How to hide Kernel Symbols in Linux Kernel Image? Recompliation?

Why hide kernel symbols?


Anyone with basic knowledge of kernel exploitation knows how important information gathering is to reliable exploitation. This protection hides the kernel symbols from various places that an attacker could use during information gathering in pre-exploitation stage. … This option also prevents leaking of kernel addresses through several /proc entries.

Bug Classes/Kernel pointer leak

Some places are obvious. /proc/kallsyms can be constrained through sysctl kernel.kptr_restrict=2. Access to folder /boot can be restricted through linux file permissions to root only and with apparmor even be hidden from root. AppArmor FullSystemPolicy (apparmor-profile-everything) Also other places such as /lib/modules,, and the kernel source directory.

For the sake of asking a very specific question, please ignore other places where kernel symbols might leak. If want to enumerate them, please ask your own question, wait until I ask or add a comment.

My very specific question is around the following Quote:

The kernel […] is not precompiled by some distribution

This is because kernel symbols can be extracted from the kernel image. There are Open Source tools for that.

(That quote is about grsecurity but I am asking about non-grsecurity, i.e. the regular kernel from here.)

Kernel images from public repositories such as are well known by attackers. Attackers could simply hardcode the symbols addresses and thereby counter effort such as kernel.kptr_restrict=2.

To prevent kernel pointer leaks, the kernel image cannot be in a public known state. It needs to be unique, private as far as I understand. One needs to compile the kernel oneself.

Reproducible builds are an amazing effort of increasing the security for everyone. However, in this case reproducible builds would result in again ending up with a kernel with symbol addresses well predictable by attackers because the Debian linux kernel is already reproducible, mostly reproducible or in future fully reproducible (I didn’t follow up where development is regarding that).

How to hide kernel symbols of the linux kernel image (vmlinux) from an attacker? How to make sure my kernel has unique kernel symbols? Is there a kernel boot parameter for that? Or is it possible to somehow supply the kernel with a random file so it can randomize its symbols? Or is there some way to recompile the kernel in a way it would have unique symbol addresses?

How does the Hide from Undead spell interact with the effect of an Invisibility Purge spell?

Take a group of adventurers trying to get the drop on a lich or any other intelligent undead. They decide to use the spell hide from undead to get into position. What they don’t know is that the undead is cautious and has something producing an invisibility purge effect, like a lantern of revealing.

The hide from undead spell description says:

Undead cannot see, hear, or smell creatures warded by this spell.

But it’s not listed as being invisible, and the invisibility spell’s school is actually illusion (glamer) whereas hide from undead‘s is abjuration.

Would hide from undead keep the adventurers from being seen? Or would the invisibility purge effect make them visible?

Would Disguise Self benefit Hide rolls?

The spell description says “You make yourself…look different until the spell ends”. So, assuming a woodlands setting, and your “different” includes basically turning yourself into a bipedal bush, wouldn’t this then increase your bonus to Hide?

Obviously, this spell is not Invisibility, nor would any benefit to Hide have an affect on creatures that don’t rely primarily on sight…but it makes sense that this could boost Hide rolls and I’m looking for input.

Why try to hide the sleep button in GNOME?

Background: Where is the suspend/hibernate button in GNOME Shell?

I think this design looks clean and is convenient to use but practically impossible to discover without the help of google. It feels like the developers are deliberately discouraging the use of sleep.

  1. There are plenty of space in the drop down menu, so why not add another button for sleep?
  2. After pressing the power-off button, a prompt pops and lets user select between reboot and power-off, which is a classic design dating back to Windows 9x, so why not add a sleep or hibernate option there?

Is there a email thread that can explain for the rationale of the current design?

Does homomorphic encryption hide the algorithm itself?

The question is rather simple, but finding resources and answers quite tricky. Homomorphic encryption should enable us to compute over encrypted data. What if the algorithm for computing should be kept in secret as well? Given we have a functioning homomorphic encryption in place, is the algorithm which is applied to the input data also secure?

Is it possible for an intruder to understand how the data is computed and learn about the algorithm, given the intruder has access to the program which does the computation?

Can a monk attack an enemy and then immediately hide?

We have a monk in the party who believes that he can run up to an enemy, hit them in the back of the head, and then dive into the grass to hide until the next round.

His argument is that:

  1. He is a wood elf so his Mask of the Wild allows him to hide in lightly obscured areas
  2. Because he hit the target from behind and hid before they turned around they cannot “see” him

I feel that there should be a minimum distance that you must be away from a foe before you can attempt to hide in this kind of circumstance (I realize there are exceptions: complete darkness, invisibility, the creature cannot see, etc).

If i am not mistaken the sequence of actions performed were:

Step 1: Bonus Action: Step of the Wind to Dash behind the opponent; Step 2: Action: Attack Opponent; Step 3: Action: Hide.

So technically he attacked first , then hid in the long grass that was at his and his opponents feet. (just to clarify i believe the grass was just long grass …not like they were fighting in a corn field or something clearly with cover)

How to hide without triggering opportunity attacks?

All halflings have the Halfling Nimbleness feature:

You can move through the space of any creature that is of a size larger than yours.

Lightfoot Halflings have the Naturally Stealthy ability:

You can attempt to hide even when you are obscured only by a creature that is at least one size larger than you.

Halflings are sized small, while Dragonborn, for instance, are medium.

A rogue has a Cunning Action:

You can take a bonus action on each of your turns in combat. This action can be used only to take the Dash, Disengage, or Hide action.

And our group has been playing with a Barbarian Dragonborn and the Lightfoot Halfling Rogue. In combat, let’s say, facing a single boss, the rogue usually hits and hides behind the Dragonborn (moving through him). A stealth check is rolled against the boss’s perception, and if the boss wins, he can go around the barbarian and hit the rogue. He does not trigger attacks of opportunity because he is not leaving the barbarian’s melee range.

However, for the rogue to go behind the dragonborn, he should trigger an opportunity attack from the boss, right? Or can the hide action include this 5 feet move to hide behind the dragonborn? Or does the nimbleness feature prevent attacks of opportunity, since the rogue can simply stand in the dragonborn’s space, only behind him? Does standing in the same space as a bigger creature prevent attacks against you because the creature shields you?

In terms of RP and realism, we’ve been describing this as such: the halfling is hiding in the back of the barbarian, pops out to strike, and hides back there. The idea here is to have the rogue safely out of harm’s way (dumb enemies won’t understand where he is, others will attack with disadvantage, and others will actually have to move to him him (unless they’re grappled).

Can you Hide from some but not all enemies?

One of my players is asking if he can use Wall of Fire to block off the line of sight of enemy archers. The spell description says the wall is “opaque”, so this seems like a valid thing to try.

However, because this opaque wall would make both sides unseen from each other, the advantage and disadvantage would cancel out, and it would provide no immediate tactical benefit.

When you attack a target that you can’t see, you have disadvantage on the attack roll.

When a creature can’t see you, you have advantage on attack rolls against it. (PHB p. 193-4)

In the interest of trying to see if he can get any tactical benefits out of this – if he blocked the line of sight of the enemy archers in a group but not that group’s melee fighters, would he/others be able to take the Hide action from the archers even if the melee fighters could still see him?

If he can Hide in this way, that would mean the archers would no longer be able to know his precise position and would need to guess his square before making an attack.