Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "LKM"

From NetSec
Jump to: navigation, search
Line 12: Line 12:
 
{{code|text=
 
{{code|text=
 
<source lang="bash">
 
<source lang="bash">
# insmod modname.ko
+
&#35; insmod modname.ko
# rmmod modname
+
&#35; rmmod modname
 
</source>
 
</source>
 
}}
 
}}

Revision as of 20:51, 21 June 2016

LKM stands for "Linux Kernel Module" or "Loadable Kernel Module". As the name implies, it is a way to allow code to interact directly with the kernel, in the kernel. In essence, it is a way to extend the kernel and add functionality to it. Although it goes without saying that you need root to modify the kernel, this opens up an interesting way to backdoor a box. You can see a list of currently loaded kernel modules in two ways:

 
$ lsmod
$ cat /proc/modules
 

You can (as root) add new modules to your kernel with the insmod and rmmod commands:

 
&#35; insmod modname.ko
&#35; rmmod modname
 

These two utilities provide a simple, clean way to insert or remove modules from the kernel. If you need more advanced control over the insertion, removal and alteration of modules in the kernel, use the more fully-featured modprobe utility instead.

See Also