Date: Tue, 14 Jul 2015 17:15:41 +0000 (UTC) From: Warren Block <wblock@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46975 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201507141715.t6EHFfeK019260@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wblock Date: Tue Jul 14 17:15:40 2015 New Revision: 46975 URL: https://svnweb.freebsd.org/changeset/doc/46975 Log: Add Shawn Webb <shawn.webb@hardenedbsd.org>'s ASLR report. Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml Tue Jul 14 16:18:23 2015 (r46974) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml Tue Jul 14 17:15:40 2015 (r46975) @@ -1356,4 +1356,119 @@ </task> </help> </project> + + <project cat='proj'> + <title>Address Space Layout Randomization (ASLR)</title> + + <contact> + <person> + <name> + <given>Shawn</given> + <common>Webb</common> + </name> + <email>shawn.webb@hardenedbsd.org</email> + </person> + + <person> + <name> + <given>Oliver</given> + <common>Pinter</common> + </name> + <email>oliver.pinter@hardenedbsd.org</email> + </person> + + <person> + <name>HardenedBSD</name> + <email>core@hardenedbsd.org</email> + </person> + </contact> + + <links> + <url href="https://hardenedbsd.org/">HardenedBSD</url>; + <url href="https://hardenedbsd.org/article/shawn-webb/2015-06-30/introducing-true-stack-randomization">True Stack Randomization</url> + <url href="https://hardenedbsd.org/article/shawn-webb/2015-07-06/announcing-aslr-completion">Announcing ASLR Completion</url> + <url href="https://hardenedbsd.org/article/shawn-webb/2015-07-11/call-donations">Call for Donations</url> + <url href="https://www.soldierx.com/">SoldierX</url>; + </links> + + <body> + <p>HardenedBSD is a downstream distribution of &os; aimed at + implementing exploit mitigation and security technologies. + The HardenedBSD development team has focused on several key + features, one being Address Space Layout Randomization (ASLR). + ASLR is a computer security technique that aids in mitigating + low-level vulnerabilities such as buffer overflows. ASLR + randomizes the memory layout of running applications to + prevent an attacker from knowing where a given vulnerability + lies in memory.</p> + + <p>This last quarter, the HardenedBSD team has finalized the + core implementation of ASLR. We implemented true stack + randomization along with a random stack gap. This change + allows us to apply 42 bits of entropy to the stack, the + highest of any operating system. We bumped the + <tt>hardening.pax.aslr.stack_len</tt> <tt>sysctl(8)</tt> to 42 + by default on amd64.</p> + + <p>We also now randomize the Virtual Dynamic Shared Object + (VDSO). The VDSO is one or more pages of memory shared + between the kernel and the userland. On amd64, it contains + the signal trampoline and timing code + (<tt>gettimeofday(4)</tt>, for example).</p> + + <p>With these two changes, the ASLR implementation is now + complete. There are still tasks to work on, however. We need + to update our documentation and enhance a few pieces of code. + Our ASLR implementation is in use in production by HardenedBSD + and is performing robustly.</p> + + <p>Additionally, we are currently running a fundraiser to help + us establish a not-for-profit organization and for hardware + updates. We have received a lot of help from the community + and we greatly appreciate the help. We need further help + to take the project to the next level. We look forward to + working with the &os; project in providing excellent + security.</p> + </body> + + <sponsor> + SoldierX + </sponsor> + + <help> + <task> + <p>Update the <tt>aslr(4)</tt> manpage and the wiki + page.</p> + </task> + + <task> + <p>Improve the Shared Object load order feature with Michael + Zandi's improvements.</p> + </task> + + <task> + <p>Re-port the ASLR work to vanilla &os;. Include the + custom work requested by &os; developers.</p> + </task> + + <task> + <p>Close the existing review on Phabricator.</p> + </task> + + <task> + <p>Open multiple smaller reviews for pieces of the ASLR + patch that can be split out logically.</p> + </task> + + <task> + <p>Perform a special backport to HardenedBSD 10-STABLE for + OPNSense to pull in.</p> + </task> + + <task> + <p><tt>golang</tt> segfaults in HardenedBSD. Help would be + nice in debugging.</p> + </task> + </help> + </project> </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507141715.t6EHFfeK019260>