Free kernel software for linux

Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. In Kernel Mode Linux, user programs can be executed as user processes that have the privilege level of kernel mode.
The benefit of executing user programs in kernel mode is that the user programs can access a kernel address space directly. So, for example, user programs can invoke system calls very fast because it is unnecessary to switch between a kernel mode and a user mode by using costly software interruptions or context switches. Unlike kernel modules, user programs are executed as ordinary processes (except for their privilege level), so scheduling and paging are performed as usual.
Although it seems dangerous to let user programs access a kernel directly, safety of the kernel can be ensured, for example, by static type checking, software fault isolation, and so forth. For proof of concept, we are developing a system which is based on the combination of Kernel Mode Linux and Typed Assembly Language, TAL.
Version restrictions:
- On IA-32, programs executed in kernel mode shouldnt modify their CS, DS, FS and SS registers.
- On AMD64, programs executed in kernel mode shouldnt modify their CS register.
Enhancements:
- This version was merged with the 2.4.35.1 Linux kernel.

ext2fuse is an implementation of the ext2 filesystem in user space, using the FUSE library. Uses might include as a base for filesystem projects, for FUSE or e2fsprogs testing, and for situations when a kernel mode filesystem is not appropriate.

Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various security fixes.
The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
Non-executable user stack area.
Most buffer overflow exploits are based on overwriting a functions return address on the stack to point to some arbitrary code, which is also put onto the stack. If the stack area is non-executable, buffer overflow vulnerabilities become harder to exploit.
Another way to exploit a buffer overflow is to point the return address to a function in libc, usually system(). This patch also changes the default address that shared libraries are mmap()ed at to make it always contain a zero byte. This makes it impossible to specify any more data (parameters to the function, or more copies of the return address when filling with a pattern), -- in many exploits that have to do with ASCIIZ strings.
However, note that this patch is by no means a complete solution, it just adds an extra layer of security. Many buffer overflow vulnerabilities will remain exploitable a more complicated way, and some will even remain unaffected by the patch. The reason for using such a patch is to protect against some of the buffer overflow vulnerabilities that are yet unknown.
Also, note that some buffer overflows can be used for denial of service attacks (usually in non-respawning daemons and network clients). A patch like this cannot do anything against that.
It is important that you fix vulnerabilities as soon as they become known, even if youre using the patch. The same applies to other features of the patch (discussed below) and their corresponding vulnerabilities.
Restricted links in /tmp.
Ive also added a link-in-+t restriction, originally for Linux 2.0 only, by Andrew Tridgell. Ive updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they dont own, unless they could read and write the file (due to group permissions). This is usually the desired behavior anyway, since otherwise users couldnt remove such links theyve just created in a +t directory (unfortunately, this is still possible for group-writable files) and because of disk quotas.
Unfortunately, this may break existing applications.
Restricted FIFOs in /tmp.
In addition to restricting links, you might also want to restrict writes into untrusted FIFOs (named pipes), to make data spoofing attacks harder. Enabling this option disallows writing into FIFOs not owned by the user in +t directories, unless the owner is the same as that of the directory or the FIFO is opened without the O_CREAT flag.
Restricted /proc.
This was originally a patch by route that only changed the permissions on some directories in /proc, so you had to be root to access them. Then there were similar patches by others. I found them all quite unusable for my purposes, on a system where I wanted several admins to be able to see all the processes, etc, without having to su root (or use sudo) each time. So I had to create my own patch that I include here.
This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless theyre in a special group. This groups id is specified via the gid= mount option, and is 0 by default. (Note: if youre using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having to reboot).
When using this part of the patch, most programs (ps, top, who) work as desired -- they only show the processes of this user (unless root or in the special group, or running with the relevant capabilities on 2.2+), and dont complain they cant access others. However, theres a known problem with w(1) in recent versions of procps, so you should apply the included patch to procps if this applies to you.
Enhancements:
- This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel.
- It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).

suser-jengelh Kernel Patchset is a patch collection for the Linux kernel. suser-jengelh Kernel Patchset includes code from a lot of projects, such as ttyrpld, MultiAdmin, parts of NF POM, cdfs, unionfs, and various accumulated bugfixes still not present in the vanilla kernel.
Enhancements:
- New netfilter modules (xt_TRACE, xt_connlimit, xt_u32, xt_gateway, xt_TARPIT, xt_time) and tproxy4 have been added.
- A number of patches have been outsourced to standalone packages.

Linux Kernel Monitor is a tool for monitoring and managing linuxs kernel. It has been developed for GNOME, using Glib and Gtk libraries in C language.
lkmonitor tries to offer detailed information of the characteristics of the system, as type of cpu, state of the memory or the file system registered in kernel.
lkmonitor is an open source project with information about the source code and software architecture to make easy the development of new characteristics.
Enhancements:
- IO information, kernel information, networking info, processes specific information, filesystems, modules, etc.

DynAMOS is an on-the-fly kernel updating system that enables commodity operating systems to gain adaptive and mutative capabilities without kernel recompilation or reboot. The project employs a novel and efficient dynamic instrumentation technique called adaptive function cloning.
Execution flow can be switched adaptively among multiple editions of functions, possibly concurrently running. This approach becomes the foundation for dynamic replacement of non-quiescent kernel subsystems when the timeliness of an update depends on synchronization of multiple kernel paths.
Main features:
- Updates of non-quiescent subsystems. It accomplishes substantial updates of core kernel subsystems that never quiesce, such as the scheduler and kernel threads.
- Datatype updates. It offers a technique for updating compact datatype definitions. Additions of new fields in a datatype is supported using a shadow data structure containing the fields.
- Safe reversibility. A methodology of quiescence detection is employed. Updated functions can be removed with the guarantee that they are not used by the stack or program counter of any process.
- Adaptability. Execution can be switched adaptively between multiple, possibly concurrently running, function editions. This is the first dynamically applied, adaptive kernel updating system.
- Synchronized updates. A multi-phase updating algorithm for replacement of complete kernel subsystems is offered. Notably, for the cases where the timeliness of an update depends on synchronization of multiple kernel paths.
Enhancements:
- This release updates the users manual.