search

m0nad / Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Other
1.82k stars 431 forks source link

Only works with the kill built-in command of shell, not /bin/kill #7

Closed ryukinix closed 4 years ago

ryukinix commented 6 years ago

I'm trying to use this module inside of another shell that don't implement the kill built-in command (nash). What is happening: if I call kill would be using the kill command stored at /bin/kill and not the kill built-in as bash and zsh does.

Some colleagues said to me that maybe Diamorphine scale for the current process PID of /bin/kill and die early after signal is called. Would be possible scale root-privileged permissions for a given PID? Because with that we can use this with /bin/kill -64 $PID, that means the same stuff will work pretty ok inside of nash.

❯ pacman -Qo /bin/kill
/usr/bin/kill is owned by util-linux 2.31.1-1
m0nad commented 4 years ago

More related to nash than to Diamorphine