You cannot load the LSM module from 2.6.35 (see c1e992b99603a84d7debb188542b64f2d9232c07 commit). Thus, it is not the right task to get LSM outside the kernel. But you can always try to parse the kernel at runtime and find all private characters, such as the security_ops pointer.
For example, look at the exported security_sb_copy_data symbol:
int security_sb_copy_data(char *orig, char *copy) { return security_ops->sb_copy_data(orig, copy); } EXPORT_SYMBOL(security_sb_copy_data);
This dump might look like this (x86_64):
(gdb) x/7i security_sb_copy_data 0xffffffff811f61b0: push %rbp 0xffffffff811f61b1: mov %rsp,%rbp 0xffffffff811f61b4: data32 data32 data32 xchg %ax,%ax 0xffffffff811f61b9: mov 0x881690(%rip),%rax
Thus, the address 0xffffffff81a77850 is an exact pointer to security_ops . Let me check this out:
(gdb) x/s* 0xffffffff81a77850 0xffffffff81850fa0: "default"
OK, now we have a valid security_ops pointer and it can do anything with LSM outside the kernel.
PS There is an excellent Linux kernel security project - AKARI. It implements interesting methods for resolving private characters without disassembling (see sources for more details).
Ilya Matveychikov
source share