GID, PID, and UID targeting #15
Conversation
src/module/config.c
Outdated
| @@ -3,3 +3,8 @@ unsigned int krf_personality = 0x001c; | |||
| unsigned int krf_probability = 1000; | |||
| unsigned int krf_targeted_uid = 1002; | |||
| unsigned int krf_log_faults = 0; | |||
| unsigned int krf_pid_target = 0; | |||
There was a problem hiding this comment.
This is a solid first approach, but I think we can structure this better for future extensibility. Instead of continuing to add individual variables + an option mask, we could have a structure in config.h. A very rough sketch:
#define KRF_T_MODE_MAX 31
#define KRF_T_MODE_MAX_MASK (1 << KRF_T_MODE_MAX)
typedef enum {
KRF_T_MODE_PERSONALITY = (1 << 0);
KRF_T_MODE_PID = (1 << 1);
// ...
} krf_target_mode_mask_t;
typedef struct {
krf_target_mode_mask_t mode_mask;
unsigned int target_data[KRF_T_MODE_MAX];
} krf_target_options_t;
extern krf_target_options_t krf_target_options;And rewrite the KRF_TARGETED macro into an (inlinable?) function that tests krf_target_options instead.
Similarly for the procfs sources/outputs: we can just have a single file that reads >=2 unsigned ints: the first is the mask, followed by each mask's parameter in ascending-bit order. Setting the mask to 0 disables all targeting and flushes any parameters from target_data.
There was a problem hiding this comment.
We could also make target configuration way simpler: instead of allowing the user to configure >1 fields of target_data in one shot, we could require them to write to the procfs file once for each mask + datum. That's what they currently have to do for configuring syscalls, and that's a reasonable approach.
There was a problem hiding this comment.
There's some problem with:
unsigned int target_data[KRF_T_MODE_MAX];
14:15 <disconnect3d> << (1<<31)
14:15 <cxx> -2147483648
14:16 <disconnect3d> unsigned int t[1<<31];
14:16 <cxx> error: narrowing conversion of '-2147483648' from 'int' to 'long unsigned int'There was a problem hiding this comment.
KRF_T_MODE_MAX would just be 31, so it should just be unsigned int[31]. It's KRF_T_MODE_MAX_MASK that would be 1 << 31 😉
src/module/syscalls.h
Outdated
| @@ -28,7 +28,45 @@ | |||
|
|
|||
| #define KRF_DEFINE(sys) asmlinkage krf_sys_##sys | |||
|
|
|||
| #define KRF_TARGETED() ((current->personality & krf_personality) != 0) | |||
| #define KRF_TARGETED() \ | |||
There was a problem hiding this comment.
Let's go ahead and make this an inline function, below the externs:
static __always_inline int KRF_TARGETED(void) {
// ...
}Might also be worth updating module/codegen/codegen so that we can make it krf_targeted instead of all caps.
src/module/krf.c
Outdated
| char buf[KRF_PROCFS_MAX_SIZE + 1] = {0}; | ||
| size_t buflen = 0; | ||
| size_t offset = 0; | ||
| size_t current_mode; |
There was a problem hiding this comment.
Let's use unsigned int for current_mode here, just for consistency with the actual structure.
|
Some small nits, but otherwise looks really good! |
Can target a single GID, single UID, and/or a single PID.
A partial solution to #9