kernel_pwn

× 文章目录
  1. 0x01 参考
  2. 0x02 内核编译及测试
    1. 问题1
    2. 问题2
    3. 问题3
    4. 问题4
    5. 问题5

记录一下linux kernel的学习过程

0x01 参考

Linux 内核漏洞利用教程(一):环境配置

Linux 内核漏洞利用教程(二):两个Demo

Linux 内核漏洞利用教程(三):实践 CSAW CTF 题目

CTF KETNEL PWN 入门记录

这里只记录一下没提到的一些问题

0x02 内核编译及测试

编译的时候可以用make -j6加快编译速度(4核)

问题1

在make的时候报错

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CC      kernel/bounds.s
In file included from include/linux/compiler.h:40:0,
                 from include/linux/stddef.h:4,
                 from include/linux/posix_types.h:4,
                 from include/linux/types.h:14,
                 from include/linux/page-flags.h:8,
                 from kernel/bounds.c:9:
include/linux/compiler-gcc.h:86:30: fatal error: linux/compiler-gcc5.h: No such file or directory
compilation terminated.
/home/d1nn3r/Desktop/linux-2.6.32.1/./Kbuild:35: recipe for target 'kernel/bounds.s' failed
make[1]: *** [kernel/bounds.s] Error 1
Makefile:982: recipe for target 'prepare0' failed
make: *** [prepare0] Error 2

原因是就的内核编译找不到gcc5,把当前内核的gcc头文件放进去就行

1
2
3
4
5
src gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

解决方案

1
➜  linux-2.6.32.1 sudo cp /usr/src/linux-headers-4.10.0-28/include/linux/compiler-gcc.h ./include/linux/compiler-gcc5.h

问题2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
In file included from include/linux/compiler.h:40:0,
                 from include/linux/stddef.h:4,
                 from include/linux/posix_types.h:4,
                 from include/linux/types.h:14,
                 from include/linux/math64.h:4,
                 from include/linux/jiffies.h:4,
                 from init/calibrate.c:7:
include/linux/compiler-gcc.h:78:0: note: this is the location of the previous definition
 #define __printf(a,b)   __attribute__((format(printf,a,b)))
 ^
  LD      init/built-in.o
init/mounts.o: In function `tty_port_users':
/home/d1nn3r/Desktop/linux-2.6.32.1/include/linux/tty.h:471: multiple definition of `tty_port_users'
init/main.o:/home/d1nn3r/Desktop/linux-2.6.32.1/include/linux/tty.h:471: first defined here
scripts/Makefile.build:297: recipe for target 'init/built-in.o' failed
make[1]: *** [init/built-in.o] Error 1
Makefile:878: recipe for target 'init' failed
make: *** [init] Error 2

原因是gcc版本过高,降低gcc版本即可

1
2
3
4
sudo apt-get install gcc-4.8
cd /usr/bin
sudo mv gcc gcc.bak
sudo ln -s gcc-4.8 gcc

问题3

1
2
3
4
5
6
7
8
gcc: error: elf_x86_64: No such file or directory
gcc: error: unrecognized command line option ‘-m
/home/d1nn3r/Desktop/linux-2.6.32.1/arch/x86/vdso/Makefile:34: recipe for target 'arch/x86/vdso/vdso.so.dbg' failed
make[2]: *** [arch/x86/vdso/vdso.so.dbg] Error 1
scripts/Makefile.build:365: recipe for target 'arch/x86/vdso' failed
make[1]: *** [arch/x86/vdso] Error 2
Makefile:878: recipe for target 'arch/x86' failed
make: *** [arch/x86] Error 2

修改arch/x86/vdso/Makefile文件

1
2
VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -Wl,-soname=linux-vdso.so.1    -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096"-m elf_x86_64" 替换为 "-m64"
    VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -Wl,-soname=linux-gate.so.1中的 "-m elf_i386" 替换为 "-m32"

问题4

1
2
3
4
5
Can't use 'defined(@array)' (Maybe you should just omit the defined()?) at kernel/timeconst.pl line 373.
/home/d1nn3r/Desktop/linux-2.6.32.1/kernel/Makefile:129: recipe for target 'kernel/timeconst.h' failed
make[1]: *** [kernel/timeconst.h] Error 255
Makefile:878: recipe for target 'kernel' failed
make: *** [kernel] Error 2

将kernel/timeconst.pl中第373行的defined()去掉只留下@val就可以了

问题5

1
2
3
4
5
6
7
8
9
10
11
12
13
In file included from drivers/net/igbvf/ethtool.c:36:0:
drivers/net/igbvf/igbvf.h: At top level:
drivers/net/igbvf/igbvf.h:128:15: error: duplicate member ‘page’
  struct page *page;
               ^
scripts/Makefile.build:229: recipe for target 'drivers/net/igbvf/ethtool.o' failed
make[3]: *** [drivers/net/igbvf/ethtool.o] Error 1
scripts/Makefile.build:365: recipe for target 'drivers/net/igbvf' failed
make[2]: *** [drivers/net/igbvf] Error 2
scripts/Makefile.build:365: recipe for target 'drivers/net' failed
make[1]: *** [drivers/net] Error 2
Makefile:878: recipe for target 'drivers' failed
make: *** [drivers] Error 2

原因是高版本的gcc不再支持在同一个函数中结构体和联合出现相同名称的变量引起的,分别到对应的文件里,找到定义的结构体或者联合将其相同的变量名称任意修改掉一个就可以了

1
➜  linux-2.6.32.1 gedit ./drivers/net/igbvf/igbvf.h

扫一扫,分享到微信

微信分享二维码