Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Nov 2018 18:40:16 +0100
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: p_lkrg failed to start with error: 'KMOD error!
 Can't initialize global modules variable'

Hi,

Thanks for details. I didn't have a chance to run LKRG on kernel 4.19+. The 
latest kernel version which I've tested is 4.18.7. I will try to set-up testing 
environment and take a look at the reported problem.

Thanks,
Adam

On Mon, Nov 12, 2018 at 06:27:13PM +0100, Jiří Moravec wrote:
> # modprobe p_lkrg p_init_log_level=4
> 
> ended with following output in dmesg:
> 
> Loading LKRG...
> Inserting pid => 1034
> Inserting pid => 2945
> .... 1100 more similar messages ....
> Inserting pid => 7125
> Inserting pid => 7126
> Planted [kretprobe] <__x64_sys_execve> at: 000000007f808d27
> Planted [kretprobe] <__x64_sys_execveat> at: 00000000e2f87e98
> Planted [kretprobe] <call_usermodehelper_exec_async> at: 000000006805112f
> Planted [kretprobe] <_do_fork> at: 00000000bf71ee49
> Planted [kretprobe] <do_exit> at: 000000002ed8b790
> Planted [kretprobe] <__sys_setuid> at: 0000000051ced5cb
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <__sys_setreuid> at: 00000000f04e3d12
> Planted [kretprobe] <__sys_setresuid> at: 000000006a29f114
> Planted [kretprobe] <__sys_setfsuid> at: 000000004b4672dd
> Planted [kretprobe] <__sys_setgid> at: 00000000575e0351
> Planted [kretprobe] <__sys_setregid> at: 000000009e4767b2
> Planted [kretprobe] <__sys_setresgid> at: 000000009407577b
> Planted [kretprobe] <__sys_setfsgid> at: 000000000248292d
> Planted [kretprobe] <set_current_groups> at: 000000000f7a7ef6
> Planted [kretprobe] <do_init_module> at: 000000003d70ad5f
> Planted [kretprobe] <__x64_sys_delete_module> at: 00000000eb584be2
> Planted [kretprobe] <generic_permission> at: 00000000041f359a
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <do_seccomp> at: 00000000cf6e1df0
> Planted [kretprobe] <ksys_unshare> at: 00000000ad807cea
> Planted [kretprobe] <userns_install> at: 0000000002c1e2b4
> Planted [kretprobe] <__x64_sys_capset> at: 000000002eb260e1
> Planted [kretprobe] <cap_task_prctl> at: 00000000d313e37e
> Planted [kretprobe] <key_change_session_keyring> at: 000000003fa5827f
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <__x64_sys_add_key> at: 00000000af2132ab
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> Planted [kretprobe] <__x64_sys_request_key> at: 00000000ed4d4523
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Inserting pid => 7134
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7135 |chrome] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7135 |chrome] iteration!
> Inserting pid => 7135
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7134]
> Updating ED pid[7135]
> Inserting pid => 7136
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7136]
> Planted [kretprobe] <__x64_sys_keyctl> at: 0000000076abcb9f
> Planted [kretprobe] <__x64_sys_ptrace> at: 000000000c38d105
> Planted [kretprobe] <__ia32_compat_sys_execve> at: 00000000ced89c71
> Planted [kretprobe] <__ia32_compat_sys_execveat> at: 000000001460f1e5
> Planted [kretprobe] <__ia32_compat_sys_keyctl> at: 00000000eab00aba
> Planted [kretprobe] <__ia32_compat_sys_ptrace> at: 0000000071fb62a8
> Planted [kretprobe] <__ia32_sys_delete_module> at: 0000000097ae06b0
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Inserting pid => 7138
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7139 |chrome] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7139 |chrome] iteration!
> Inserting pid => 7139
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7139]
> Updating ED pid[7138]
> Removing ED pid => 7126
> Planted [kretprobe] <__ia32_sys_capset> at: 0000000015a75f35
> Planted [kretprobe] <__ia32_sys_add_key> at: 00000000cb669968
> Planted [kretprobe] <__ia32_sys_request_key> at: 00000000b4693613
> Planted [kretprobe] <override_creds> at: 000000006864bef0
> Planted [kretprobe] <revert_creds> at: 00000000acb66d2b
> 
> .... and now this error is coming: ....
> 
> KMOD error! Can't initialize global modules variable :( Exiting...
> Can't initialize kernel modules handling! Exiting...
> 
> .... and then messages just continue:
> 
> Removing [kretprobe] <call_usermodehelper_exec_async> at 0x000000006805112f nmissed[0]
> Removing [kretprobe] <_do_fork> at 0x00000000bf71ee49 nmissed[0]
> Removing ED pid => 7116
> Removing ED pid => 7117
> Removing ED pid => 7118
> Removing [kretprobe] <do_exit> at 0x000000002ed8b790 nmissed[0]
> Removing [kretprobe] <__sys_setuid> at 0x0000000051ced5cb nmissed[0]
> Removing [kretprobe] <__sys_setreuid> at 0x00000000f04e3d12 nmissed[0]
> Removing [kretprobe] <__sys_setresuid> at 0x000000006a29f114 nmissed[0]
> Removing [kretprobe] <__sys_setfsuid> at 0x000000004b4672dd nmissed[0]
> Removing [kretprobe] <__sys_setgid> at 0x00000000575e0351 nmissed[0]
> Removing [kretprobe] <__sys_setregid> at 0x000000009e4767b2 nmissed[0]
> Removing [kretprobe] <__sys_setresgid> at 0x000000009407577b nmissed[0]
> Removing [kretprobe] <__sys_setfsgid> at 0x000000000248292d nmissed[0]
> Removing [kretprobe] <set_current_groups> at 0x000000000f7a7ef6 nmissed[0]
> <Exploit Detection> Can't find process[7141 |bash] in internal tracking list!
> <Exploit Detection> Can't find process[7140 |bash] in internal tracking list!
> ....
> <Exploit Detection> Can't find process[7141 |less] in internal tracking list!
> <Exploit Detection> Can't find process[7141 |less] in internal tracking list!
> Removing [kretprobe] <do_init_module> at 0x000000003d70ad5f nmissed[0]
> Removing [kretprobe] <__x64_sys_delete_module> at 0x00000000eb584be2 nmissed[0]
> Removing [kretprobe] <generic_permission> at 0x00000000041f359a nmissed[0]
> Removing [kretprobe] <do_seccomp> at 0x00000000cf6e1df0 nmissed[0]
> Removing [kretprobe] <ksys_unshare> at 0x00000000ad807cea nmissed[0]
> Removing [kretprobe] <userns_install> at 0x0000000002c1e2b4 nmissed[0]
> Removing [kretprobe] <__x64_sys_capset> at 0x000000002eb260e1 nmissed[0]
> Removing [kretprobe] <cap_task_prctl> at 0x00000000d313e37e nmissed[0]
> Removing [kretprobe] <key_change_session_keyring> at 0x000000003fa5827f nmissed[0]
> Removing [kretprobe] <__x64_sys_add_key> at 0x00000000af2132ab nmissed[0]
> Removing [kretprobe] <__x64_sys_request_key> at 0x00000000ed4d4523 nmissed[0]
> Removing [kretprobe] <__x64_sys_keyctl> at 0x0000000076abcb9f nmissed[0]
> Removing [kretprobe] <__x64_sys_ptrace> at 0x000000000c38d105 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_execve> at 0x00000000ced89c71 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_execveat> at 0x000000001460f1e5 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_keyctl> at 0x00000000eab00aba nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_ptrace> at 0x0000000071fb62a8 nmissed[0]
> Removing [kretprobe] <__ia32_sys_delete_module> at 0x0000000097ae06b0 nmissed[0]
> Removing [kretprobe] <__ia32_sys_capset> at 0x0000000015a75f35 nmissed[0]
> Removing [kretprobe] <__ia32_sys_add_key> at 0x00000000cb669968 nmissed[0]
> Removing [kretprobe] <__ia32_sys_request_key> at 0x00000000b4693613 nmissed[0]
> Removing [kretprobe] <override_creds> at 0x000000006864bef0 nmissed[0]
> Removing [kretprobe] <revert_creds> at 0x00000000acb66d2b nmissed[0]
> Deleting ED PID => 1034
> Deleting ED PID => 2945
> ....
> Deleting ED PID => 7138
> Deleting ED PID => 7139
> kmem_cache "p_ed_pids" destroyed!
> .... EOF ....
> 
> 
> After that, following message appeared on command line:
> 
> modprobe: ERROR: could not insert 'p_lkrg': Network is unreachable
> 
> 
> So, what actually happened?
> Thanks for response...
> JiM
> 
> 
> PS:
> x86_64 gentoo with kernel 4.19.1 + some extensions and gcc-8.2.0

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.