OpenBSD will create its own kernel each time you reboot the machine, giving you better security

This new feature appears in test shots before OpenBSD releases, showing that the unique kernel will be created each time an OpenBSD user reboots or upgrades the computer.

There is the name KARL - Kernel Address Randomized Link - and works by reconnecting internal kernel files in a random order to generate new kernel binary data each time. Currently, with the released stable version, OpenBSD's kernel uses the predefined order to connect and download the internal file inside the kernel, creating the same kernel for all users.

Other KARL with ASLR

Developed by Theo de Raadt, KARL will create a new binary kernel every time you install, upgrade or reboot the device. If the user performs these operations, the most recent kernel will replace the current binary kernel, the operating system will create a new binary kernel and use it for the next boot / reboot / upgrade, from which the link keep changing the kernel.

KARL should not be confused with ASLR - Address Space Layout Randomization - a technique that randomly takes up the memory address where the application code is executed, from which the exploiter cannot target a specific location of memory (where run the kernel or application).

'It will still use the same address in KVA (Kernel Virtual Address Space). This is not an ASLR kernel, 'de Raadt said. Instead, KARL creates binary kernels with random structures, so operators cannot attack functions, pointers, and objects.

The unique kernel will connect in the way that the startup code segment is kept in the same place, followed by a space with random size, and then all the .o files are randomly arranged. As a result, the distance between function and variable is completely new. Information leaked from a pointer will not reveal information of the cursor or other object. This can also help reduce the number of utilities on custom-sized architectures, because polymorphism in the instruction stream is destroyed due to nested changes.

"As a result, each kernel created will be unique," de Raadt said.

Features developed in the past 2 months

Started working with this feature since May and first discussed in mid-June on the OpenBSD technician mailing list, KARL was on the OpenBSD snapshot 6.1.

'The problem now is that many people install a binary kernel from OpenBSD and run it for 6 months or more. Of course if you boot it continuously, the layout will not change. That's why we're here, 'de Raadt said. 'However, the current snapshot will be further changed because I am working with Robert Peichaer. This change will be reinforced to make sure you boot the new kernel every time you reboot. "

KARL is the unique feature

Speaking to Bleeping Computer, Tiberiu C. Turbureanu, founder of Techoethical, startups sell products focused on security, saying that this situation will be unique to OpenBSD. Turbureanu talks about the ability to put this feature on a Linux kernel: 'It is not implemented on Linux, it seems to be a good idea'.

Picture 1 of OpenBSD will create its own kernel each time you reboot the machine, giving you better security

Generate new random kernels to help better computer security

Instead, the Linux project has added the ability to support Kernel Address Layout Randomization (KASLR), which helps to bring ASLR to the kernel, load kernal at random memory address. This feature is the default on Linux 4.12 released last week. The difference between them is that KARL loads different binary kernels in the same place, while KASLR loads the same binary file in different random locations. That means the same destination, but the path is different.

With Windows, KARL is not supported but MIcrosoft has also used KASLR for many years. Fabian Wosar, Chief Technical Officer of the antivirus company Emsisoft is also ready to add KARL to the Windows kernel. 'OpenBSD's idea can go further (current Windows kernel protection - because everyone will have a separate binary kernel,' Wosar said.

'So even if you get a kernel address starting (randomly selected), you can't use it to determine the location of any function as well as the location of the kernel-related function at the start. different on each system '. Having KARL on OS will significantly improve security for Windows and Linux users.

Update 24 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile