diff --git a/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml b/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml index d3ea725fbf..6caf97fe2d 100644 --- a/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml +++ b/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml @@ -1356,4 +1356,119 @@ + + + Address Space Layout Randomization (ASLR) + + + + + Shawn + Webb + + shawn.webb@hardenedbsd.org + + + + + Oliver + Pinter + + oliver.pinter@hardenedbsd.org + + + + HardenedBSD + core@hardenedbsd.org + + + + + HardenedBSD + True Stack Randomization + Announcing ASLR Completion + Call for Donations + SoldierX + + + +

HardenedBSD is a downstream distribution of &os; aimed at + implementing exploit mitigation and security technologies. + The HardenedBSD development team has focused on several key + features, one being Address Space Layout Randomization (ASLR). + ASLR is a computer security technique that aids in mitigating + low-level vulnerabilities such as buffer overflows. ASLR + randomizes the memory layout of running applications to + prevent an attacker from knowing where a given vulnerability + lies in memory.

+ +

This last quarter, the HardenedBSD team has finalized the + core implementation of ASLR. We implemented true stack + randomization along with a random stack gap. This change + allows us to apply 42 bits of entropy to the stack, the + highest of any operating system. We bumped the + hardening.pax.aslr.stack_len sysctl(8) to 42 + by default on amd64.

+ +

We also now randomize the Virtual Dynamic Shared Object + (VDSO). The VDSO is one or more pages of memory shared + between the kernel and the userland. On amd64, it contains + the signal trampoline and timing code + (gettimeofday(4), for example).

+ +

With these two changes, the ASLR implementation is now + complete. There are still tasks to work on, however. We need + to update our documentation and enhance a few pieces of code. + Our ASLR implementation is in use in production by HardenedBSD + and is performing robustly.

+ +

Additionally, we are currently running a fundraiser to help + us establish a not-for-profit organization and for hardware + updates. We have received a lot of help from the community + and we greatly appreciate the help. We need further help + to take the project to the next level. We look forward to + working with the &os; project in providing excellent + security.

+ + + + SoldierX + + + + +

Update the aslr(4) manpage and the wiki + page.

+ + + +

Improve the Shared Object load order feature with Michael + Zandi's improvements.

+ + + +

Re-port the ASLR work to vanilla &os;. Include the + custom work requested by &os; developers.

+ + + +

Close the existing review on Phabricator.

+ + + +

Open multiple smaller reviews for pieces of the ASLR + patch that can be split out logically.

+ + + +

Perform a special backport to HardenedBSD 10-STABLE for + OPNSense to pull in.

+ + + +

golang segfaults in HardenedBSD. Help would be + nice in debugging.

+ + +