Category Archives: Notices

tpe-lkm version 2 released

It recently came to my attention that RHEL/CentOS 7 kernels started support for the ftrace system as of version 7.2. This is an in-kernel system to instrument kernel functions in a safe and clean way.

Since using ftrace basically meant a rewrite of most of the tpe-lkm code, and dropping of support of older kernels, this new release has bumped the major version from 1 to 2.

New features in this release include:

* guaranteed safety of kernel function hooking
* better long-term support from future kernels
* added harden_ptrace to tpe.extras
* added hide_uname to tpe.extras
* ability to soften certain TPE checks with filesystem attributes
* default mmap whitelist to allow Gnome Desktop to boot properly
* better logging options

As always, you can download it from the tpe-lkm github project page, or install via yum from

Additionally, the availability for this in-tree method of hooking kernel functions has wider implications for implementing security features in distribution kernels. For more information, read the following whitepaper I drafted:

Distribution Kernel Security Hardening.

Happy TPE’ing!

My online “office hours”

I am mentoring the develop a kpatch delivery mechanism for the CentOS Google Summer of Code (GSoC) project. Per my recent “office hours” email to the CentOS GSoC, I’ll be online from 10pm to 11pm US Mountain time on weekdays in the #centos-gsoc and #centos-devel chat rooms on

I’ve decided that I’ll keep these hours even after the project ends. If anyone wants to get in touch with me outside of email, just drop me a chat during those hours. My username is cormander.

tpe-lkm version 1.1.0 released

A few weeks ago I go an email that tpe-lkm didn’t build on EL7. To be honest, I didn’t even know that EL7 had been released, I’ve been so disconnected from things outside of family and work the past few years.

Anyway, I got back to work and now everything is nice and ready for release. You can download it from the tpe-lkm github project page. It has a few new features as well.

Happy TPE’ing!

tpe-lkm version 1.0.3 released

I’ve started to version my tpe-lkm project as it’s stable now, and today I released version 1.0.3. You can download the files from or from github. This release contains some code cleanup, and a few bug fixes.

As for the meaning of the version number goes, the 3rd # is for bugfixes, a 2nd # is if new features are added, and if I ever increment the first #, it’ll be a major rewrite of the code. I may do that some day.

Anyway, happy TPE’ing!

Abstract sent to LinuxCon

So I’ve decided to see if I can get a speaking slot at LinuxCon in San Diego this year. Here is the abstract that I sent them. Wish me luck!

I will talk about hooking into pre-compiled distribution linux kernels to add security hardening. This allows for certain security frameworks to be used on kernels that are either 1) too old, 2) don’t have certain config flags set, or 3) don’t use non-mainline security patches. The primary example I’ll be discussing is my implementation of “Trusted Path Execution” as a linux kernel module, the source code of which is here: . I may also demo installing AppArmor on a RHEL6 system via a kernel module, if I get the module stable before July.

The audience would be system administrators and developers who manage systems that they can not change the kernel on, or don’t want to manage custom kernel builds. This is important because it allows access to kernel hardening to a lot of people who have their hands tied either by policy or lack of experience.

Bug reported and fixed in tpe-lkm, new version ready

Early this morning I got a bug report from someone that, when the full path to a file is sufficiently long enough, a denied execution of it will throw a NULL pointer exception in the kernel. This evening I researched the issue and coded in a fix. Basically, the error reporting tried to print out a NULL pointer under those conditions. How embarrassing for me to not notice this.

If you’re using the tpe-lkm module, you’ll want to update it. I’ve also bumped the version number.

Many thanks to Panos Sakkos for the bug report!

tpe-lkm is ready for a wider deployment

About a year ago, I posted about me coding a TPE module for distribution kernels. In that time I’ve added some features, fixed some bugs, and deployed it to all of my non-grsecurity systems. With the last known outstanding bug (that I know about) being fixed a little over two weeks ago (and tested) I’m excited to say that, you guessed it, tpe-lkm is ready for wider deployment.

Continue reading

You can find my stuff on GitHub

I’ve been using GitHub a lot more lately, and have found it to be a great service. So, this is me officially saying that any code I reference you should be able to find in one of my github repositories. If I’ve mentioned something to you that isn’t in there, call me out on it; I’ll get it up ASAP.

In order to be more transparent, I’ve started pushing more stuff there. For example, I recently updated my rogue-beret-tools repository with my various snmp nagios plugins (which, by the way, you can also find on my account at Nagios Exchange). I’ve started polishing up some of my scripts and putting them in there as well. I also added a directory for rpm spec files, such as my grsecurity kernel rpm spec file.

Continue reading