-
Notifications
You must be signed in to change notification settings - Fork 577
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doesn't Build on 4.17-1 #32
Comments
@nbulischeck, thank you for reporting that. I did some changes, can you test please? |
I apologize for the delay in testing your quick fix. I just tested it on Linux 4.17.2-1-ARCH and it worked really well! It had some slight bugs like kernel panicking as soon as I inserted the module, absolutely annihilating my kernel to the point where it wouldn't mount my You did ultimately fix the compilation issue, which I suppose was the goal, however I believe there are some unintended side effects of the module as it stands. Best of luck in your future development! |
so, do you have any dump or stacktrace of the kernel panicks? I apologize that you have to reinstall your kernel. I recommend always test it in a VM that you can restore snapshots. Reptile was under development, and it got some bugs. Now I have tested in most of distros (centOS 6 and 7, fedora, ubuntu, debian, e etc) and it is stable working fine. So if you got some bug or panicks, let me know to make this rootkit more stable. thanks your reporting, 403 |
Unfortunately I wasn't testing in a VM as I haven't had a LKM cause that much damage before. I agree I should have been testing in one. Unfortunately, I wasn't in the best state to capture the backtraces, but upon removal of the module I received:
|
sorry man, in some old commits, Reptile wasn't stable. And maybe in your version of kernel too. about this kind of backtrace, you appears to didnt get crash with reptile. But, I don't know what FLAGs are you compiling your kernel and what kind of ambient have you installed. I just tested on default configuration of the main distros of Linux. The most actual kernel I have tested is on last updated Fedora with kernel 4.16.+ But even you got a bad experience with that, I invite you to install a Virtual Machine and test it, maybe use. thx, 403 |
Also, from my testing, syscall hooking no longer works in 4.17 so finding a way around that will be fun. Tested the same basic directory hiding code that worked on 4.16.13 on 4.17 and it no longer works.
The text was updated successfully, but these errors were encountered: