From owner-freebsd-hackers  Sat Sep 15  5:50:17 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 01F4D37B40C
	for <freebsd-hackers@freebsd.org>; Sat, 15 Sep 2001 05:50:14 -0700 (PDT)
Received: from mindspring.com (dialup-209.247.139.129.Dial1.SanJose1.Level3.net [209.247.139.129])
	by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id FAA04825;
	Sat, 15 Sep 2001 05:50:04 -0700 (PDT)
Message-ID: <3BA34EAA.38878044@mindspring.com>
Date: Sat, 15 Sep 2001 05:50:50 -0700
From: Terry Lambert <tlambert2@mindspring.com>
Reply-To: tlambert2@mindspring.com
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Sansonetti Laurent <lorenzo@linuxbe.org>
Cc: freebsd-hackers@freebsd.org
Subject: Re: storing routine code in kernel memory using kvm interface
References: <001501c13de3$45dd8320$0201a8c0@teledisnet.be>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Sansonetti Laurent wrote:
> 
> Hi,
> 
> Is there a way to store a function in kernel memory using KVM interface ?
> 
> I have written a tty spy'er, which simply hijack discipline line entries for
> a tty, and as you know probably, those routines must be situated in kernel
> land.
> 
> I know that I should use KLD for that, but i'm still curious..

No.  You can not allocate memory safely to prevent the kernel
reusing it and stomping your code, and you can not guarantee
your hook installation will be done atomically without getting
context switched or interrupted via a hardware interrupt, thus
panic'ing the kernel.  Not to mention that you would have to
know a huge amount about the VM system to establish mappings,
and those mappings wouldn't be atomic, either, and without them,
your kernel would panic with a "page not present".

Use a KLD instead, unless this is a cracking tool, in which case
go ahead and use /dev/kmem, if it's writeable, since repeated
crashes with tracebacks pointing to a program using your uid
and having /dev/kmem open will get your admin to you-proof his
box.  8-).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message