we are able to parse str to int in the kernel

scripts/yt-block/Makefile

@@ -0,0 +1,13 @@
+
+obj-m := unkillable.o
+
+all:
+	$(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules
+
+unkillable.o:
+	# why does the name of the c source file seemingly need to match the .o file
+	# i'd like to have kernel_module.c
+	$(CC) unkillable.c -o unkillable.o
+
+install:
+	$(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install

scripts/yt-block/app.nix

@@ -3,11 +3,13 @@
 }: let
   python = pkgs.python3.withPackages (ps: with ps; [pkgs.python311Packages.cryptography]);
 	python_script = pkgs.writeText "main-py" (builtins.readFile ./main.py);
+  read-helper = pkgs.callPackage ./read-helper.nix {};
 in pkgs.writeShellApplication {
   name = "yt_block";
   runtimeInputs = with pkgs; [ iptables bash gnugrep ps util-linux ];
   text = ''
     export PYTHON=${python}/bin/python
+    export READ_HELPER=${read-helper}/bin/read-helper
     ${python}/bin/python ${python_script} "$@"
   '';
 }

scripts/yt-block/main.py

@@ -215,6 +215,7 @@ def block_yt():
 
     os.system("iptables -D OUTPUT -j YTBLOCK")
     os.system("iptables -I OUTPUT -j YTBLOCK")
+    os.system("iptables -I INPUT -d 188.21.9.20 -j REJECT")
     print("running: iptables -I OUTPUT -j YTBLOCK")
 
     for ip in yt_ips:
@@ -239,6 +240,7 @@ def unblock_yt():
     os.system("iptables -D OUTPUT -j YTBLOCK")
     os.system("iptables -D OUTPUT -j YTBLOCK")
     os.system("iptables -D OUTPUT -j YTBLOCK")
+    os.system("iptables -D INPUT -d 188.21.9.20 -j REJECT")
     print("running 3 times: iptables -D OUTPUT -j YTBLOCK")
 
     os.system("iptables -X YTBLOCK")
@@ -261,6 +263,7 @@ def kill_line(line):
 
 def cmd_starter():
     # become a unkillable process and start this pyhton file with arg1=guard every minute
+    print("cmd starter.... what tf is going on hereeeeeeeeeeeee")
 
     # make the /dev/unkillable
     os.system("rm /dev/unkillable")
@@ -270,10 +273,9 @@ def cmd_starter():
 
     # get pid
     pid = os.getpid()
+    print("starter process running with pid", pid)
 
-    # for some strange reason this does not work
+    os.system(f"$READ_HELPER {pid}")
-    with open("/dev/unkillable", "r") as file:
-        file.read(pid)
 
     while True:
         print("file:", __file__)

scripts/yt-block/read-helper.c

@@ -0,0 +1,31 @@
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+
+  int fd;
+  char c[10];
+  char buffer[10];
+  int pid;
+  //char pid_str[20] = argv[1];
+  //printf("hiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii: %s\n", pid_str);
+  printf("pid_str: %s \n", argv[1]);
+  printf("argc: %d \n", argc);
+
+  sscanf(argv[1], "%d", &pid);
+  printf("pid: %d \n", pid);
+
+  fd = open("/dev/unkillable", O_RDWR);
+  if (fd < 0)
+    printf("Error opening /dev/unkillable\n");
+
+  printf("Opened /dev/unkillable\n");
+  read(fd, &c, pid);
+  //printf("We are now unkillable!\n");
+  //read(STDIN_FILENO, buffer, 10);
+  //printf("exiting on user input...\n");
+
+  return 0;
+
+}

scripts/yt-block/read-helper.nix

@@ -0,0 +1,18 @@
+{stdenv
+, ...
+}: let
+in stdenv.mkDerivation {
+  name = "read-helper";
+
+  src = ./.;
+
+  # Use $CC as it allows for stdenv to reference the correct C compiler
+  buildPhase = ''
+    gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 read-helper.c -o read-helper
+  '';
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp read-helper $out/bin
+  '';
+}

scripts/yt-block/unkillable-process-kernel-module.nix

@@ -0,0 +1,32 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, kernel
+, kmod
+}: 
+
+# from: https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html
+
+stdenv.mkDerivation rec {
+  name = "unkillableKernelModule-${version}-${kernel.version}";
+  version = "0.1";
+
+  src = ./.;
+
+  hardeningDisable = [ "pic" "format" ];
+  nativeBuildInputs = kernel.moduleBuildDependencies;
+
+  makeFlags = [
+    "KERNELRELEASE=${kernel.modDirVersion}"
+    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+    "INSTALL_MOD_PATH=$(out)"
+  ];
+
+  meta = with lib; {
+    description = "A kernel module that makes a char-device /dev/unkillable, from which you can read($your_pid) from, which then makes your process unkillable. code from: https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html";
+    homepage = "https://ortiz.sh/linux/2020/07/05/UNKILLABLE.html";
+    license = licenses.gpl2;
+    maintainers = [ ];
+    platforms = platforms.linux;
+  };
+}

scripts/yt-block/unkillable.c

@@ -0,0 +1,104 @@
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/proc_fs.h>
+#include <linux/sched.h>
+#include <linux/sched/signal.h>
+#include <linux/pid.h>
+
+/* device access functions */
+ssize_t unkillable_write(struct file *filp, const char *buf, size_t count, loff_t *f_pos);
+ssize_t unkillable_read(struct file *filp, char *buf, size_t count, loff_t *f_pos);
+int unkillable_open(struct inode *inode, struct file *filp);
+int unkillable_release(struct inode *inode, struct file *filp);
+
+void unkillable_exit(void);
+int unkillable_init(void);
+
+struct file_operations unkillable_fops = {
+  .read = unkillable_read,
+  .write = unkillable_write,
+  .open = unkillable_open,
+  .release = unkillable_release
+};
+
+int unkillable_major = 117;
+
+int unkillable_init(void) 
+{
+  if (register_chrdev(unkillable_major, "unkillable", &unkillable_fops) < 0 ) {
+    printk("Unkillable: cannot obtain major number %d\n", unkillable_major);
+    return 1;
+  }
+
+  printk("Inserting unkillable module\n"); 
+  return 0;
+}
+
+void unkillable_exit(void) 
+{
+  unregister_chrdev(unkillable_major, "unkillable");
+  printk("Removing unkillable module\n");
+}
+
+int unkillable_open(struct inode *inode, struct file *filp) 
+{
+  return 0;
+}
+
+int unkillable_release(struct inode *inode, struct file *filp) 
+{
+  return 0;
+}
+
+ssize_t unkillable_read(struct file *filp, char *buf, size_t count, loff_t *f_pos) 
+{ 
+  struct pid *pid_struct;
+  struct task_struct *p;
+  
+  /* interpret count to read as target pid */
+  printk("Unkillable: Got pid %d", (int) count);
+
+  /* get the pid struct */
+  pid_struct = find_get_pid((int) count);
+
+  /* get the task_struct from the pid */
+  p = pid_task(pid_struct, PIDTYPE_PID);
+
+  /* add the flag */
+  p->signal->flags = p->signal->flags | SIGNAL_UNKILLABLE;
+  printk("Unkillable: pid %d marked as unkillable\n", (int) count);
+  
+  if (*f_pos == 0) { 
+    *f_pos+=1; 
+    return 1; 
+  } else { 
+    return 0; 
+  }
+}
+
+ssize_t unkillable_write(struct file *filp, const char *buf, size_t count, loff_t *f_pos) 
+{
+  int ret;
+  unsigned long long res;
+
+  ret = kstrtoull_from_user(buf, count, 10, &res);
+
+  if (ret) {
+      /* Negative error code. */
+      pr_info("ko = %d\n", ret);
+      return ret;
+  } else {
+      pr_info("ok ... pid: %llu\n", res);
+      return count;
+  }
+}
+
+
+/* Declaration of the init and exit functions */
+module_init(unkillable_init);
+module_exit(unkillable_exit);
+
+MODULE_LICENSE("GPL");
+