-
Recent Posts
Recent Comments
- You can find my stuff on GitHub | cormander's blog on nagios snmp memory and swap plugin
- You can find my stuff on GitHub | cormander's blog on Monitor time drift with nagios and snmp
- You can find my stuff on GitHub | cormander's blog on nagios snmp check all disks plugin
- How to hook into (hijack) linux kernel functions via LKM | cormander's blog on What some (many?) people don’t understand about the GPL
- How I license code | cormander's blog on What some (many?) people don’t understand about the GPL
Archives
Categories
Meta
Category Archives: Security
How to hook into (hijack) linux kernel functions via LKM
It’s about time I post a detailed explanation about how my tpe-lkm module is able to enforce its security policy. This post is very technical, readers beware. Note that this writeup is based on the code as it was the … Continue reading
Posted in Fun, ksplice, Linux, Security
Leave a comment
tpe-lkm “hardcoded_path” feature
This evening I implemented the optional hardcoded_path feature for tpe-lkm. It’s a way to be very strict on what on the system can be executed. When set, anything outside of the given path can’t be executed, regardless of permissions or … Continue reading
Posted in Linux, Security
Leave a comment
tpe-lkm “lock” sysctl feature
Tonight I implemented a “lock” sysctl feature for tpe-lkm. When enabled, the sysctl entries for the tpe module can’t be changed. It’s only real useful if also combined with the modules_disabled option.
Added “ps” extras feature to tpe-lkm
Since I already had my hands in the tpe-lkm code yesterday, I decided to spend my lunch break coding a feature I’ve been meaning to add in for a while now. I added a new ps extras feature. Since it … Continue reading
Posted in Fun, Linux, Notices, Security
Leave a comment
tpe-lkm DoS condition fixed
I have committed a fix to the tpe-lkm project that fixes a DoS condition I previously noted. It also introduces a new sysctl entry, log_max, as to prevent logs from getting filled up horizontally. I set the default to 50, … Continue reading
Posted in Linux, Security
Leave a comment
Recursive function causes DoS in tpe-lkm
I’ve discovered my first denial-of-service bug in the linux kernel. I’m a bit teary eyed, not because the bug was in my own code, but it marks the first bug I’ve found in linux kernel code. Not worth of a … Continue reading
Trusted Path Execution – an unorthodox kernel module
For the past two months, I’ve been working on this project: https://github.com/cormander/tpe-lkm This kernel modules implements Trusted Path Execution (TPE), a security feature that anyone who is looking for an easy, single solution that will prevent all kinds of exploits. … Continue reading
Posted in Fun, Linux, Security
Leave a comment
ksplice-grsec for centos 5
Following up on my previous post on the matter, here are some details on what the 4 grsec features I ported to a centos 5 kernel looks like. First off, since I’m patching syscalls in heavy use, first try to … Continue reading
Posted in Linux, Security
Leave a comment
Applying (part of) the grsecurity patch with Ksplice
As a proof of concept, I pulled 4 features from the grsecurity patch and back-ported them to the CentOS 5.6 kernel. I built the resulting patch with ksplice and inserted the resulting tarball into the kernel. The features work brilliantly. … Continue reading
Posted in Linux, Security
2 Comments
Trusted Path Execution (TPE) Linux Kernel Module
A side-project I’ve been working on for enhanced security in distribution kernels. Trusted Path Execution (TPE) is a feature that basically denies users the ability to execute programs that are not owned by the root user, or that they can … Continue reading