Current File : //usr/share/makedumpfile/eppic_scripts/README
===================================
Eppic scripts README
==================================
These eppic scripts are based on the fedora 19 kernel. eppic scripts
naming convention follows the format:
<eppic_script name>-<valid from kernel version>_to_<valid until kernel version>.c
For example consider dir_names_3_10_to_3_13.c. This script would scrub
sensitive information successfully, when run against kernel version >= 3.10
and kernel version <= 3.13.
1. Eppic script: proc_names_3_10_to_4_8.c
Description: Scrubs executable name of each user process
Explanation:
Walks all processes via the tasks lists starting from init_task
extern struct task_struct init_task;
struct task_struct {
...
struct list_head tasks;
...
char comm[TASK_COMM_LEN]; /* executable name excluding path */
...
};
For each user space process clear executable name
struct task_struct *tsk;
list_for_each_entry(tsk, &init_task, tasks) {
if (tsk->mm)
memset(tsk->comm, 0, TASK_COMM_LEN);
}
2. Eppic script: dir_names_3_10_to_3_13.c
Description: Scrubs filenames of cached dentries
Explanation:
i) iterate over all mounted filesystems
struct vfsmount {
struct list_head mnt_hash;
...
struct dentry *mnt_root; /* root of the mounted tree */
...
};
for (u = 0; i < HASH_SIZE; u++) {
struct vfsmount *mnt;
list_for_each_entry(mnt, &mount_hashtable[u], mnt_hash) {
struct dentry *root;
root = mnt->mnt_root;
...
}
}
ii) recursively walk the dentries of each tree starting from root dentry
and clear d_name and d_iname
struct dentry {
...
struct qstr d_name;
...
unsigned char d_iname[DNAME_INLINE_LEN]; /* small names */
...
struct list_head d_subdirs; /* our children */
...
};
void walk_dentries(struct dentry *dentry)
{
struct dentry *child;
memset(dentry->d_iname, 0, DNAME_INLINE_LEN);
memset(dentry->d_name.name, 0, dentry->d_name.len);
list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child)
walk_dentries(child);
}
3. Eppic script: keyring_3_10_to_4_3.c
Description: Scrubs all entries in the keyring
Explanation:
Scan the keyring_name_hash hash table
static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
for (i = 0; i < KEYRING_NAME_HASH_SIZE; i++)
if (!list_empty(&keyring_name_hash[i])) {
...
}
For each non-empty list walk all keyring entries
struct key {
...
struct key_type *type; /* type of key */
...
unsigned short datalen; /* payload data length */
...
union {
struct list_head link;
...
} type_data;
...
union {
unsigned long value;
void __rcu *rcudata;
void *data;
struct keyring_list __rcu *subscriptions;
} payload;
};
struct key *key;
list_for_each_entry(key, &keyring_name_hash[i], type_data.link) {
...
}
Clear value/rcudata/data dependent on the type of the key.
4. Eppic script: ap_messages_3_10_to_4_8.c
Description: Clear the message data of all ap_bus requests
Explanation:
Walk all devices in the LIST_HEAD(ap_device_list);
struct ap_device {
...
struct list_head list; /* private list of all AP devices. */
...
struct list_head pendingq; /* List of message sent to AP queue. */
int pendingq_count; /* # requests on pendingq list. */
struct list_head requestq; /* List of message yet to be sent. */
int requestq_count; /* # requests on requestq list. */
...
};
struct ap_device *device;
list_for_each_entry(device, &ap_device_list, list) {
...
}
For each ap device walk the pendingq and requestq list
struct ap_message {
struct list_head list; /* Request queueing. */
...
void *message; /* Pointer to message buffer. */
size_t length; /* Message length. */
...
};
struct ap_message *apmsg;
list_for_each_entry(apmsg, &device->pendingq, list) {
...
}
list_for_each_entry(apmsg, &device->requestq, list) {
...
}
For each message in pendingq and requestq clear the message
memset(apmsg->message, 0, apmsg->length);
5. Eppic script: tcp_sk_buf_3_10_to_4_8.c
Description: Scrub data in tcp socket buffers
Explanation:
Find tcp domain sockets (struct sock *sk)
tcp sockets:
Iterate from 0 to INET_LHTABLE_SIZE and get inet_list_hashbucket from
tcp_hash_info.listening_hash[<index>]
for (i = 0; i < INET_LHTABLE_SIZE; i++) {
struct inet_listen_hashbucket *ilb = &tcp_hashinfo.listening_hash[i];
}
For each hash bucket iterate over ilb->head null list to get sockets:
struct sock *sk;
sk_nulls_for_each(sk, node, &ilb->head) {
...
}
For each socket iterate over the socket buffers in
sk_receive_queue and sk_write_queue:
struct sock {
...
struct sk_buff_head sk_receive_queue;
...
struct sk_buff_head sk_write_queue;
...
};
struct sk_buff_head {
struct sk_buff *next;
struct sk_buff *prev;
};
For each struct sk_buff in the two lists clear the memory referenced
by skb->data / skb->data_len:
struct sk_buff {
...
unsigned int data_len;
...
unsigned char *data;
...
};
6. Eppic script: udp_sk_buf_3_10_to_4_8.c
Description: Scrub data of udp socket buffers
Explanation:
Find all udp sockets (struct sock *sk)
udp sockets:
Iterate from 0 to udp_table->mask and get udp_hslot from hash table:
for (i = 0; i < udp->table->mask; i++) {
struct udp_hslot *hslot = udp_table->hash[i];
...
}
For each hslot iterate over hslot->head null list to get sockets:
struct sock *sk;
sk_nulls_for_each(sk, node, &hslot->head) {
...
}
For each socket iterate over the socket buffers in
sk_receive_queue and sk_write_queue.
For each struct sk_buff in the two lists clear the memory referenced
by skb->data / skb->data_len.
7. Eppic script: unix_sk_buff_3_10_to_4_8.c
Description: Scrub data of unix socket buffers
Explanation:
Iterate from 0 to UNIX_HASH_SIZE and then walk the hlist in
for (i = 0; i < UNIX_HASH_SIZE; i++) {
struct list_head *list = &unix_socket_table[i];
...
}
Walk each non-empty list in unix_socket_table
struct sock *sk;
sk_for_each(sk, node, &unix_socket_table[i])
For each socket iterate over the socket buffers in
sk_receive_queue and sk_write_queue.
For each struct sk_buff in the two lists clear the memory referenced
by skb->data / skb->data_len.
8. Eppic script: vhost_net_buffers_3_10_to_3_18.c
Description: Scrub socket buffers of guest network I/O
Explanation:
Scrub socket buffers of guest network I/O
vhost_net instance will be attached to the file's private data.
To get to the right file check the fdtable for each task, if the file
has registered its fops with vhost_net_open, if so we can retreive the
file's private data.
if (task->files->fdt->fd[i]->f_op->open == &vhost_net_open)
struct vhost_net *net = f->private_data;
struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_MAX];
struct vhost_virtqueue *vq = &nvq->vq;
struct socket *sock = vq->private_data;
struct sock *sk = sock->sk;
struct sk_buff *next = sk->sk_receive_queue.next;
struct sk_buff *prev = sk->sk_receive_queue.prev;
Scrub next->data till the end of the sk_receive_queue and
sk_write_queue list
9. Eppic script: vhost_scsi_buffers_3_10_to_4_8.c
Description: Scrub buffers involved in guest block I/O
Explanation:
vhost_scsi instance will be attached to the file's private data.
to get to the right file check the fdtable for each task, if the
file has registered its fops with vhost_net_open, if so we can
retreive the file's private data.
if (task->files->fdt->fd[i]->f_op->open == &vhost_scsi_open)
vhost_scsi *vs = task->files->fdt->fd[i]->private_data;
struct vhost_virtqueue *vq = (struct vhost_virtqueue *)vs->vqs[i].vq;
scrub vq->iov[j].iov_base
Mr. DellatioNx196 GaLers xh3LL Backd00r 1.0, Coded By Mr. DellatioNx196 - Bogor BlackHat