Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lucab/modinsert-rs

A dirty module-loading library for the Linux kernel
https://github.com/lucab/modinsert-rs

Last synced: about 1 month ago
JSON representation

A dirty module-loading library for the Linux kernel

Host: GitHub
URL: https://github.com/lucab/modinsert-rs
Owner: lucab
Created: 2017-10-29T17:10:49.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2017-10-30T08:22:42.000Z (about 7 years ago)
Last Synced: 2024-10-12T02:27:18.573Z (about 1 month ago)
Language: Rust
Size: 3.91 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # modinsert

[![Build Status](https://travis-ci.org/lucab/modinsert-rs.svg?branch=master)](https://travis-ci.org/lucab/modinsert-rs)

[![crates.io](https://img.shields.io/crates/v/modinsert.svg)](https://crates.io/crates/modinsert)

[![LoC](https://tokei.rs/b1/github/lucab/modinsert-rs?category=code)](https://github.com/lucab/modinsert-rs)

[![Documentation](https://docs.rs/modinsert/badge.svg)](https://docs.rs/modinsert)

A dirty module-loading library for the Linux kernel.

`modinsert` provides support for loading Linux kernel modules, in an "alternative" way.

This abuses Linux modules auto-loading mechanism to trick

the kernel into shelling out to the userspace `modprobe`

helper.

A [side-effect][dev_load] of `SIOCGIFINDEX` ioctl results in

the kernel looking up and loading arbitrary modules by name.

This isn't strictly a privilege escalation as the caller must

have `CAP_SYS_MODULE` capability; however it allows containerized

process to load modules in the host namespace.

This is a dirty mechanism, as the ioctl syscall will induce a

context-switch back from kernel-space to user-space to run

a host binary outside of caller context.

Typically this results in `modprobe` being called in the host,

however arbitrary binaries can be run by tweaking the usermode

helper sysctl at `/proc/sys/kernel/modprobe`.

See `modprobe(7)` for more documentation on kernel modules.

[dev_load]: https://github.com/torvalds/linux/blob/v4.12/net/core/dev_ioctl.c#L372

## Example

```rust

//! Run this, then check `dmesg` for the effects.

//! It works in containers too, as long as the process has `CAP_SYS_MODULE`.

extern crate modinsert;

use std::ffi::CString;

fn main() {

    let modname = CString::new("rbd").unwrap();

    modinsert::try_load(&modname);

}

```

Some more examples are available under [examples](examples).

## License

Licensed under either of

 * MIT license - 

 * Apache License, Version 2.0 - 

at your option.