rootkit icon indicating copy to clipboard operation
rootkit copied to clipboard
verified publisher icon nurupo

Kernel API Modernization: Refactor Deprecated File Operations.

Open CyberForgeEx opened this issue 1 month ago • 0 comments

Summary

This PR updates the file handling code to use modern kernel APIs by replacing the deprecated filp_close() function with fput() and improving error handling.

Changes Made

  • Replaced filp_close(file, 0) with fput(file) - The filp_close() function has been deprecated/removed in newer kernel versions.
  • Improved error handling - Changed from NULL check to IS_ERR() for proper error detection with filp_open()
  • Maintained backward compatibility - Changes work across multiple kernel versions.

Why This Change is

  1. Kernel Compatibility: filp_close() was removed in Linux 4.9+ kernels, causing compilation failures.
  2. Memory Safety: fput() properly handles reference counting, preventing use-after-free vulnerabilities.
  3. Stability: Using deprecated APIs can cause kernel panics and instability.
  4. Future-proofing: Ensures compatibility with current and future kernel versions.

Security Impact

  • Improves stability of core file hiding functionality.
  • Prevents potential kernel crashes from deprecated API usage.
  • Maintains stealth capabilities while using proper kernel APIs.

Files Changed

  • rootkit.c - Updated get_fop() function with modern file handling.

CyberForgeEx avatar Nov 26 '25 12:11 CyberForgeEx