Kernel Module built doesn't include ccflags -y

0
votes

I was using https://github.com/croemheld/lkm-rootkit
with the following tree under pwd

├── LICENSE

├── Makefile

├── README.md

└── src

    ├── core.c

    ├── getdents_hook.c

    ├── headers

    │   ├── core.h

    │   ├── getdents_hook.h

    │   ├── module_hiding.h

    │   ├── network_keylog.h

    │   ├── packet_hiding.h

    │   ├── port_knocking.h

    │   ├── privilege_escalation.h

    │   ├── server.h

    │   └── socket_hiding.h

    ├── include

    │   ├── headers

    │   │   └── utils.h -->this is where the error happens
 
    │   └── utils.c

    ├── libs

    │   ├── headers

    │   │   └── syscalltable.h

    │   └── syscalltable.c

    ├── module_hiding.c

    ├── network_keylog.c

    ├── packet_hiding.c

    ├── port_knocking.c

    ├── privilege_escalation.c

    ├── server.c

    └── socket_hiding.c


6 directories, 25 files

----------------------------------------------------------
with the following Makefile

# Module name
ROOTKIT     := rootkit

# Build
MODULEDIR   := /lib/modules/$(shell uname -r)
BUILDDIR    := $(MODULEDIR)/build
KERNELDIR   := $(MODULEDIR)/kernel

# Source files
SRCS_S      := src
LIBS_S      := src/libs
INCL_S      := src/include

# Header files
SRCS_H      := $(shell pwd)/$(SRCS_S)/headers
LIBS_H      := $(shell pwd)/$(LIBS_S)/headers
INCL_H      := $(shell pwd)/$(INCL_S)/headers


# Module
obj-m       := $(ROOTKIT).o

# Core
$(ROOTKIT)-y    += src/core.o

# Source
$(ROOTKIT)-y    += src/server.o
$(ROOTKIT)-y    += src/network_keylog.o
$(ROOTKIT)-y    += src/getdents_hook.o
$(ROOTKIT)-y    += src/socket_hiding.o
$(ROOTKIT)-y    += src/packet_hiding.o
$(ROOTKIT)-y    += src/port_knocking.o
$(ROOTKIT)-y    += src/privilege_escalation.o
$(ROOTKIT)-y    += src/module_hiding.o

# Libs
$(ROOTKIT)-y    += src/libs/syscalltable.o

# Include
$(ROOTKIT)-y    += src/include/utils.o

ccflags-y   := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
subdir-ccflags-y    := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
# Recipes
all:    print_file_vars
    $(MAKE) -C $(BUILDDIR) M=$(shell pwd) modules

load:
    insmod $(KERNELDIR)/net/ipv4/netfilter/nf_reject_ipv4.ko
    insmod $(KERNELDIR)/net/ipv6/netfilter/nf_reject_ipv6.ko
    insmod rootkit.ko

clean:
    $(MAKE) -C $(BUILDDIR) M=$(shell pwd) clean
print_file_vars:
    $(foreach v, $(.VARIABLES), $(info $(v) = $($(v))))

But when I sudo make,there is an error:

 make[1]: Entering directory '/usr/src/linux-headers-4.15.0-106-generic'

  CC [M]  /home/eric/Code/linux/module/lkm-rootkit/src/core.o
/home/eric/Code/linux/module/lkm-rootkit/src/core.c:1:19: fatal error: utils.h: No such file or directory
compilation terminated.

However ccflags-y has been set,include path has been add to ccflags-y,can someone help me,mercy

1
modulekernel

1 Answers

0
votes

In ccflags-y for refer to the "current" directory (where your Makefile is located) use $(src) construction:

ccflags-y   := -I$(src)/src/headers

It is NOT correct to refer this directory using $(shell pwd): when the module is built, the current directory refers to the kernel build tree, not to the directory with your Makefile.

Remember: your Makefile is parsed twice:

  1. When you call make from the module's source directory.
  2. When line $(MAKE) -C $(BUILDDIR) M=$(shell pwd) modules is executed.

The first time your Makefile is processed in usual way, with pwd expanded to the module's source directory. That time Make executes all target and any other target it depends on. E.g. that time Make executes your print_file_vars target which prints value of SRCS_H variable and you find this variable to be correct.

The second time your Makefile is processed as a part on a larger Makefile with pwd expanded to the kernel build directory. Only that time variables obj-m, ccflags-y and other variables like *-m or *-y are used, and this is why you cannot use pwd for this variables.