Description
Binary exploitation is a major security threat to the Linux kernel, neces-
sitating hardening mechanisms like Structure Layout Randomization at
compile-time. Common Linux distributions can not effectively utilize this
feature, as all instances of a distributed version are served with a copy of
the same, pre-compiled kernel. Additionally, the structure randomization
seeds need to be publicly exposed, to preserve compatibility with sepa-
rately built software, which enables attackers to circumvent all its security
benefits.
This thesis proposes methods to efficiently perform structure layout ran-
domization after a kernel was already compiled. A prototype was built to
apply them to selected structs, mainly the task struct, of a version 6.1.70
Linux kernel. Benchmarks show that the developed system can randomize
the kernel in a fraction of a second, causing absolutely no overhead. This
paves the way for the concept’s integration into installers, the kernel’s
update process or even its boot routine. Such an attainment would be a
major contribution to the safety of the Linux kernel ecosystem.
|
