Add the ASLR report

Approved by: hrs (mentor, implicit)
svn path=/head/; revision=46518
2015-04-12 20:22:15 +00:00 · 2015-04-12 20:22:15 +00:00 · 6bfdc5f230 · 2020-12-08 03:00:23 +00:00
commit 6bfdc5f230
parent 7368817d25
1 changed files with 67 additions and 0 deletions
--- a/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml
+++ b/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml
@ -83,4 +83,71 @@
    <description>Miscellaneous</description>
  </category>

+  <project cat='kern'>
+    <title>Address Space Layout Randomization (ASLR)</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Shawn</given>
+	  <common>Webb</common>
+	</name>
+	<email>shawn.webb@hardenedbsd.org</email>
+      </person>
+      <person>
+	<name>
+	  <given>Oliver</given>
+	  <common>Pinter</common>
+	</name>
+	<email>oliver.pinter@hardenedbsd.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://hardenedbsd.org/">HardenedBSD</url>
+      <url href="https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054669.html">ASLR Call For Testing</url>
+      <url href="https://reviews.freebsd.org/D473">FreeBSD Code Review of ASLR</url>
+    </links>
+
+    <body>
+      <p>Address Space Layout Randomization (ASLR) is a
+	computer security technique that aids in mitigating
+	low-level vulnerabilities such as buffer overflows.
+	ASLR randomizes the memory layout of running
+	applications to prevent an attacker from knowing where
+	a given exploitable vulnerability lies in memory.</p>
+
+      <p>We have been working hard the last few months to ensure
+	the robustness of our ASLR implementation. We have
+	written a helpful manpage. We have updated the patch on
+	FreeBSD's code review system (Phabricator).  Our ASLR
+	implementation is in heavy use by the HardenedBSD team
+	in production environments and is performing
+	robustly.</p>
+
+      <p>The next task is to compile the base system applications as
+	Position-Independent Executables (PIEs). In order for
+	ASLR to be effective, applications must be compiled as
+	PIEs. It is likely that this part will take a long time
+	to accomplish, given the complexity surrounding
+	building the libraries in the base system. Even if applications
+	are not compiled as PIEs, having ASLR available still
+	helps those applications (like HardenedBSD's secadm)
+	which force compilation as PIE for themselves.</p>
+    </body>
+
+    <sponsor>SoldierX</sponsor>
+
+    <help>
+      <task>
+	<p>Test our patch against 11-CURRENT.</p>
+      </task>
+
+      <task>
+	<p>For &os; committers: work with us to get this merged
+	  into &os;.</p>
+      </task>
+    </help>
+  </project>
+
 </report>