/* note: this module is in beta, and has not been tested. The author * makes no guarantee of it's stability or effectiveness. * * USE AT YOUR OWN RISK! */ /* * spfx v1.0b by Justin Lesarge * * Contact: nijenrode@india.com, irc://irc.dal.net Sorcerer * * This module prevents security breaches (such as remote root) * by protecting the system from code running on the stack. As many * exploits work by "smashing" the stack to execute buffered code * on the stack, loading this module should greatly increase system * security. Examples of exploits which this module prevents are: * * all remote root exploits for: bind/named, wu.ftpd, imap, etc.. * * this code may be freely distributed and modified, so long as credit * to the original author (Justin Lesarge) is left in tact. * * to load this module, use: cc -c spfx.c -o ./spfx.o insmod ./spfx.o */ #define MODULE 1 #include #include #include extern void *sys_call_table[]; static void *old_call_table[NR_syscalls]; #ifndef NO_DISP # if (EBP>FS) # define _EBP ((EBP-2)*4) # else # define _EBP (EBP*4) # endif # if (EIP>FS) # define _EIP ((EIP-2)*4) # else # define _EIP (EIP*4) # endif # if (UESP>FS) # define _UESP ((UESP-2)*4) # else # define _UESP (UESP*4) # endif #endif static void (__handler__) (void *x) { register unsigned long ebp asm("ebp"); ebp=(unsigned long)&x; __asm__ __volatile__("pushl %%ecx;pushl %%edx;movl %c0(%%ebp),%%ecx;" "movl %c1(%%ebp),%%edx;cmpl %%ecx,%%edx;jbe 0f;" "xchgl %%edx,%%ecx;0:;subl %%edx,%%ecx;" "shrl $16,%%ecx;jnz 1f;movl $1,%%eax;1:;" "popl %%edx;popl %%ecx;movl %%ebp,%%esp;" "subl $4,%%esp;movl %c2(%%ebp),%%ebp;" "jmp *old_call_table(,%%eax,4);" ::"i"(_EIP),"i"(_UESP),"i"(_EBP)); } int init_module() { int n; for(n=0;n