Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 42 lines (31 sloc) 1.045 kb
5534520 @kmcallister Add kernel module
authored
1 #include <linux/module.h>
2 #include <linux/proc_fs.h>
3 #include <linux/uaccess.h>
4
5 // When userspace writes a pointer to /proc/jump, jump to that address in
6 // kernel mode.
7 int jump_write(struct file *file, const char *buf,
8 unsigned long len, void *data) {
9 void (*fun)(void);
10
11 if (len < sizeof(fun))
12 return -EINVAL;
13
14 if (copy_from_user(&fun, buf, sizeof(fun)))
15 return -EFAULT;
16
17 printk("jump.ko: Jumping to %p\n", fun);
18 fun();
19
20 return len;
21 }
22
23 // Create a file /proc/jump, with writes handled by jump_write.
24 int init_jump(void) {
25 struct proc_dir_entry *ent = create_proc_entry("jump", 0666, NULL);
26 ent->write_proc = jump_write;
27
28 printk("jump.ko: Loaded incredibly insecure kernel module\n");
29 return 0;
30 }
31
32 void exit_jump(void) {
33 remove_proc_entry("jump", NULL);
34 }
35
36 module_init(init_jump);
37 module_exit(exit_jump);
38
39 MODULE_AUTHOR("Keegan McAllister");
40 MODULE_DESCRIPTION("Incredibly insecure kernel module for testing exploitation techniques");
41 MODULE_LICENSE("Dual BSD/GPL");
Something went wrong with that request. Please try again.