Introduction
linux 内核漏洞利用的环境配置。
配置环境: ubuntu 12.04 x86
build linux kernel
运行如下命令:
wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.gz
tar zxvf linux-2.6.32.tar.gz
cd linux-2.6.32/
sudo apt-get install libncurses5-dev
sudo apt-get install qemu qemu-system
make menuconfig # 默认就好
make
make all
make modules
编译遇到的错误:
错误一:
gcc: error: elf_i386: No such file or directory
make[2]: *** [arch/x86/vdso/vdso32-int80.so.dbg] Error 1
make[1]: *** [arch/x86/vdso] Error 2
make: *** [arch/x86] Error 2
解决办法:
修改 arch/x86/vdso/Makefile
...
VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -Wl,-soname=linux-vdso.so.1 \
-Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096
...
VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -Wl,-soname=linux-gate.so.1
...
改为:
...
VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
-Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096
...
VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-soname=linux-gate.so.1
...
错误二:
drivers/net/igbvf/igbvf.h:128:15: error: duplicate member ‘page’
struct page *page;
^
make[3]: *** [drivers/net/igbvf/ethtool.o] 错误 1
make[2]: *** [drivers/net/igbvf] 错误 2
make[1]: *** [drivers/net] 错误 2
make: *** [drivers] 错误 2
修改 drivers/net/igbvf/igbvf.h:
struct {
struct page *_page;
u64 page_dma;
unsigned int page_offset;
};
build busybox
运行如下命令:
cd ..
wget https://busybox.net/downloads/busybox-1.19.4.tar.bz2
tar -jxvf busybox-1.19.4.tar.bz2
cd busybox-1.19.4
make menuconfig
make install
编译配置 make menuconfig:
选择
- Busybox Settings -> Build Options -> Build Busybox as a static binary
去掉
- Linux System Utilities -> [] Support mounting NFS file system 网络文件系统
- Networking Utilities -> [] inetd (Internet超级服务器)
编译完后进行如下配置:
cd _install
mkdir -pv {bin,sbin,etc,etc/init.d,proc,sys,usr/{bin,sbin}}
添加 etc/inittab:
::sysinit:/etc/init.d/rcS
::askfirst:/bin/ash
::ctrlaltdel:/sbin/reboot
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r
::restart:/sbin/init
添加 etc/init.d/rcS:
#!/bin/sh
mount -t proc none /proc
mount -t sys none /sys
/bin/mount -n -t sysfs none /sys
/bin/mount -t ramfs none /dev
/sbin/mdev -
上述过程与linux启动相关,/etc/inittab与rcS做系统的初始化工作,诸如:加载shell,mount磁盘等等。
运行:
chmod +x etc/init.d/rcS
find . | cpio -o --format=newc > ../rootfs.img # 生成 .img 文件
最终启动脚本:
#!/bin/sh
qemu-system-i386 -kernel linux-2.6.32/arch/x86/boot/bzImage -initrd busybox-1.19.4/rootfs.img -append "root=/dev/ram
rdinit=/sbin/init" -s # –nographic
其中 -m 指定内存RAM大小为128M,–nographic 可以设置不在qemu界面启动,在命令行启动便于操作,
-s 在1234端口打开gdb调试端口,方便gdb连接调试
reference
- Linux内核漏洞利用(一)环境配置
- Linux 内核漏洞利用教程(一):环境配置
https://www.anquanke.com/post/id/85837
- Linux Kernel Exploit Environment
http://tacxingxing.com/2018/02/15/linuxkernelexploit-huan-jing-da-jian/
- linux-kernel expoit study(1) —编译并用qemu运行内核
http://bestwing.me/2017/04/04/Complie-linux-kernel-and-running-it-using-qemu/