Kernel security guidance

perojka

Hi everyone,

I'm interested in learning Linux kernel security and would appreciate some guidance on how to approach it properly. I'm an embedded software engineer (mostly focused on embedded Linux) with a couple of years of experience, so I'm familiar with the Linux kernel in general, the C language, and typical embedded workflows.

I'd like to learn the kernel's security framework as thoroughly as possible, and eventually I'd like to contribute to the kernel source code.

I'm already familiar with this repository:
https://github.com/xairy/linux-kernel-exploitation

However, at the moment I'm more interested in understanding the kernel's security stack (e.g., LSMs, hardening, mitigations) and in improving the security of devices running Linux kernels (I'm an embedded guy after all ).

Any advice, resources, or pointers would be much appreciated.
Thanks in advance!

Yunseong Kim

Oh, great! As for protection view, it's deeply connected to the work I did at my previous job. I'm constantly researching and organizing this topic. I'll cover it in a series.

perojka

Excellent, looking forward to reading it!
Thanks for a quick reply.
Btw. is there something I can do to help you on that subject?

liNda11

Examine how the LSMs (AppArmor, SELinux, and Smack) connect to security_operations. On a test board, experiment with kernel hardening settings such as stack protector, KASLR, and hardened usercopy. The quickest way to see practical mitigations for embedded Linux is to observe upstream security changes and mailing list conversations.