Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 9 Jun 2020 09:13:51 +0200
From: Jacek <wampir990@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: RE: Please also share your .config file.

HI

Partial success ;)
I changed the name of the ttwu_do_wakeup function to
ttwu_do_wakeup.isra.0  in file:
LKRG-main / src / modules / exploit_detection / syscalls /
p_ttwu_do_wakeup / p_ttwu_do_wakeup.c
and the module is built and loading.

I don't know yet if it works properly, in any case nothing exploded. xD

modprobe -v p_lkrg smep_enforce=1
insmod /lib/modules/5.7.1-g2/extra/p_lkrg.ko smep_enforce=1

Dmesg after loading:

24800.276104] [p_lkrg] Loading LKRG...
[24800.276107] [p_lkrg] System does NOT support SMAP. LKRG can't enforce
SMAP validation :(
[24800.288409] Freezing user space processes ... (elapsed 0.002 seconds)
done.
[24800.291377] OOM killer disabled.
[24800.291405] [p_lkrg] 4/23 UMH paths were whitelisted...
[24805.094183] [p_lkrg] LKRG initialized successfully!
[24805.094186] OOM killer enabled.
[24805.094186] Restarting tasks ... done.

Thanks


W dniu 09.06.2020 o 05:20, Adam Zabrocki pisze:
> Hi,
>
> So my presumptions was right. Second part of my previous message applies and 
> you can use temporary workaround:
>
> https://www.openwall.com/lists/lkrg-users/2020/06/08/4
>
> Thanks,
> Adam
>
> On Tue, Jun 09, 2020 at 02:07:08AM +0200, Jacek wrote:
>> Hi
>>
>> Linux domek 5.7.1-g2 #1 SMP PREEMPT Mon Jun 8 10:17:00 CEST 2020 x86_64
>> Intel(R) Core(TM) i5-4590S CPU @ 3.00GHz GenuineIntel GNU/Linux
>> # root ~>  cat /proc/kallsyms |grep ttwu_do_wakeup
>> ffffffffb5dcf350 t ttwu_do_wakeup.isra.0
>>
>>> As you can see this function is normally visible in all kernels (including
>>> 5.7).
>>> Please also share your .config file.
>> The same configuration as in kernel 5.7.0 in this message:
>>
>> https://www.openwall.com/lists/lkrg-users/2020/06/08/1
>>
>> Current - linux-5.7.1  -  gentoo-sources-5.7.1
>>
>> Linux version 5.7.1-g2 (root@...ek) (gcc version 9.3.0 (Gentoo Hardened
>> 9.3.0 p2), GNU ld (Gentoo 2.33.1 p2) 2.33.1)
>>
>> patches from Gentoo: https://pastebin.com/uYBXBkhf
>>
>> patches locally:
>>
>> 001_v3_jump_label-_Provide_CONFIG-driven_build_state.patch
>> 002_v3_init_on_alloc-_Unpessimize_default-on_builds.patch
>> 003_v3_stack-_Optionally_randomize_kernel_stack_offset_each_syscall.patch
>> 004_v3_x86_entry-_Enable_random_kstack_offset_support.patch
>> 005_v3_arm64-_entry-_Enable_random_kstack_offset_support.patch
>> (Mikhail Morfikov uses the same patches, I have these patches from him  )
>>
>> zcat /proc/config.gz:
>>
>> https://pastebin.com/raw/0xmig8sW
>>
>>
>> ### <lkrg-users@...ts.openwall.com>:
>> ### ezmlm-reject: fatal: Sorry, I don't accept messages larger than
>> 204800 bytes (#5.2.3)
>>
>>
>> ()
>>
>> Thanks
>>
>> Jacek
>>
>>
>> W dniu 08.06.2020 o 22:55, Adam Zabrocki pisze:
>>> Hi,
>>>
>>> I believe I've replied to your private email which you've sent to me.
>>> However, I'm pasting it here as well:
>>>
>>> --- CUT ---
>>> Hi,
>>>
>>> It looks like you have very non-standard kernel. LKRG can't find the
>>> function
>>> "ttwu_do_wakeup" (which is not normal). You can manually verify
>>> availability of
>>> that symbol by running the following command:
>>>
>>> # uname -a
>>> Linux pi3 5.7.0-050700-generic #202005312130 SMP Mon Jun 1 01:33:12
>>> UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
>>> # cat /proc/kallsyms |grep ttwu_do_wakeup
>>> ffffffff912ddd50 t ttwu_do_wakeup
>>> #
>>>
>>> As you can see this function is normally visible in all kernels
>>> (including 5.7).
>>> Please also share your .config file.
>>>
>>> Thanks,
>>> Adam
>
>
>



Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.