Hijacking Linux kernel 2.6 sys_connect system call
In Linux-2.4.x kernel it was very simple create an lkm to hijack the sys_connect system call using the exported symbol:
1 | extern void *sys_call_table[]; |
So, it is very simple to substitute the pointer to another system call, the one we have created!
1 2 3 4 5 6 | static inline _syscall1(int,close,int,fd); int ( * o_socketcall) (int, unsigned long *); int my_socketcall (int, unsigned long *); o_socketcall = sys_call_table[SYS_socketcall]; //saving original pointer sys_call_table[SYS_socketcall] = (void *)my_socketcall; //hijacking system call sys_call_table[SYS_socketcall] = (void *)o_socketcall; //restoring original syscall |
( Read Phrack n.50 to learn more about system call hijacking in Linux-2.4.x kernels )
In Linux-2.6.x kernels the sys_call_table symbol is no more exported for security and stability reasons. So how can we hijack connections? Read more »
