Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kernel module & Syscall Hijacking

Published byShana Long Modified over 6 years ago

Similar presentations

Presentation on theme: "Kernel module & Syscall Hijacking"— Presentation transcript:

1 Kernel module & Syscall Hijacking
Jeremy Fields

2 Intro Ubuntu 14.04 in Hyper-V Linux-lts-vivid-3.19.0-69
Compile vanilla kernel & load Create basic module for learning

3 Kernel Module First line: load module 2: View printk line enter
4: remove module 5: view prinkt line exit Src code Simple learning exercise

4 Kernel Module Let’s do some statistics on speed in kernel space vs user space Right off the bat, almost 2x faster in kernel space for simple “hello world”, but far from a good picture

5 Kernel module How about something a little more complex?
Matrix multiplication + printing result each iteration Same program in user vs kernel space, doing same work Kernel space grow pretty consistently (linear) while user space grows faster. 9-10: 10x increase in complexity, 22x increase in time difference

6 Kernel Module Graph is logarithmic. Graph is showing –difference- in time

7 Kernel Module Far from full picture
Different I/O test would have been nice, but no kernel library for read/writing to FS Non trivial to write from scratch – out of scope for project Difference primarily caused by printing result. Basic math (shouldn’t) be impacted by user vs kernel space. Printing == IO, which requires going from user  kernel space (overhead) and back When done in kernel space, this is avoided

8 Syscall Hijack Hijacked the sys_open syscall
Responsible for opening files Rewrites all attempts to open any *.jpg files, to open only 1 specific jpg given as arg when loading module For learning Worked off of others work

9 Syscall hijack To be possible, must compile kernel with CONFIG_DEBUG_RODATA disabled This disables write protection on kernel protected data structures (i.e. syscall table) This would module would likely never work in real world scenario

10 SYSCALL Hijack

11 Syscall Hijack

12 Result

13 Summary Kernel space is typically faster than user space
Most userspace programs end up being transferred to kernel space for various common calls anyways Running code in kernel space avoids this, but in real world should typically never be done due to various concerns security, kernel performance, stability, etc. Should only be done in uncommon situation (i.e. custom hardware or driver) and only if fully understanding the risks Can write module to hijack syscall for amusing effect Not practical in real world without unpatched vulnerability, or somebody purposefully disabling write protection on kernel data structures Can hijack any file type Must be careful when messing with sys_open, as if broken, would not be able to “open” the shutdown program

14 References https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel

Download ppt "Kernel module & Syscall Hijacking"

Similar presentations

DEVICE DRIVER VINOD KAMATH CS691X PROJECT WORK. Introduction How to write/install device drivers Systems, Kernel Programming Character, Block and Network.

DEVICE DRIVER VINOD KAMATH CS691X PROJECT WORK. Introduction How to write/install device drivers Systems, Kernel Programming Character, Block and Network.
Profiling Applications in Luis I. Gomez 4.18. BR Profiler BR Profiler Feature –Components –Profiler types –Profiling an application –Interpreting your.

Profiling Applications in Luis I. Gomez BR Profiler BR Profiler Feature –Components –Profiler types –Profiling an application –Interpreting your.
IGOR: A System for Program Debugging via Reversible Execution Stuart I. Feldman Channing B. Brown slides made by Qing Zhang.

IGOR: A System for Program Debugging via Reversible Execution Stuart I. Feldman Channing B. Brown slides made by Qing Zhang.
1 CMSC421: Principles of Operating Systems Nilanjan Banerjee Principles of Operating Systems Assistant Professor, University of Maryland Baltimore County.

1 CMSC421: Principles of Operating Systems Nilanjan Banerjee Principles of Operating Systems Assistant Professor, University of Maryland Baltimore County.
Chapter 6 Limited Direct Execution

Chapter 6 Limited Direct Execution
File Management Systems

File Management Systems
Memory Management (II)

Memory Management (II)
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,

Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
Memory Management 2010.

Memory Management 2010.
A. Frank - P. Weisberg Operating Systems Real Memory Management.

A. Frank - P. Weisberg Operating Systems Real Memory Management.
CSE 451: Operating Systems Section 2 Interrupts, Syscalls, Virtual Machines, and Project 1.

CSE 451: Operating Systems Section 2 Interrupts, Syscalls, Virtual Machines, and Project 1.
I/O Tanenbaum, ch. 5 p. 329 – 427 Silberschatz, ch. 13 p. 495 - 527.

I/O Tanenbaum, ch. 5 p. 329 – 427 Silberschatz, ch. 13 p
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
CprE 458/558: Real-Time Systems (G. Manimaran)1 RTLinux Lab – Introduction Cpre 558 Anil

CprE 458/558: Real-Time Systems (G. Manimaran)1 RTLinux Lab – Introduction Cpre 558 Anil
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
I/O Systems ◦ Operating Systems ◦ CS550. Note:  Based on Operating Systems Concepts by Silberschatz, Galvin, and Gagne  Strongly recommended to read.

I/O Systems ◦ Operating Systems ◦ CS550. Note:  Based on Operating Systems Concepts by Silberschatz, Galvin, and Gagne  Strongly recommended to read.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Parallel Computing The Bad News –Hardware is not getting faster fast enough –Too many architectures –Existing architectures are too specific –Programs.

Parallel Computing The Bad News –Hardware is not getting faster fast enough –Too many architectures –Existing architectures are too specific –Programs.
UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.

UNIX System Administration OS Kernal Copyright 2002, Dr. Ken Hoganson All rights reserved. OS Kernel Concept Kernel or MicroKernel Concept: An OS architecture-design.
Imperial College Tracker Slow Control & Monitoring.

Imperial College Tracker Slow Control & Monitoring.

Similar presentations

Ads by Google