Category Archives: Linux

How to use the Ksplice raw utilities

Disclaimer: I have no affiliation with ksplice, I’m just a guy who knows something about hot-patching the linux kernel and figured out how this ksplice thing works. I strongly agree with the sentiment that the ksplice raw utilities is not for general use. In fact, Ksplice says in the distribution of these tools:

Without the appropriate expertise and safety infrastructure, the raw utilities can create subtly incorrect rebootless updates, which can have serious consequences.

Continue reading

Ksplice currently violates the GPL

I have lots of respect for Ksplice, Inc, and hold nothing personal against any of the people that work there. Their software is spectacularly awesome. The following is simply my opinion on a matter of principle, and respectfully state the facts as I see them.

I contacted Ksplice a few months ago and they basically told me that they will no longer be updating their git repository, yet be releasing updates in binary-form only. I had to ask myself; is Ksplice, Inc in violation of the GPL?

Continue reading

Trusted Path Execution – an unorthodox kernel module

For the past two months, I’ve been working on this project:

https://github.com/cormander/tpe-lkm

This kernel modules implements Trusted Path Execution (TPE), a security feature that anyone who is looking for an easy, single solution that will prevent all kinds of exploits. The short of it is, a user can’t execute code that they can write to. Meaning, if they download, compile, or otherwise write a file on the system with executable code, they can not execute it. This single handedly closes the door on a whole range of system exploits.

Continue reading

ksplice-grsec for centos 5

Following up on my previous post on the matter, here are some details on what the 4 grsec features I ported to a centos 5 kernel looks like.

First off, since I’m patching syscalls in heavy use, first try to insert might look like this:

[root@localhost ~]# ksplice-apply ksplice-grsec.tar.gz

Error applying Ksplice update grsec:

Ksplice has aborted the upgrade because it appears that the code that you are
trying to patch is continuously in use by the system.  More specifically,
Ksplice has been unable to find a moment when one or more of the to-be-patched
functions is not on a thread's kernel stack.

Process klogd(pid 2060) is using the following symbols changed by update grsec:
do_syslog
[root@localhost ~]#

Continue reading

ksplice raw utilities not working on recent kernels

So I finally got the official response from ksplice about my previous post on the topic:

“Ksplice does not provide support for the raw Ksplice utilities.”

This also means that they won’t be updating their git repository either. It is obvious to me that they have updated their code internally, but have no intention of releasing it to anyone else.

So for the time being, we are all SOL on the matter. Maybe they will change their mind in the future, but I doubt it. Can’t blame a business for wanting to keep things close to their chest.

Continue reading

Switching from RHEL to a clone

There are problems assosiated with upgrading a RHEL/CentOS 5 system so that it can properly build a recent linux kernel, due to it requiring a somewhat current build chain (binutils, gcc, etc). Rather than continue to back-port these RPM packages from fedora to my CentOS 5 machines, which is what I’ve done in the past, I have opted to just upgrade and use a new operating system.

Continue reading

Applying (part of) the grsecurity patch with Ksplice

As a proof of concept, I pulled 4 features from the grsecurity patch and back-ported them to the CentOS 5.6 kernel. I built the resulting patch with ksplice and inserted the resulting tarball into the kernel. The features work brilliantly. It’s been running on my server the past few days with no issues so far.

The features I did it with are: Trusted Path Execution (TPE), dmesg restrictions, TCP/UDP blackhole, and disabled privileged IO.

Continue reading

Trusted Path Execution (TPE) Linux Kernel Module

A side-project I’ve been working on for enhanced security in distribution kernels. Trusted Path Execution (TPE) is a feature that basically denies users the ability to execute programs that are not owned by the root user, or that they can write to. This prevents all kinds of exploits that would have otherwise rooted your system.

You can find the source code for this work-in-progress here:

Continue reading