carloslack / kovid Goto Github PK

View Code? Open in Web Editor NEW

238.0 11.0 48.0 27.22 MB

Linux kernel rootkit

License: Other

Makefile 0.89% Shell 6.25% C 80.34% Assembly 4.81% Rust 7.71%

for-educational-purposes-only rootkit kernel linux c module ubuntu x64 backdoor tasks

kovid's People

Contributors

Stargazers

Watchers

kovid's Issues

Does it supports tcp/udp connection?

tty sniffer issue on kernels > 5.10

On m_tty_read it fails when calling copy_from_user -> access_ok

No password required for association, lack of security

Command：
./bdclient.sh openssl 192.168.11.128 7777

You can consider adding the secret parameter, and the connection can only be made if the match is successful.

Loop loading kernel module is too obvious

Hi. By testing the rootkit, I found the current implementation seems to be looping loading the module when persisted using volundr. When it loads successfully it's fine. But when it fails to load, then it spams dmesg. Would it be a good idea to just try load several times and give up to give less trace?

Write test suite

openssl backdoor issue

kernel 5.8 on ubuntu 20.10 openssl complains about "invalid protocol_version"
issue could be rk or system/openssl versions and libraries

$ sudo ./bdclient.sh openssl vmhack-5.8 9991 Using default temp DH parameters ACCEPT ERROR 140536958555800:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:362: shutting down SSL CONNECTION CLOSED ACCEPT

Linux kovid 5.8.0-63-generic https://github.com/carloslack/kovid-dev/pull/71-Ubuntu SMP Tue Jul 13 15:59:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
OpenSSL 1.1.1f 31 Mar 2020

Failing also on Debian kernel 5.10

Help with startup.

i get this problem

root@Ubuntu-2004:/KoviD# sudo insmod ./kovid.ko
root@Ubuntu-2004:/KoviD# cd volundr/
root@Ubuntu-2004:/KoviD/volundr# ./install.sh /usr/sbin/sshd
-bash: ./install.sh: No such file or directory
root@Ubuntu-2004:/KoviD/volundr# cd ..
root@Ubuntu-2004:/KoviD# cd scripts/
root@Ubuntu-2004:/KoviD/scripts# ./install.sh /usr/sbin/sshd
Error: KoviD not running
Use: [override variables] ./install.sh

override defaults: VOLUNDR, KOVID, LOADER

VOLUNDR: point to Volundr directory entry point
default: ../volundr

KOVID: point to KoviD module
default: ../kovid

LOADER: point to loader script
default: ../loadmodule.sh

Examples:
# ./install.sh /usr/sbin/sshd
# VOLUNDR=/tmp/Volundr ./install.sh /usr/sbin/sshd
# KOVID=/tmp/kovid.ko LOADER=/tmp/loadmodule.sh ./install.sh /usr/sbin/sshd
$ sudo KOVID=/root/kovid.ko ./install.sh /usr/sbin/sshd

Before running this script, make sure to:
KoviD: build and insmod
Volundr: build

root@Ubuntu-2004:~/KoviD/scripts# sudo ./install.sh /usr/sbin/sshd
Error: KoviD not running
Use: [override variables] ./install.sh

override defaults: VOLUNDR, KOVID, LOADER

VOLUNDR: point to Volundr directory entry point
default: ../volundr

KOVID: point to KoviD module
default: ../kovid

LOADER: point to loader script
default: ../loadmodule.sh

Before running this script, make sure to:
KoviD: build and insmod
Volundr: build

root@Ubuntu-2004:/KoviD/scripts# lsmod | grep kovid
kovid 57344 0
root@Ubuntu-2004:/KoviD/scripts#

here check [ 991.632130] hide [0000000002971b70] irq/100_pciehp : 2501
[ 991.632133] addname '.kovid' ro=1
[ 991.632134] addname 'kovid' ro=1
[ 991.632135] addname '.kv.ko' ro=1
[ 991.632136] addname '.lm.sh' ro=1
[ 991.632138] addname '.sshd_orig' ro=1
[ 991.632139] addname 'whitenose' ro=1
[ 991.632140] addname 'pinknose' ro=1
[ 991.632141] addname 'rednose' ro=1
[ 991.632142] addname 'greynose' ro=1
[ 991.632143] addname 'purplenose' ro=1
[ 991.632145] addname 'blacknose' ro=1
[ 991.632146] addname 'bluenose' ro=1
[ 991.632415] kovid loaded.
root@Ubuntu-2004:/KoviD/scripts# lsmod | grep kovid
kovid 57344 0
root@Ubuntu-2004:/KoviD/scripts#

[regression] hide/unhide module conflicts sysfs parameters

creash when calling rmmod

1 - hide module
2 - unhide
3 - rmmod

Caused by #45

could not insert module kovid.ko: Bad address

Describe the bug
After make all, the kernel module failed to load with error could not insert module kovid.ko: Bad address.

To Reproduce
Steps to reproduce the behavior:

Pull the git repo, with branch master
cd KoviD
make all
git submodule update --init volundr
make -C volundr
insmod ./kovid.ko
See the error

Expected behavior
kovid.ko loaded into kernel.

Screenshots

Desktop (please complete the following information):

PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
GNU ld (GNU Binutils for Ubuntu) 2.38
Linux test3x 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Additional context
I tried branches such as kvv1.0 and kvdev, and they all failed duing make

Any help would be appreciated!

Can't find /proc/mytest: No such file or directory

this dmesg info:

[  256.042347] kv: using kprobe for kallsyms_lookup_name
[  256.052423] add sysaddr: ffffffff980b4030
[  256.052597] addname '.MXOJKP' ro=1
[  256.052732] new var, filename: '/var/.MXOJKP'
[  256.052902] Installing: 'sys_exit_group' syscall=1
[  256.062506] add sysaddr: ffffffff980a0170
[  256.106895] Installing: 'sys_clone' syscall=1
[  256.115699] add sysaddr: ffffffff980995a0
[  256.156970] Installing: 'sys_kill' syscall=1
[  256.166147] add sysaddr: ffffffff980ae730
[  256.168169] Installing: 'sys_bpf' syscall=1
[  256.178191] add sysaddr: ffffffff981ea760
[  256.295948] Installing: 'tcp4_seq_show' syscall=0
[  256.309552] Installing: 'udp4_seq_show' syscall=0
[  256.505231] Installing: 'tcp6_seq_show' syscall=0
[  256.537411] Installing: 'udp6_seq_show' syscall=0
[  256.541783] Installing: 'packet_rcv' syscall=0
[  256.644986] Installing: 'tpacket_rcv' syscall=0
[  256.774042] Installing: 'account_process_tick' syscall=0
[  256.784509] Installing: 'account_system_time' syscall=0
[  256.802086] Installing: 'audit_log_start' syscall=0
[  256.803673] Installing: 'filldir' syscall=0
[  256.913526] Installing: 'filldir64' syscall=0
[  256.927847] Installing: 'tty_read' syscall=0
[  256.981396] ftrace hook 0 on sys_exit_group
[  256.981576] ftrace hook 1 on sys_clone
[  256.981726] ftrace hook 2 on sys_kill
[  256.981873] ftrace hook 3 on sys_bpf
[  256.982017] ftrace hook 4 on tcp4_seq_show
[  256.982178] ftrace hook 5 on udp4_seq_show
[  256.982339] ftrace hook 6 on tcp6_seq_show
[  256.982501] ftrace hook 7 on udp6_seq_show
[  256.982662] ftrace hook 8 on packet_rcv
[  256.982814] ftrace hook 9 on tpacket_rcv
[  256.982969] ftrace hook 10 on account_process_tick
[  256.983155] ftrace hook 11 on account_system_time
[  256.983420] ftrace hook 12 on audit_log_start
[  256.983593] ftrace hook 13 on filldir
[  256.983739] ftrace hook 14 on filldir64
[  256.983891] ftrace hook 15 on tty_read
[  256.985749] Waiting for event
[  256.990317] hide [000000004489c775] irq/102_pciehp : 8049
[  256.990684] hide [00000000639fa20d] irq/101_pciehp : 8048
[  256.990914] hide [00000000c6a81ef0] irq/100_pciehp : 8047
[  256.991212] addname '.kovid' ro=1
[  256.991357] addname 'kovid' ro=1
[  256.991582] addname '.kv.ko' ro=1
[  256.991822] addname '.lm.sh' ro=1
[  256.991971] addname '.sshd_orig' ro=1
[  256.992117] addname 'whitenose' ro=1
[  256.992261] addname 'pinknose' ro=1
[  256.992401] addname 'rednose' ro=1
[  256.992540] addname 'blacknose' ro=1
[  256.992683] addname 'greynose' ro=1
[  256.992824] addname 'purplenose' ro=1
[  256.992970] addname 'bluenose' ro=1
[  256.993144] kovid loaded.

and this Makefile

OBJNAME=kovid

# turn off ring buffer debug:
# $ DEPLOY=1 make
ifndef DEPLOY
DEBUG_PR := -DDEBUG_RING_BUFFER
endif

LD=$(shell which ld)
AS=$(shell which as)
CTAGS=$(shell which ctags))
# PROCNAME, /proc/<name> interface. You must change it.
COMPILER_OPTIONS := -Wall -DPROCNAME='"mytest"' \
        -DMODNAME='"kovid"' -DKSOCKET_EMBEDDED ${DEBUG_PR} -DCPUHACK -DPRCTIMEOUT=1200

EXTRA_CFLAGS := -I$(src)/src -I$(src)/fs ${COMPILER_OPTIONS}

SRC := src/${OBJNAME}.c src/pid.c src/fs.c src/sys.c \
        src/sock.c src/util.c src/vm.c

persist=src/persist

$(OBJNAME)-objs = $(SRC:.c=.o)

obj-m := ${OBJNAME}.o

CC=gcc

all: persist
        make  -C  /lib/modules/$(shell uname -r)/build M=$(PWD) modules

persist:
        $(AS) --64 $(persist).S -statistics -fatal-warnings \
                -size-check=error -o $(persist).o
        $(LD) -Ttext 200000 --oformat binary -o $(persist) $(persist).o

lgtm: persist
        make  -C  /lib/modules/$(shell dpkg --status linux-headers-generic |grep ^Depends| \
                cut -d ":" -f2| sed 's/ linux-headers-//g')/build M=$(PWD) modules

clean:
        @make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
        @rm -f *.o src/*.o $(persist)
        @echo "Clean."

tags:
        $(CTAGS) -RV src/.

.PHONY: all clean tags

and my os info is that:
Linux amazon 5.10.215-203.850.amzn2.x86_64 #1 SMP Tue Apr 23 20:32:19 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Process unhide issue

Investigate issues seen by @iusearch

Original discussion here:
#72

Can´t get the rootkit to work!

I tried several OS's (CentOS 7, Ubuntu 20 and 18 and Kali) and everytime i try to connect with bdclient it gives me the following back:

root@kali:/home/xxx/Downloads/KoviD/scripts# V=3 ./bdclient.sh openssl x.x.x.x 443
Using default temp DH parameters
ACCEPT

Starting Nping 0.7.93 ( https://nmap.org/nping ) at 2023-01-07 12:40 CET
SENT (0.0450s) TCP x.x.x.x:443 > 210.119.103.61:443 RPA ttl=64 id=46607 iplen=40 seq=2045339016 win=1480

Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 1 (40B) | Rcvd: 0 (0B) | Lost: 1 (100.00%)
Nping done: 1 IP address pinged in 1.08 seconds

what do i have to change to gewt it to work?

p.s.: there is no firewall between the 2 servers!

Port kv to Ubuntu 20.04.6 LTS, kernel 5.4.0-164-generic #181-Ubuntu SM

Motivated by #71

Crash with ubuntu20.04 on active task

Describe the bug
Crashing with the following dmesg

[   19.473319] kovid: module verification failed: signature and/or required key missing - tainting kernel
[   19.497545] kv: using kprobe for kallsyms_lookup_name
[   19.521926] invalid data: bpf_map_get will not work
[   19.540065] add sysaddr: ffffffff94eb5900
[   19.540071] addname '.JULPHL' ro=1
[   19.540072] new var, filename: '/var/.JULPHL'
[   19.540074] Installing: 'sys_exit_group' syscall=1
[   19.557053] add sysaddr: ffffffff94ea0db0
[   19.560332] Installing: 'sys_clone' syscall=1
[   19.573585] add sysaddr: ffffffff94e9aaf0
[   19.575485] Installing: 'sys_kill' syscall=1
[   19.582642] add sysaddr: ffffffff94eae260
[   19.584526] Installing: 'sys_bpf' syscall=1
[   19.592164] add sysaddr: ffffffff94fd8fe0
[   19.594346] Installing: 'tcp4_seq_show' syscall=0
[   19.598732] Installing: 'udp4_seq_show' syscall=0
[   19.603122] Installing: 'tcp6_seq_show' syscall=0
[   19.607604] Installing: 'udp6_seq_show' syscall=0
[   19.612112] Installing: 'packet_rcv' syscall=0
[   19.617135] Installing: 'tpacket_rcv' syscall=0
[   19.622165] Installing: 'account_process_tick' syscall=0
[   19.624503] Installing: 'account_system_time' syscall=0
[   19.626650] Installing: 'audit_log_start' syscall=0
[   19.628976] Installing: 'filldir' syscall=0
[   19.631781] Installing: 'filldir64' syscall=0
[   19.634500] Installing: 'tty_read' syscall=0
[   19.638338] ftrace hook 0 on sys_exit_group
[   19.638338] ftrace hook 1 on sys_clone
[   19.638338] ftrace hook 2 on sys_kill
[   19.638339] ftrace hook 3 on sys_bpf
[   19.638339] ftrace hook 4 on tcp4_seq_show
[   19.638339] ftrace hook 5 on udp4_seq_show
[   19.638340] ftrace hook 6 on tcp6_seq_show
[   19.638340] ftrace hook 7 on udp6_seq_show
[   19.638340] ftrace hook 8 on packet_rcv
[   19.638340] ftrace hook 9 on tpacket_rcv
[   19.638341] ftrace hook 10 on account_process_tick
[   19.638341] ftrace hook 11 on account_system_time
[   19.638341] ftrace hook 12 on audit_log_start
[   19.638341] ftrace hook 13 on filldir
[   19.638342] ftrace hook 14 on filldir64
[   19.638342] ftrace hook 15 on tty_read
[   19.638595] Waiting for event
[   19.638734] hide [00000000485c22ce] irq/102_pciehp : 1241
[   19.638800] hide [00000000cf13d734] irq/101_pciehp : 1240
[   19.638811] hide [000000009693aa1d] irq/100_pciehp : 1239
[   19.638813] addname '.kovid' ro=1
[   19.638814] addname 'kovid' ro=1
[   19.638815] addname '.kv.ko' ro=1
[   19.638815] addname '.lm.sh' ro=1
[   19.638816] addname '.sshd_orig' ro=1
[   19.638817] addname 'whitenose' ro=1
[   19.638817] addname 'pinknose' ro=1
[   19.638818] addname 'rednose' ro=1
[   19.638819] addname 'greynose' ro=1
[   19.638819] addname 'purplenose' ro=1
[   19.638821] addname 'blacknose' ro=1
[   19.638821] addname 'bluenose' ro=1
[   19.638856] kovid loaded.
[   27.979782] Got event
[   28.085751] hide [0000000083b79e9e] sh : 1243
[   28.085837] hide [00000000a410a064] bash : 1242
[   28.085843] Waiting for event
[   28.085844] Got event
[   28.085845] Waiting for event
[   31.785976] hide [00000000d0596e08] apt : 1244
[   32.222181] hide [00000000a1d8c293] sh : 1247
[   32.227206] hide [000000009d2df541] snap : 1248
[   32.227359] hide [000000001e34862c] snap : 1250
[   32.235609] unhide [000000009d2df541] snap : 1248
[   32.235693] general protection fault: 0000 [#1] SMP NOPTI
[   32.235715] CPU: 1 PID: 1250 Comm: snap Kdump: loaded Tainted: G            E     5.4.0-164-generic #181-Ubuntu
[   32.235734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
[   32.235754] RIP: 0010:__change_pid+0x2f/0xa0
[   32.235764] Code: 89 f0 85 f6 75 7b 4c 8b 87 30 09 00 00 4c 8d 8f 30 09 00 00 48 89 c1 48 c1 e1 04 48 8d b4 0f 38 09 00 00 48 8b 0e 48 8b 76 08 <48> 89 0e 48 85 c9 74 04 48 89 71 08 48 b9 22 01 00 00 00 00 ad de
[   32.235797] RSP: 0018:ffffae494084fca8 EFLAGS: 00010046
[   32.235808] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: dead000000000100
[   32.235821] RDX: 0000000000000000 RSI: dead000000000122 RDI: ffff93eae63817c0
[   32.235835] RBP: ffffae494084fcb0 R08: ffff93eaf6bdf580 R09: ffff93eae63820f0
[   32.235848] R10: 0000000000000003 R11: ffff93eaf7aaffb8 R12: ffff93eae63817c0
[   32.235861] R13: ffff93eae9eb1080 R14: dead000000000122 R15: ffff93eae1238480
[   32.235875] FS:  0000000000000000(0000) GS:ffff93eaf7a80000(0000) knlGS:0000000000000000
[   32.235890] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.235901] CR2: 00007f7474000010 CR3: 0000000269e3c000 CR4: 0000000000740ee0
[   32.235916] PKRU: 55555554
[   32.235922] Call Trace:
[   32.235935]  ? show_regs.cold+0x1a/0x1f
[   32.235944]  ? __die+0x90/0xd9
[   32.235953]  ? die+0x30/0x50
[   32.235960]  ? do_general_protection+0xcc/0x160
[   32.235971]  ? general_protection+0x28/0x30
[   32.235981]  ? __change_pid+0x2f/0xa0
[   32.235989]  ? detach_pid+0x10/0x20
[   32.235998]  release_task+0x281/0x470
[   32.236007]  do_exit+0x6dd/0xaf0
[   32.236018]  do_group_exit+0x47/0xb0
[   32.236028]  get_signal+0x169/0x890
[   32.236036]  do_signal+0x37/0x6d0
[   32.236044]  ? do_nanosleep+0xad/0x160
[   32.236053]  ? hrtimer_init_sleeper+0x2c/0x90
[   32.236063]  ? __x64_sys_futex+0x13f/0x170
[   32.236073]  exit_to_usermode_loop+0xbf/0x160
[   32.236082]  do_syscall_64+0x168/0x190
[   32.236090]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   32.236101] RIP: 0033:0x55a74a034343
[   32.236109] Code: 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 4c 8b 54 24 18 4c 8b 44 24 20 44 8b 4c 24 28 b8 ca 00 00 00 0f 05 <89> 44 24 30 c3 cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10
[   32.236143] RSP: 002b:00007f747fc73ca0 EFLAGS: 00000286 ORIG_RAX: 00000000000000ca
[   32.236158] RAX: fffffffffffffe00 RBX: 000000c000050700 RCX: 000055a74a034343
[   32.236172] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000c000050848
[   32.236186] RBP: 00007f747fc73ce8 R08: 0000000000000000 R09: 0000000000000000
[   32.236200] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000001
[   32.236214] R13: 0000000000000040 R14: 000055a74a975618 R15: 0000000000000000
[   32.236228] Modules linked in: kovid(E) nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua kvm_intel kvm binfmt_misc snd_hda_codec_generic ledtrig_audio joydev input_leds snd_hda_intel serio_raw snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore mac_hid qemu_fw_cfg sch_fq_codel ramoops msr reed_solomon efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ahci aesni_intel crypto_simd virtio_gpu cryptd glue_helper ttm i2c_i801 psmouse libahci drm_kms_helper lpc_ich syscopyarea sysfillrect sysimgblt virtio_blk fb_sys_fops virtio_net net_failover failover drm
[   32.238393] disable async PF for cpu 1

To Reproduce
Steps to reproduce the behavior:

insmod
sudo ./bdclient.sh nc 192.168.x.x xxxxx from attacker
apt install python3 in the reverse shell termina;

Additional context
When checking with crash, a warning is shown

crash 7.2.8
Copyright (C) 2002-2020  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.
 
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...

WARNING: kernel relocated [316MB]: patching 115296 gdb minimal_symbol values

please wait... (determining panic task)                                
WARNING: active task ffff9facda392f80 on cpu 0 not found in PID hash


WARNING: active task ffff9facdaf50000 on cpu 3 not found in PID hash

Suspect to be something related to task hidden. With latest commit from master.

ERROR: modpost: "do_exit" [/home/aaa/KoviD/kovid.ko] undefined!

OS: Linux fedora 5.17.5-300.fc36.x86_64 #1 SMP PREEMPT Thu Apr 28 15:51:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Error Info:
CC [M] /home/aaa/KoviD/src/whatever.o
CC [M] /home/aaa/KoviD/src/vm.o
LD [M] /home/aaa/KoviD/kovid.o
MODPOST /home/aaa/KoviD/Module.symvers
ERROR: modpost: "do_exit" [/home/aaa/KoviD/kovid.ko] undefined!
make[2]: *** [scripts/Makefile.modpost:134: /home/aaa/KoviD/Module.symvers] Error 1
make[2]: *** Deleting file '/home/aaa/KoviD/Module.symvers'
make[1]: *** [Makefile:1756: modules] Error 2
make[1]: Leaving directory '/usr/src/kernels/5.17.5-300.fc36.x86_64'
make: *** [Makefile:30: all] Error 2

Linux 6.1.x kernel mm_struct changes, no struct vm_area_struct *mmap causes compilation failure

Test on VERSION "22.04.2 LTS (Jammy Jellyfish)"
kernel info :
6.2.0-1017-aws #17~22.04.1-Ubuntu SMP Fri Nov 17 21:07:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

make fail messages is:

  The kernel was built by: x86_64-linux-gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
  You are using:           gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
  CC [M]  /root/.acme.sh/KoviD/src/vm.o
In file included from /root/.acme.sh/KoviD/src/vm.c:4:
/root/.acme.sh/KoviD/src/lkm.h:12:9: note: ‘#pragma message: !!! Be careful: Build kovid in DEBUG mode !!!’
   12 | #pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"
      |         ^~~~~~~
/root/.acme.sh/KoviD/src/vm.c: In function ‘kv_get_elf_vm_start’:
/root/.acme.sh/KoviD/src/vm.c:34:18: error: ‘struct mm_struct’ has no member named ‘mmap’
   34 |     vma = tsk->mm->mmap;
      |                  ^~
make[2]: *** [scripts/Makefile.build:260: /root/.acme.sh/KoviD/src/vm.o] Error 1
make[1]: *** [Makefile:2026: /root/.acme.sh/KoviD] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-6.2.0-1017-aws'
make: *** [Makefile:30: all] Error 2

fedora 6.0.7 issue with kv_sock_start_fw_bypass

backdoors are not working if kv_sock_start_fw_bypass() is started from kv_init

carloslack / kovid Goto Github PK

kovid's People

Contributors

Stargazers

Watchers

Forkers

kovid's Issues

Recommend Projects

Recommend Topics

Recommend Org