Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20181112174016.GA27330@pi3.com.pl>
Date: Mon, 12 Nov 2018 18:40:16 +0100
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: p_lkrg failed to start with error: 'KMOD error!
 Can't initialize global modules variable'

Hi,

Thanks for details. I didn't have a chance to run LKRG on kernel 4.19+. The 
latest kernel version which I've tested is 4.18.7. I will try to set-up testing 
environment and take a look at the reported problem.

Thanks,
Adam

On Mon, Nov 12, 2018 at 06:27:13PM +0100, Jiří Moravec wrote:
> # modprobe p_lkrg p_init_log_level=4
> 
> ended with following output in dmesg:
> 
> Loading LKRG...
> Inserting pid => 1034
> Inserting pid => 2945
> .... 1100 more similar messages ....
> Inserting pid => 7125
> Inserting pid => 7126
> Planted [kretprobe] <__x64_sys_execve> at: 000000007f808d27
> Planted [kretprobe] <__x64_sys_execveat> at: 00000000e2f87e98
> Planted [kretprobe] <call_usermodehelper_exec_async> at: 000000006805112f
> Planted [kretprobe] <_do_fork> at: 00000000bf71ee49
> Planted [kretprobe] <do_exit> at: 000000002ed8b790
> Planted [kretprobe] <__sys_setuid> at: 0000000051ced5cb
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <__sys_setreuid> at: 00000000f04e3d12
> Planted [kretprobe] <__sys_setresuid> at: 000000006a29f114
> Planted [kretprobe] <__sys_setfsuid> at: 000000004b4672dd
> Planted [kretprobe] <__sys_setgid> at: 00000000575e0351
> Planted [kretprobe] <__sys_setregid> at: 000000009e4767b2
> Planted [kretprobe] <__sys_setresgid> at: 000000009407577b
> Planted [kretprobe] <__sys_setfsgid> at: 000000000248292d
> Planted [kretprobe] <set_current_groups> at: 000000000f7a7ef6
> Planted [kretprobe] <do_init_module> at: 000000003d70ad5f
> Planted [kretprobe] <__x64_sys_delete_module> at: 00000000eb584be2
> Planted [kretprobe] <generic_permission> at: 00000000041f359a
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <do_seccomp> at: 00000000cf6e1df0
> Planted [kretprobe] <ksys_unshare> at: 00000000ad807cea
> Planted [kretprobe] <userns_install> at: 0000000002c1e2b4
> Planted [kretprobe] <__x64_sys_capset> at: 000000002eb260e1
> Planted [kretprobe] <cap_task_prctl> at: 00000000d313e37e
> Planted [kretprobe] <key_change_session_keyring> at: 000000003fa5827f
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Planted [kretprobe] <__x64_sys_add_key> at: 00000000af2132ab
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> <Exploit Detection> Can't find process[1 |init] in internal tracking list!
> Planted [kretprobe] <__x64_sys_request_key> at: 00000000ed4d4523
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Inserting pid => 7134
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7135 |chrome] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7135 |chrome] iteration!
> Inserting pid => 7135
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7134]
> Updating ED pid[7135]
> Inserting pid => 7136
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7136]
> Planted [kretprobe] <__x64_sys_keyctl> at: 0000000076abcb9f
> Planted [kretprobe] <__x64_sys_ptrace> at: 000000000c38d105
> Planted [kretprobe] <__ia32_compat_sys_execve> at: 00000000ced89c71
> Planted [kretprobe] <__ia32_compat_sys_execveat> at: 000000001460f1e5
> Planted [kretprobe] <__ia32_compat_sys_keyctl> at: 00000000eab00aba
> Planted [kretprobe] <__ia32_compat_sys_ptrace> at: 0000000071fb62a8
> Planted [kretprobe] <__ia32_sys_delete_module> at: 0000000097ae06b0
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Inserting pid => 7138
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> <Exploit Detection> Can't find process[7139 |chrome] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7139 |chrome] iteration!
> Inserting pid => 7139
> <Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
> <Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
> Updating ED pid[7139]
> Updating ED pid[7138]
> Removing ED pid => 7126
> Planted [kretprobe] <__ia32_sys_capset> at: 0000000015a75f35
> Planted [kretprobe] <__ia32_sys_add_key> at: 00000000cb669968
> Planted [kretprobe] <__ia32_sys_request_key> at: 00000000b4693613
> Planted [kretprobe] <override_creds> at: 000000006864bef0
> Planted [kretprobe] <revert_creds> at: 00000000acb66d2b
> 
> .... and now this error is coming: ....
> 
> KMOD error! Can't initialize global modules variable :( Exiting...
> Can't initialize kernel modules handling! Exiting...
> 
> .... and then messages just continue:
> 
> Removing [kretprobe] <call_usermodehelper_exec_async> at 0x000000006805112f nmissed[0]
> Removing [kretprobe] <_do_fork> at 0x00000000bf71ee49 nmissed[0]
> Removing ED pid => 7116
> Removing ED pid => 7117
> Removing ED pid => 7118
> Removing [kretprobe] <do_exit> at 0x000000002ed8b790 nmissed[0]
> Removing [kretprobe] <__sys_setuid> at 0x0000000051ced5cb nmissed[0]
> Removing [kretprobe] <__sys_setreuid> at 0x00000000f04e3d12 nmissed[0]
> Removing [kretprobe] <__sys_setresuid> at 0x000000006a29f114 nmissed[0]
> Removing [kretprobe] <__sys_setfsuid> at 0x000000004b4672dd nmissed[0]
> Removing [kretprobe] <__sys_setgid> at 0x00000000575e0351 nmissed[0]
> Removing [kretprobe] <__sys_setregid> at 0x000000009e4767b2 nmissed[0]
> Removing [kretprobe] <__sys_setresgid> at 0x000000009407577b nmissed[0]
> Removing [kretprobe] <__sys_setfsgid> at 0x000000000248292d nmissed[0]
> Removing [kretprobe] <set_current_groups> at 0x000000000f7a7ef6 nmissed[0]
> <Exploit Detection> Can't find process[7141 |bash] in internal tracking list!
> <Exploit Detection> Can't find process[7140 |bash] in internal tracking list!
> ....
> <Exploit Detection> Can't find process[7141 |less] in internal tracking list!
> <Exploit Detection> Can't find process[7141 |less] in internal tracking list!
> Removing [kretprobe] <do_init_module> at 0x000000003d70ad5f nmissed[0]
> Removing [kretprobe] <__x64_sys_delete_module> at 0x00000000eb584be2 nmissed[0]
> Removing [kretprobe] <generic_permission> at 0x00000000041f359a nmissed[0]
> Removing [kretprobe] <do_seccomp> at 0x00000000cf6e1df0 nmissed[0]
> Removing [kretprobe] <ksys_unshare> at 0x00000000ad807cea nmissed[0]
> Removing [kretprobe] <userns_install> at 0x0000000002c1e2b4 nmissed[0]
> Removing [kretprobe] <__x64_sys_capset> at 0x000000002eb260e1 nmissed[0]
> Removing [kretprobe] <cap_task_prctl> at 0x00000000d313e37e nmissed[0]
> Removing [kretprobe] <key_change_session_keyring> at 0x000000003fa5827f nmissed[0]
> Removing [kretprobe] <__x64_sys_add_key> at 0x00000000af2132ab nmissed[0]
> Removing [kretprobe] <__x64_sys_request_key> at 0x00000000ed4d4523 nmissed[0]
> Removing [kretprobe] <__x64_sys_keyctl> at 0x0000000076abcb9f nmissed[0]
> Removing [kretprobe] <__x64_sys_ptrace> at 0x000000000c38d105 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_execve> at 0x00000000ced89c71 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_execveat> at 0x000000001460f1e5 nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_keyctl> at 0x00000000eab00aba nmissed[0]
> Removing [kretprobe] <__ia32_compat_sys_ptrace> at 0x0000000071fb62a8 nmissed[0]
> Removing [kretprobe] <__ia32_sys_delete_module> at 0x0000000097ae06b0 nmissed[0]
> Removing [kretprobe] <__ia32_sys_capset> at 0x0000000015a75f35 nmissed[0]
> Removing [kretprobe] <__ia32_sys_add_key> at 0x00000000cb669968 nmissed[0]
> Removing [kretprobe] <__ia32_sys_request_key> at 0x00000000b4693613 nmissed[0]
> Removing [kretprobe] <override_creds> at 0x000000006864bef0 nmissed[0]
> Removing [kretprobe] <revert_creds> at 0x00000000acb66d2b nmissed[0]
> Deleting ED PID => 1034
> Deleting ED PID => 2945
> ....
> Deleting ED PID => 7138
> Deleting ED PID => 7139
> kmem_cache "p_ed_pids" destroyed!
> .... EOF ....
> 
> 
> After that, following message appeared on command line:
> 
> modprobe: ERROR: could not insert 'p_lkrg': Network is unreachable
> 
> 
> So, what actually happened?
> Thanks for response...
> JiM
> 
> 
> PS:
> x86_64 gentoo with kernel 4.19.1 + some extensions and gcc-8.2.0

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.