check_file = 1
tpe.dmz_gid = 0
tpe.extras.harden_ptrace = 1
tpe.extras.hide_uname = 0
tpe.extras.ignore_softmode = 0
tpe.extras.log = 1
tpe.extras.lsmod = 1
tpe.extras.proc_kallsyms = 1
tpe.extras.ps = 0
tpe.extras.ps_gid = 0
tpe.extras.restrict_setuid = 0
tpe.group_writable = 1
tpe.hardcoded_path =
tpe.kill = 0
tpe.lock = 0
tpe.log = 1
tpe.log_floodburst = 5
tpe.log_floodtime = 5
tpe.log_max = 50
tpe.log_verbose = 1
tpe.paranoid = 0
tpe.softmode = 0
tpe.strict = 1
tpe.trusted_apps = "/usr/local/bin/docker-entrypoint.sh"
tpe.trusted_gid = 0
tpe.trusted_invert = 0
tpe.xattr_soften = 1

Project dead?

Is this project still active? There seems to be multiple unaddressed outstanding issues, no release for a year and the current source doesn't even build on EL5 kernels.

Can't compile on Debian/Devuan 8

Hi,

I'm trying to compile on a 3.16.0-4-amd64 kernel, on an host with Devuan 8 (same kernel and issue on Debian 8).

# make
make -C /usr/src/linux-headers-3.16.0-4-amd64 M=/root/tpe-lkm modules
make[1]: Entering directory '/usr/src/linux-headers-3.16.0-4-amd64'
make[1]: Entering directory '/usr/src/linux-headers-3.16.0-4-amd64'
  CC [M]  /root/tpe-lkm/fopskit.o
In file included from /root/tpe-lkm/fopskit.c:2:0:
/root/tpe-lkm/fopskit.h:48:38: error: ‘FTRACE_OPS_FL_IPMODIFY’ undeclared here (not in a function)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
                                      ^
/root/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/linux-headers-3.16.0-4-common/scripts/Makefile.build:262: recipe for target '/root/tpe-lkm/fopskit.o' failed
make[4]: *** [/root/tpe-lkm/fopskit.o] Error 1
/usr/src/linux-headers-3.16.0-4-common/Makefile:1355: recipe for target '_module_/root/tpe-lkm' failed
make[3]: *** [_module_/root/tpe-lkm] Error 2
Makefile:181: recipe for target 'sub-make' failed
make[2]: *** [sub-make] Error 2
Makefile:8: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-3.16.0-4-amd64'
Makefile:24: recipe for target 'tpe.ko' failed
make: *** [tpe.ko] Error 2`

The CONFIG_FUNCTION_TRACER is enabled.

# cat .config |grep CONFIG_FUNCTION_TRACER
CONFIG_FUNCTION_TRACER=y

Any hint?

Gianluca

Lack of documentation on some TPE parameters

There is a nice explanation what most of the TPE parameters do in the README file, but I haven't noticed there a parameter called tpe.lock . What does it do?

Also, what does tpe.xattr_soften do? The README file says: "check extended attributes for a soften flag." . What is this "soften flag" ? I couldn't find any info about it.

The next thing is ignore_softmode , which "enables extra features even if softmode is on" . What extra features? Does this mean all the tpe.extras.* options?

And the last one is extras/ -- I don't have this parameter in sysctl. Should I have it?

Random kernel panics on boot

Following a thread on the ElRepo mailing list, I am vetting intermittent kernel panics when running ClearOS 7.5 in a VBox VM on a Win10 host. More often than not the system boots correctly but if fails with a panic in about a quarter of boots. I've attached a screen dump of the crash.

The distro can be downloaded from http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso (all versions are the same). This may give you a 7.4 installation as the 7.5 was only released to the update channel on Friday. You will need to install and select "Community" version (Community is 7.5, Home and Business will stay on 7.4 for a couple of weeks and the repo's act a little strangely during this period, especially while you are on a 30 day trial). You will probably have to register the system at https://www.clearcenter.com/. Then I suggest you do a "yum update" which may put you on 7.5 if the download didn't.

My compiled tpe is available from my server here: https://www.howitts.co.uk/clearos/ClearOS_7.x/kmod-tpe-2.0.3-6.20170731git.el7_5.elrepo.x86_64.rpm

If you needed to set up development stuff, instructions are at https://www.clearos.com/clearfoundation/development/clearos/content:en_us:dev_development_environment

If you have any questions, please ask. I understand you can set VBox to capture via a serial port but I don't know how.

[edit]
AFAIK, the ClearOS kernel is an EL7 kernel with IMQ added for QoS so all kmod drivers need to be recompiled against the ClearOS kernel before they can be used. The drive I linked to has been recompiled so should be directly usable.
[/edit]

tpe.trusted_apps doesn't work

I'm just testing some of the module features and it looks like tpe.trusted_apps doesn't work on the 4.20.16-amd64 kernel.

#  sysctl -a | grep  trust
tpe.trusted_apps = "/home/morfik/gems/bin/jekyll"
tpe.trusted_gid = 0
tpe.trusted_invert = 0

kernel: tpe: Denied untrusted exec of /home/morfik/gems/bin/jekyll (uid:1000) by /bin/zsh (uid:1000), parents: /bin/zsh (uid:1000), /usr/bin/tmux (uid:1000), /lib/systemd/systemd (uid:0). Deny reason: directory uid not trusted
kernel: tpe: If this exec was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_exec:soften_mmap" /home/morfik/gems/bin/jekyll. To silence this message, run; sysctl tpe.log_verbose = 0
kernel: tpe: Denied untrusted exec of /home/morfik/gems/bin/jekyll (uid:1000) by /bin/zsh (uid:1000), parents: /bin/zsh (uid:1000), /usr/bin/tmux (uid:1000), /lib/systemd/systemd (uid:0). Deny reason: directory uid not trusted
kernel: tpe: If this exec was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_exec:soften_mmap" /home/morfik/gems/bin/jekyll. To silence this message, run; sysctl tpe.log_verbose = 0

But using setfattr -n security.tpe -v "soften_exec:soften_mmap" works well, so only tpe.trusted_apps doesn't work.

user-space programs can not get the correct errno

Below return -1 to user-space program:
fopskit_return(fopskit_eperm); //int fopskit_eperm(void) { return -EPERM; }
In user-space run with strace,I saw this:
creat("/tmp/test/create.txt", 0644) = 4294967295
Normally，display should be：
creat("/tmp/test/create.txt", 0644) = -1 EACCES (Permission denied)

So,how should I do?

Harden_symlinks not available via package?

Hello,

I'm testing this magnificent module, it has some issue with hosting servers but it's good over all.

Now i'm trying to test harden_symlink but it's not available in package via http://elrepo.org/ , should I build it from source to use symlink protection? any other idea or method?

if I add tpe.extras.harden_symlink it does not work : is an unknown key

my package : kmod-tpe-1.0.3-4.el5.elrepo.x86_64 , centos 5 64 bit.

Any suggestions?

Thanks,

In-tree build

Is there a way to build the module in-tree such that it's actually built into the kernel, not as a separate, un-loadable module?
Thanks for writing this - very educational.

Can TPE work with Docker containers?

When I start some docker containers I get the following log:

kernel: tpe: Denied untrusted exec of /usr/local/bin/docker-entrypoint.sh (uid:999) by /usr/local/bin/gosu (uid:999), parents: /usr/bin/containerd-shim (uid:0), /usr/bin/containerd (uid:0), /lib/systemd/systemd (uid:0). Deny reason: file is writable
kernel: tpe: If this exec was legitimate and you cannot correct the behavior, an exception can be made to allow this by running; setfattr -n security.tpe -v "soften_exec:soften_mmap" /usr/local/bin/docker-entrypoint.sh. To silence this message, run; sysctl tpe.log_verbose = 0

It says, that /usr/local/bin/docker-entrypoint.sh is untrusted , but I don't have this file in my system:

#  ls -al /usr/local/bin/docker-entrypoint.sh
ls: cannot access '/usr/local/bin/docker-entrypoint.sh': No such file or directory
#  ls -ald /usr/local/bin
drwxr-xr-x 2 root root 4096 2019-02-21 20:06:32 /usr/local/bin/

The file in question is inside of the container:

root@mariadb:/# ls -al /usr/local/bin/*
-rwxrwxr-x 1 root root    5816 Jan  8 23:47 /usr/local/bin/docker-entrypoint.sh
-rwxr-xr-x 1 root root 1286720 May 24  2017 /usr/local/bin/gosu

I tried to add the execs to tpe.trusted_apps , but that doesn't work. So how to handle such case like docker?

Fails to build from source on kernel 3.5.0-17

$ lsb_release -rd
Description: Ubuntu 12.10
Release: 12.10

/usr/src/tpe-lkm# make
make -C /usr/src/linux-headers-3.5.0-17-generic M=/usr/src/tpe-lkm modules
make[1]: Entering directory /usr/src/linux-headers-3.5.0-17-generic' CC [M] /usr/src/tpe-lkm/core.o /usr/src/tpe-lkm/core.c: In function ‘tpe_allow_file’: /usr/src/tpe-lkm/core.c:208:1: warning: the frame size of 1328 bytes is larger than 1024 bytes [-Wframe-larger-than=] CC [M] /usr/src/tpe-lkm/module.o CC [M] /usr/src/tpe-lkm/security.o CC [M] /usr/src/tpe-lkm/symbols.o CC [M] /usr/src/tpe-lkm/malloc.o CC [M] /usr/src/tpe-lkm/sysctl.o CC [M] /usr/src/tpe-lkm/hijacks.o CC [M] /usr/src/tpe-lkm/arch/x86/lib/inat.o /usr/src/tpe-lkm/arch/x86/lib/inat.c:32:13: error: conflicting types for ‘inat_get_escape_attribute’ In file included from /usr/src/linux-headers-3.5.0-17-generic/arch/x86/include/asm/insn.h:24:0, from /usr/src/tpe-lkm/arch/x86/lib/inat.c:21: /usr/src/linux-headers-3.5.0-17-generic/arch/x86/include/asm/inat.h:101:20: note: previous declaration of ‘inat_get_escape_attribute’ was here /usr/src/tpe-lkm/arch/x86/lib/inat.c:55:13: error: conflicting types for ‘inat_get_group_attribute’ In file included from /usr/src/linux-headers-3.5.0-17-generic/arch/x86/include/asm/insn.h:24:0, from /usr/src/tpe-lkm/arch/x86/lib/inat.c:21: /usr/src/linux-headers-3.5.0-17-generic/arch/x86/include/asm/inat.h:104:20: note: previous declaration of ‘inat_get_group_attribute’ was here make[2]: *** [/usr/src/tpe-lkm/arch/x86/lib/inat.o] Error 1 make[1]: *** [_module_/usr/src/tpe-lkm] Error 2 make[1]: Leaving directory/usr/src/linux-headers-3.5.0-17-generic'
make: *** [tpe.ko] Error 2

Unable to insert module, ftrace is not enabled

Sorry for disturbing you again but I can't load tpe module:

sudo modprobe tpe
modprobe: ERROR: could not insert 'tpe': Function not implemented

sudo dmesg |grep tpe
tpe: Unable to insert module, ftrace is not enabled

zcat /proc/config.gz | grep TRACER
# CONFIG_ATH5K_TRACER is not set
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
CONFIG_TRACER_MAX_TRACE=y
CONFIG_CONTEXT_SWITCH_TRACER=y
CONFIG_GENERIC_TRACER=y
CONFIG_FUNCTION_TRACER=y
CONFIG_FUNCTION_GRAPH_TRACER=y
# CONFIG_IRQSOFF_TRACER is not set
# CONFIG_PREEMPT_TRACER is not set
CONFIG_SCHED_TRACER=y
CONFIG_HWLAT_TRACER=y
CONFIG_TRACER_SNAPSHOT=y
# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
CONFIG_STACK_TRACER=y

zcat /proc/config.gz | grep FTRACE
CONFIG_KPROBES_ON_FTRACE=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_STM_SOURCE_FTRACE=m
# CONFIG_PSTORE_FTRACE is not set
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
CONFIG_FTRACE=y
CONFIG_FTRACE_SYSCALLS=y
CONFIG_DYNAMIC_FTRACE=y
CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
CONFIG_FTRACE_MCOUNT_RECORD=y
# CONFIG_FTRACE_STARTUP_TEST is not set

sudo sysctl -a |grep ftrace
kernel.ftrace_dump_on_oops = 0
kernel.ftrace_enabled = 1

findmnt |grep debugfs
│ ├─/sys/kernel/debug   debugfs debugfs rw,relatime

How to define trusted gid ?

Hey,

First i want to thanks for your work. I was using grsecurity tpe when was free. Today i have found your project and looks great but i have a still problem, how to define trusted group for users who will be able to run some app or script. How can i set that group ?

Thanks !

testing on newer kernels?

Has anyone tested this on newer kernels?
I tried to use this module for a simple "hello world" hijacking of fadvise() system call. It seems to work fine on kernel 2.6.32 (Ubuntu), but when I try it on kernel 3.8.0 (xubuntu) it doesn't work - I always get the same arguments (in fadvise() case this means same file descriptor , same offset etc). This suggests accessing the wrong place in memory, or bad registers. I dont know exactly.
Has anyone tried this? besides altering security.c, I had to make some changes to make the code compile on 3.8.0 kernel, the same changes suggested in the previous issue opened here, after which the code compiled just fine.

Anyway, I'm attaching my security.c code just to demonstrate what I'm trying to do

// the actual hijacking of system calls, and inserting code
#include "module.h"
#include <linux/blkdev.h>

struct kernsym sym_sys_fadvise64_64;

// sys_fadvise64_64
int tpe_sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice){
    // save old fadvise
    int (*run)(int fd, loff_t offset, loff_t len, int advice) = sym_sys_fadvise64_64.run;

    printk(PKPRE "*** hijacked fadvise. fd=%d offset=%d len=%d advice=%d\n", fd, offset, len, advice); // ALWAYS THE SAME IN 3.8.0!!!
    return run(fd, offset, len, advice);
}

void printfail(const char *name) {
    printk(PKPRE "warning: unable to implement protections for %s\n", name);
}

struct symhook {
    char *name;
    struct kernsym *sym;
    unsigned long *func;
};

// find symbols in /proc/kallsyms
struct symhook security2hook[] = {
    {"sys_fadvise64_64", &sym_sys_fadvise64_64, (unsigned long *)tpe_sys_fadvise64_64},
};

// hijack the needed functions. whenever possible, hijack just the LSM function

void hijack_syscalls(void) {

    int ret, i;

    for (i = 0; i < ARRAY_SIZE(security2hook); i++) {
        ret = symbol_hijack(security2hook[i].sym, security2hook[i].name, security2hook[i].func);

        if (IN_ERR(ret))
            printfail(security2hook[i].name);

        printk("%s hijacked successfuly!\n",  security2hook[i].name);        
    }

}

void undo_hijack_syscalls(void) {
    int i;

    for (i = 0; i < ARRAY_SIZE(security2hook); i++)
        symbol_restore(security2hook[i].sym);
}

Compile failed with kernel 4.9

Hello,

I tried to compile the tpe module with kernel v. 4.9.16 and got error:

$ make
make -C /usr/src/linux-4.9.16-gentoo M=/usr/src/tpe-lkm modules
make[1]: Entering directory '/usr/src/linux-4.9.16-gentoo'
  CC [M]  /usr/src/tpe-lkm/fopskit.o
In file included from /usr/src/tpe-lkm/fopskit.c:2:0:
/usr/src/tpe-lkm/fopskit.h:42:16: error: variable ‘fops_security_prepare_creds’ has initializer but incomplete type
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘func’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: warning: excess elements in struct initializer
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: note: (near initialization for ‘fops_security_prepare_creds’)
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘flags’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: error: ‘FTRACE_OPS_FL_SAVE_REGS’ undeclared here (not in a function)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:38: error: ‘FTRACE_OPS_FL_IPMODIFY’ undeclared here (not in a function)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
                                      ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: warning: excess elements in struct initializer
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: note: (near initialization for ‘fops_security_prepare_creds’)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:63:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_prepare_creds) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: variable ‘fops_security_cred_alloc_blank’ has initializer but incomplete type
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘func’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: warning: excess elements in struct initializer
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: note: (near initialization for ‘fops_security_cred_alloc_blank’)
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘flags’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: warning: excess elements in struct initializer
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: note: (near initialization for ‘fops_security_cred_alloc_blank’)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:90:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(security_cred_alloc_blank) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: variable ‘fops_proc_sys_write’ has initializer but incomplete type
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘func’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: warning: excess elements in struct initializer
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:43:11: note: (near initialization for ‘fops_proc_sys_write’)
   .func = fopskit_##val, \
           ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:42:16: error: unknown field ‘flags’ specified in initializer
  static struct ftrace_ops fops_##val __read_mostly = { \
                ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: warning: excess elements in struct initializer
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.h:44:12: note: (near initialization for ‘fops_proc_sys_write’)
   .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
            ^
/usr/src/tpe-lkm/fopskit.c:114:1: note: in expansion of macro ‘fopskit_hook_handler’
 fopskit_hook_handler(proc_sys_write) {
 ^
/usr/src/tpe-lkm/fopskit.c: In function ‘fopskit_sym_int’:
/usr/src/tpe-lkm/fopskit.c:297:27: error: storage size of ‘fops_int’ isn’t known
  static struct ftrace_ops fops_int;
                           ^
/usr/src/tpe-lkm/fopskit.c:297:27: warning: unused variable ‘fops_int’ [-Wunused-variable]
/usr/src/tpe-lkm/fopskit.c: In function ‘fopskit_sym_str’:
/usr/src/tpe-lkm/fopskit.c:312:27: error: storage size of ‘fops_str’ isn’t known
  static struct ftrace_ops fops_str;
                           ^
/usr/src/tpe-lkm/fopskit.c:312:27: warning: unused variable ‘fops_str’ [-Wunused-variable]
/usr/src/tpe-lkm/fopskit.c: In function ‘fopskit_sym_ptr’:
/usr/src/tpe-lkm/fopskit.c:327:27: error: storage size of ‘fops_ptr’ isn’t known
  static struct ftrace_ops fops_ptr;
                           ^
/usr/src/tpe-lkm/fopskit.c:327:27: warning: unused variable ‘fops_ptr’ [-Wunused-variable]
make[2]: *** [scripts/Makefile.build:294: /usr/src/tpe-lkm/fopskit.o] Error 1
make[1]: *** [Makefile:1490: _module_/usr/src/tpe-lkm] Error 2
make[1]: Leaving directory '/usr/src/linux-4.9.16-gentoo'
make: *** [Makefile:24: tpe.ko] Error 2

Feature request - multiple values for trusted_gid

Seems like the main dev is on a roll, so trying to take advantage and requesting a feature. :-)

Can we haz multiple values for trusted_gid or admin_gid? Sometimes I want to exclude from tpe certain scripts owned by e.g. CPanel via different gids, I'm sure there would be other practical use cases.

Possibility for 4.x kernels ?

Hello,

Any possibility of this getting support for 4.x ++ kernels , i find it very useful ?

Thanks !

[info] Attempt to upstream TPE

There is attempt to get TPE into mainline http://openwall.com/lists/kernel-hardening/2017/06/03/11 partially based on your work. It would be nice if you can add your feedback/review (I'm not the submitter).

Build failed on linux-4.11

Hi! First of all thank you for maintaining this.

I tried build it on Archlinux with kernel 4.11 but it failed. Here log output:

./scripts/find_kernel_src.sh: line 8: arch: command not found
make -C /lib/modules/4.11.0-1/build M=/tmp/build/tpe-lkm/src/tpe-lkm modules
make[1]: Entering directory '/usr/lib/modules/4.11.0-1/build'
  CC [M]  /tmp/build/tpe-lkm/src/tpe-lkm/fopskit.o
  CC [M]  /tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.o
  CC [M]  /tmp/build/tpe-lkm/src/tpe-lkm/tpe_module.o
  CC [M]  /tmp/build/tpe-lkm/src/tpe-lkm/tpe_config.o
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c: In function ‘tpe_file_getfattr’:
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c:18:18: error: ‘const struct inode_operations’ has no member named ‘getxattr’; did you mean ‘getattr’?
  if (!inode->i_op->getxattr) return 0;
                  ^~
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c:20:19: error: ‘const struct inode_operations’ has no member named ‘getxattr’; did you mean ‘getattr’?
  ret = inode->i_op->getxattr(get_dentry(file),
                   ^~
In file included from /tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c:2:0:
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c: In function ‘tpe_log_denied_action’:
/tmp/build/tpe-lkm/src/tpe-lkm/tpe.h:22:49: error: dereferencing pointer to incomplete type ‘const struct cred’
 #define get_task_uid(task) __kuid_val(task->cred->uid)
                                                 ^
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c:83:3: note: in expansion of macro ‘get_task_uid’
   get_task_uid(current),
   ^~~~~~~~~~~~
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c: In function ‘tpe_allow_file’:
/tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.c:148:21: error: implicit declaration of function ‘in_group_p’ [-Werror=implicit-function-declaration]
  if (tpe_dmz_gid && in_group_p(KGIDT_INIT(tpe_dmz_gid)))
                     ^~~~~~~~~~
cc1: some warnings being treated as errors
make[2]: *** [scripts/Makefile.build:295: /tmp/build/tpe-lkm/src/tpe-lkm/tpe_core.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:1492: _module_/tmp/build/tpe-lkm/src/tpe-lkm] Error 2
make[1]: Leaving directory '/usr/lib/modules/4.11.0-1/build'
make: *** [Makefile:24: tpe.ko] Error 2
[1m[31m==> ERROR:(B[m[1m A failure occurred in build().(B[m
[1m    Aborting...(B[m

I don't know if this is something specific or general error. I would be grateful if you can look at this.

cormander / tpe-lkm Goto Github PK

tpe-lkm's Issues

Recommend Projects

Recommend Topics

Recommend Org