tpe-lkm is ready for a wider deployment

About a year ago, I posted about me coding a TPE module for distribution kernels. In that time I’ve added some features, fixed some bugs, and deployed it to all of my non-grsecurity systems. With the last known outstanding bug (that I know about) being fixed a little over two weeks ago (and tested) I’m excited to say that, you guessed it, tpe-lkm is ready for wider deployment.

A little background, I have been a fan of the grsecurity project for a great many years, and have used that kernel patch in various projects that I’ve done. My favorite feature of them all is the Trusted Path Execution, also known as TPE. Not seeing that feature getting ported into any distribution kernels motivated me to write a module that implemented the security feature. So far, works perfect.

I’ve been talking with Karanbir (a core CentOS member) for a while now and he is on board with running TPE through reimzul (talked about here) once it’s ready for 3rdparty packages. This means that it’ll be available to CentOS users through a repository they’re talking about setting up, instead of me having to maintain a repository for it myself. I’m excited.

But you don’t have to wait for those guys, you can get TPE yourself right now. Just do the following:

git clone
cd tpe-lkm
make rpm
rpm -ivh /path/to/package.rpm

All you need is a compiler and the kernel-devel package matching your running kernel to install it. It works on both CentOS EL5 and EL6.

Feedback is welcome, and I hope you enjoy the software.

Leave a Reply

Your email address will not be published. Required fields are marked *