lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 20 Oct 2013 06:30:14 GMT
From: geinblues@...il.com
To: bugtraq@...urityfocus.com
Subject: [Article] Linux Kernel Patches For Linux Kernel Security


 Linux Kernel Patches For Linux Kernel Security

                                    ___    ___        
                                   / _ \  / _ \     
                            __  __| (_) || | | |  ___ 
                            \ \/ / \__. || | | | / __| 
                             >  <    / / | |_| || (__ 
                            /_/\_\  /_/   \___/  \___|



[toc]

        ----[ 1. Intro

        ----[ 2. Linux Kernel Patch For Security

        ----[ 3. Linux Kernel Protections

        --------[ 3.1 Hardened kernel In distro

        --------[ 3.2 Kernel Protections In kernel version

        --------[ 3.3 LSM In kernel version

        ----[ 4. Underground Hacker Scene of south korea In 2013

        ----[ 5. Conclusion

        ----[ 6. Greets


--------[ 1. Intro

The article review linux kernel patches for
Linux kernel security and describe vulnerable
with the figures order by kernel version and
-linux distro.


--------[ 2. Linux Kernel Patch For Security

The userland support kernel patch support userland
security on kernelland and kernelland security patch
support kernelland security on kernelland. There's
Three types of linux kernel patch for linux
-kernel security.

- Both: grsec/PaX kernel, SELinux
- Userland support: Owl, AppArmor, Smack
        exec-shield kernel
- Kernelland support: LSM, SecComp sandbox
        Linux kernel capabilities, mmap_min_addr
        grsec UDEREF, KERNHEAP


--------[ 3. Linux Kernel Protections


--------[ 3.1 Hardened kernel In distro

-----------------------------------------------------+
 Hardened kernel |  Distro                           |
-----------------------------------------------------+
 grsec/PaX       |  Hardened Gentoo Linux, OpenBSD   |
                 |  Adamantix that trusted debian.   |
 Owl             |  RHEL4, FC3, CentOS4.             |
 Exec-shield     |  RHEL 3/4, FC1~FC5.               |
-----------------------------------------------------\

Owl support on RHEL4, ... by binary and packages.
See the figure, We got the choose Owl? or Exec-shield?
on RHEL4, FC3.


--------[ 3.2 Kernel Protections In kernel version

-----------------------------------------------------+
  Linux Kernel Part        | Kernel version          |
-----------------------------------------------------+
 LSM                       | 2.6, 3.0, 3.2, 3.4~3.10 |
 SecComp sandbox mode      | same with lsm           |
 Linux Kernel Capabilities | 2.2, 2.4, 2.6 3.0, 3.2  |
                           | 3.4~3.10                |
 mmap_min_addr             | 2.6, 3.0, 3.4~3.10      |
 KERNHEAP                  | 2.6                     |
 grsec UDEREF              | 2.6, 3.2, 3.8, 3.9      |
-----------------------------------------------------\

Linux kernel capabilities is the old protection from
2.2 linux kernel and no protection added In 2.4 kernel
from 2.6 kernel provided LSM, mmap_min_addr, SecComp
sandbox, KERNHEAP, grsec UDREF.

2.4 kernel was vulnerable than other kernel version
by isec kernel exploits, ... . mmap_min_addr protect
to NULL pointer dereference, KERNHEAP/UDEREF provide
kernel heap/stack protection. In 2.4 kernel
vulnerable to NULL pointer dereference and kernel heap
attacks. Even though mmap_min_addr, we can still attack
A little distros used 2.6 kernel.

The KERNHEAP Implemented the protection guard metadata
And safe unlinking to protect heap overflows on the
Kernel.


--------[ 3.3 LSM In kernel version

LSM, linux security module provided from 2.6 kernel
-is module architecture support linux kernel security.
It provides kernel Interface to program a security
module for linux.

---------------------------------------------+
 2.6       | SELinux, AppArmor, tomoyo linux |
           | -Smack.                         |
 3.4~3.10  | same with 2.6, yama.            |
---------------------------------------------\

The SELinux provided with LSM, userland utils
And support kernelland/userland security both. The 
AppArmor Implemented MAC security model.


--------[ 4. Underground Hacker Scene of south korea In 2013

In the region south korea, korean hacker community
'korean underground' kidz Is there. The korean 
underground opened three global hacker conferences.
x90c is THE L33T In 2004~2013 who not In the korean 
underground. Except The l33t, all hackers In south
-korea was/are In the korean underground.
Check it out http://www.x90c.org/profile.txt.


--------[ 5. Conclusion

2.2, 2.4 linux kernel is vulnerable for linux kernel
-attacks and 2.6 after kernel versions are safe than
above mentioned because It provided kernel patches to 
protect kernel exploits under 2.4.

If *BSD exploitation, on FreeBSD is better than 
openbsd with grsec/PaX kernel.

After 3.0 kernel versions are vulnerable to kernel
heap overflows with ..., SLAB, SLUB, SLOB Allocator
Because the KERNHEAP doesn't supported for the versions.


----[ 6. Greets

BSDaemon @yokai#phrack
It's linux kernel security and greets to 
grsec/pax spender also.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ