From owner-freebsd-hackers  Wed Aug  7  5:10:29 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D7ED37B401
	for <freebsd-hackers@FreeBSD.ORG>; Wed,  7 Aug 2002 05:10:27 -0700 (PDT)
Received: from mx0.gmx.net (mx0.gmx.net [213.165.64.100])
	by mx1.FreeBSD.org (Postfix) with SMTP id 44D5A43E6E
	for <freebsd-hackers@FreeBSD.ORG>; Wed,  7 Aug 2002 05:10:26 -0700 (PDT)
	(envelope-from Vail@gmx.net)
Received: (qmail 4006 invoked by uid 0); 7 Aug 2002 12:10:25 -0000
Date: Wed, 7 Aug 2002 14:10:24 +0200 (MEST)
From: Ingram <Vail@gmx.net>
To: freebsd-hackers@FreeBSD.ORG
MIME-Version: 1.0
Subject: How to port old 3.x kld to 4.x?
X-Priority: 3 (Normal)
X-Authenticated-Sender: #0002727965@gmx.net
X-Authenticated-IP: [62.245.144.206]
Message-ID: <8664.1028722224@www19.gmx.net>
X-Mailer: WWW-Mail 1.5 (Global Message Exchange)
X-Flags: 0001
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

How to port old 3.x kld to 4.x?

greetings,

for the purpose of a honeypot i seek a solution
to implement an "exec-redirection", which could
redirect any call to /bin/sh to another file.

After searching many days i found only one
solution which could handle this: a kld.

The kld is the redirection one from the paper at
http://reactor-core.org/security/freebsd-kernel-hacking.html#II.4.

It compiles and loads with kldload but if i execute the redirected
file on my box, the whole os just hangs and spits something like
"kernel page fault".

I expect the problems lying within the userspace allocation, but
i am not experienced enough in coding kld to port this code
so that it works under FreeBSd 4.6 (or future releases).

Somebody here who could help me out with that?


Many thx in advantage, my regards
Ingram

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message