OK, this is very clever,
This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.
. . .
Developed by Theo de Raadt, KARL will work by generating a new kernel binary at install, upgrade, and boot time. If the user boots up, upgrades, or reboots his machine, the most recently generated kernel will replace the existing kernel binary, and the OS will generate a new kernel binary that will be used on the next boot/upgrade/reboot, constantly rotating kernels on reboots or upgrades.
. . .
“It still loads at the same location in KVA [Kernel Virtual Address Space]. This is not kernel ASLR!,” said de Raadt.
Instead, KARL generates kernel binaries with random internal structures, so exploits cannot leak or attack internal kernel functions, pointers, or objects.
- July 10, 2017 @ 19:54:22 [Current Revision] by Brian Carnell
- July 10, 2017 @ 14:52:44 by Brian Carnell