Add the ASLR report
Approved by: hrs (mentor, implicit)
This commit is contained in:
Benjamin Kaduk
parent
7368817d25
commit
6bfdc5f230
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=46518
1 changed files with 67 additions and 0 deletions
|
|
@ -83,4 +83,71 @@
|
||||||
<description>Miscellaneous</description>
|
<description>Miscellaneous</description>
|
||||||
</category>
|
</category>
|
||||||
|
|
||||||
|
<project cat='kern'>
|
||||||
|
<title>Address Space Layout Randomization (ASLR)</title>
|
||||||
|
|
||||||
|
<contact>
|
||||||
|
<person>
|
||||||
|
<name>
|
||||||
|
<given>Shawn</given>
|
||||||
|
<common>Webb</common>
|
||||||
|
</name>
|
||||||
|
<email>shawn.webb@hardenedbsd.org</email>
|
||||||
|
</person>
|
||||||
|
<person>
|
||||||
|
<name>
|
||||||
|
<given>Oliver</given>
|
||||||
|
<common>Pinter</common>
|
||||||
|
</name>
|
||||||
|
<email>oliver.pinter@hardenedbsd.org</email>
|
||||||
|
</person>
|
||||||
|
</contact>
|
||||||
|
|
||||||
|
<links>
|
||||||
|
<url href="https://hardenedbsd.org/">HardenedBSD</url>
|
||||||
|
<url href="https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054669.html">ASLR Call For Testing</url>
|
||||||
|
<url href="https://reviews.freebsd.org/D473">FreeBSD Code Review of ASLR</url>
|
||||||
|
</links>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<p>Address Space Layout Randomization (ASLR) is a
|
||||||
|
computer security technique that aids in mitigating
|
||||||
|
low-level vulnerabilities such as buffer overflows.
|
||||||
|
ASLR randomizes the memory layout of running
|
||||||
|
applications to prevent an attacker from knowing where
|
||||||
|
a given exploitable vulnerability lies in memory.</p>
|
||||||
|
|
||||||
|
<p>We have been working hard the last few months to ensure
|
||||||
|
the robustness of our ASLR implementation. We have
|
||||||
|
written a helpful manpage. We have updated the patch on
|
||||||
|
FreeBSD's code review system (Phabricator). Our ASLR
|
||||||
|
implementation is in heavy use by the HardenedBSD team
|
||||||
|
in production environments and is performing
|
||||||
|
robustly.</p>
|
||||||
|
|
||||||
|
<p>The next task is to compile the base system applications as
|
||||||
|
Position-Independent Executables (PIEs). In order for
|
||||||
|
ASLR to be effective, applications must be compiled as
|
||||||
|
PIEs. It is likely that this part will take a long time
|
||||||
|
to accomplish, given the complexity surrounding
|
||||||
|
building the libraries in the base system. Even if applications
|
||||||
|
are not compiled as PIEs, having ASLR available still
|
||||||
|
helps those applications (like HardenedBSD's secadm)
|
||||||
|
which force compilation as PIE for themselves.</p>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
<sponsor>SoldierX</sponsor>
|
||||||
|
|
||||||
|
<help>
|
||||||
|
<task>
|
||||||
|
<p>Test our patch against 11-CURRENT.</p>
|
||||||
|
</task>
|
||||||
|
|
||||||
|
<task>
|
||||||
|
<p>For &os; committers: work with us to get this merged
|
||||||
|
into &os;.</p>
|
||||||
|
</task>
|
||||||
|
</help>
|
||||||
|
</project>
|
||||||
|
|
||||||
</report>
|
</report>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue