#!/usr/bin/env python3
from bcc import BPF
BPF_PROGRAM = """
#include <linux/fs.h>
#include <linux/fs_struct.h>
#include <linux/errno.h>
#define __LOWER(x) (x & 0xffffffff)
#define __UPPER(x) (x >> 32)
#define MAX_SIZE 256
LSM_PROBE(bprm_check_security, struct linux_binprm *bprm) {{
u64 times_ret;
char dest[MAX_SIZE];
times_ret = krsi_get_env_var(ctx, "LD_PRELOAD", 11, dest, MAX_SIZE);
// Handle errors (lower 32-bits have the error code)
if (_UPPER(times_ret) > 1)
return EPERM;
return 0;
}
"""
b = BPF(text=BPF_PROGRAM)
print("BPF program loaded")
while True:
try:
b.trace_print()
except KeyboardInterrupt:
break
I try to get the environment var LD_PRELOAD but I get error: warning: implicit declaration of function 'krsi_get_env_var' is invalid in C99 [-Wimplicit-function-declaration] times_ret = krsi_get_env_var(ctx, "LD_PRELOAD", 11, dest, MAX_SIZE);
warning: implicit declaration of function '_UPPER' is invalid in C99 [-Wimplicit-function-declaration] if (_UPPER(times_ret) > 1)
I try to get anther function but I don't find one
