Why hide kernel symbols?
Anyone with basic knowledge of kernel exploitation knows how important information gathering is to reliable exploitation. This protection hides the kernel symbols from various places that an attacker could use during information gathering in pre-exploitation stage. … This option also prevents leaking of kernel addresses through several /proc entries.
Bug Classes/Kernel pointer leak
Some places are obvious.
/proc/kallsyms can be constrained through sysctl
kernel.kptr_restrict=2. Access to folder
/boot can be restricted through linux file permissions to root only and with apparmor even be hidden from root. AppArmor FullSystemPolicy (apparmor-profile-everything) Also other places such as
system.map, and the kernel source directory.
For the sake of asking a very specific question, please ignore other places where kernel symbols might leak. If want to enumerate them, please ask your own question, wait until I ask or add a comment.
My very specific question is around the following Quote:
The kernel […] is not precompiled by some distribution
This is because kernel symbols can be extracted from the kernel image. There are Open Source tools for that.
(That quote is about grsecurity but I am asking about non-grsecurity, i.e. the regular kernel from kernel.org here.)
Kernel images from public repositories such as packages.debian.org are well known by attackers. Attackers could simply hardcode the symbols addresses and thereby counter effort such as
To prevent kernel pointer leaks, the kernel image cannot be in a public known state. It needs to be unique, private as far as I understand. One needs to compile the kernel oneself.
Reproducible builds are an amazing effort of increasing the security for everyone. However, in this case reproducible builds would result in again ending up with a kernel with symbol addresses well predictable by attackers because the Debian linux kernel is already reproducible, mostly reproducible or in future fully reproducible (I didn’t follow up where development is regarding that).
How to hide kernel symbols of the linux kernel image (vmlinux) from an attacker? How to make sure my kernel has unique kernel symbols? Is there a kernel boot parameter for that? Or is it possible to somehow supply the kernel with a random file so it can randomize its symbols? Or is there some way to recompile the kernel in a way it would have unique symbol addresses?