tpe-lkm version 2 released

It recently came to my attention that RHEL/CentOS 7 kernels started support for the ftrace system as of version 7.2. This is an in-kernel system to instrument kernel functions in a safe and clean way.

Since using ftrace basically meant a rewrite of most of the tpe-lkm code, and dropping of support of older kernels, this new release has bumped the major version from 1 to 2.

New features in this release include:

* guaranteed safety of kernel function hooking
* better long-term support from future kernels
* added harden_ptrace to tpe.extras
* added hide_uname to tpe.extras
* ability to soften certain TPE checks with filesystem attributes
* default mmap whitelist to allow Gnome Desktop to boot properly
* better logging options

As always, you can download it from the tpe-lkm github project page, or install via yum from elrepo.org.

Additionally, the availability for this in-tree method of hooking kernel functions has wider implications for implementing security features in distribution kernels. For more information, read the following whitepaper I drafted:

Distribution Kernel Security Hardening.

Happy TPE’ing!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>