#kernel-module #linux-kernel #linux

modinsert

A dirty module-loading library for the Linux kernel

1 unstable release

Uses old Rust 2015

0.1.0 Oct 29, 2017

#36 in #kernel-module

MIT/Apache

5KB

modinsert

Build Status crates.io LoC Documentation

A dirty module-loading library for the Linux kernel.

modinsert provides support for loading Linux kernel modules, in an "alternative" way.

This abuses Linux modules auto-loading mechanism to trick the kernel into shelling out to the userspace modprobe helper.

A side-effect of SIOCGIFINDEX ioctl results in the kernel looking up and loading arbitrary modules by name. This isn't strictly a privilege escalation as the caller must have CAP_SYS_MODULE capability; however it allows containerized process to load modules in the host namespace.

This is a dirty mechanism, as the ioctl syscall will induce a context-switch back from kernel-space to user-space to run a host binary outside of caller context.

Typically this results in modprobe being called in the host, however arbitrary binaries can be run by tweaking the usermode helper sysctl at /proc/sys/kernel/modprobe.

See modprobe(7) for more documentation on kernel modules.

Example

//! Run this, then check `dmesg` for the effects.
//! It works also in containers, as long as the caller has `CAP_SYS_MODULE`.

extern crate modinsert;

use std::ffi::CString;

fn main() {
    let modname = CString::new("rbd");
    modinsert::try_load(&modname));
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~1.5MB
~37K SLoC