Bryan Steele is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Emilian @emilian

What KARL tools are there to compare two kernels?

Bryan Steele @canadianbryan

@emilian Depends what you mean? Besides say comparing hashes, cmp(1), or manual objdump(1). KARL is a link-kit which includes all the kernels .o / object files, randomly sorting and re-linking them.

Emilian @emilian

@canadianbryan say I have two randomized kernels. How do I know it's the same binary or something altered? They are not identical, because of KARL. So, what tools are there to help me 'diff' them?

Kurt Mosiejczuk @kurtm

@emilian @canadianbryan Are you trying to compare two kernels? Or are you trying to be sure nothing malicious happened to /bsd?

If the latter, you can see the relinking results in /usr/share/compile/GENERIC/relink.log (assuming GENERIC kernel). There is also /var/db/kernel.SHA256 for verification.

Bryan Steele @canadianbryan

@kurtm @emilian If that's the concern, I don't see how it's any different from before KARL, or any other system.. but now at least you'll get additional warnings if the kernel is replaced manually, KARL disables itself and logs failure:

"kernel relinking failed; see $LOGFILE"

Bryan Steele @canadianbryan

@emilian @kurtm And at that point, If someone has root or physical access to your machine, all bets are off.

· Web · 1 · 1
Bryan Steele @canadianbryan

@emilian @kurtm To that effect, the kernels file permissions are only readable/writable by root, because the whole point of KARL is to prevent attackers from learning offsets and discerning the memory layout:

-rwx------ 1 root wheel 13011786 Oct 14 17:58 bsd*
-rwx------ 2 root wheel 13007234 Oct 14 17:56 bsd.booted*

mastodon.social powered by Mastodon