1 unstable release
Uses old Rust 2015
0.1.0 | Oct 29, 2017 |
---|
#36 in #kernel-module
5KB
modinsert
A dirty module-loading library for the Linux kernel.
modinsert
provides support for loading Linux kernel modules, in an "alternative" way.
This abuses Linux modules auto-loading mechanism to trick
the kernel into shelling out to the userspace modprobe
helper.
A side-effect of SIOCGIFINDEX
ioctl results in
the kernel looking up and loading arbitrary modules by name.
This isn't strictly a privilege escalation as the caller must
have CAP_SYS_MODULE
capability; however it allows containerized
process to load modules in the host namespace.
This is a dirty mechanism, as the ioctl syscall will induce a context-switch back from kernel-space to user-space to run a host binary outside of caller context.
Typically this results in modprobe
being called in the host,
however arbitrary binaries can be run by tweaking the usermode
helper sysctl at /proc/sys/kernel/modprobe
.
See modprobe(7)
for more documentation on kernel modules.
Example
//! Run this, then check `dmesg` for the effects.
//! It works also in containers, as long as the caller has `CAP_SYS_MODULE`.
extern crate modinsert;
use std::ffi::CString;
fn main() {
let modname = CString::new("rbd");
modinsert::try_load(&modname));
}
Some more examples are available under examples.
License
Licensed under either of
- MIT license - http://opensource.org/licenses/MIT
- Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0
at your option.
Dependencies
~1.5MB
~37K SLoC