Patchwerk: Kernel Patching for Fun and Profit

With the proliferation of inexpensive IOT devices running insecure Linux kernels on corporate networks, maintaining secure infrastructure has become an almost impossible task; IOT device manufacturers seldom keep up with the latest disclosed vulnerabilities, and usually do not provide complete working source code. There are few viable solutions for network administrators to patch and maintain their devices. Efforts to create a standard of live patching capabilities have been proposed by Oracle’s ksplice, SuSE’s kGraft, RedHat’s kpatch, and even built into the 4.0 kernel as “livepatch.” Unfortunately all these solutions require capabilities to be pre-compiled into the kernel and present a host of other security concerns.

Based on hacker techniques as old as the mid-90’s, we have solved this problem by developing a tool suite for inspecting, compiling, and applying patches to vendor OEM Linux kernels as a means to patch vulnerabilities, instrument performance, and aid in reverse engineering efforts. Rather than requiring whole vendor-specific kernel source code, configs, and build chains, we provide the opportunity to patch vendor OEM Linux kernels with representative source code and cross-compilers. This allows us to hook functions before and after, replace functions, alter parameters passed to a function, alter return values, and much more.

Presented by