Date: Sat, 5 Apr 2014 09:15:14 +0000 (UTC) From: Gabor Pali <pgj@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44449 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201404050915.s359FE0R094888@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pgj Date: Sat Apr 5 09:15:14 2014 New Revision: 44449 URL: http://svnweb.freebsd.org/changeset/doc/44449 Log: - Add 2014Q1 status report for ASLR Submitted by: Shawn Webb <lattera@gmail.com> Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-01-2014-03.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-01-2014-03.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2014-01-2014-03.xml Sat Apr 5 02:09:17 2014 (r44448) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2014-01-2014-03.xml Sat Apr 5 09:15:14 2014 (r44449) @@ -18,7 +18,7 @@ <!-- XXX: Keep the number of entries updated --> <p>Thanks to all the reporters for the excellent work! This report - contains 13 entries and we hope you enjoy reading it.</p> + contains 14 entries and we hope you enjoy reading it.</p> <p>The deadline for submissions covering between April and June 2014 is July 7th, 2014.</p> @@ -775,4 +775,70 @@ ports tree.</task> </help> </project> + + <project cat='kern'> + <title>ASLR and PIE</title> + + <contact> + <person> + <name> + <given>Shawn</given> + <common>Webb</common> + </name> + <email>lattera@gmail.com</email> + </person> + + <person> + <name> + <given>Olivér</given> + <common>Pintér</common> + </name> + <email>oliver.pntr@gmail.com</email> + </person> + </contact> + + <links> + <url href="http://0xfeedface.org/blog/lattera/2014-04-03/awesome-freebsd-aslr-progress">Blog post with latest status update</url> + <url href="https://github.com/lattera/freebsd/tree/soldierx/lattera/aslr">Shawn's ASLR branch</url> + <url href="https://github.com/opntr/opBSD/tree/op/stable/10-aslr">Olivér's ASLR branch</url> + </links> + + <body> + <p>Address space layout randomization (ASLR) is a computer + security technique involved in protection from buffer overflow + attacks. In order to prevent an attacker from reliably jumping + to a particular exploited function in memory, ASLR involves + randomly arranging the positions of key data areas of a program, + including the base of the executable and the positions of the + stack, heap, and libraries, in a process' address space.</p> + + <p>We have added (a potentially buggy) ASLR support to all + supported &os; architectures. Focus is still on <tt>amd64</tt> as + that is what the developers have access to. We have added + support for Position-Independent Executables (PIEs) in a number + of applications in base. We have identified a number of bugs + and are actively working on targeting them.</p> + </body> + + <help> + <task>Shawn has access to a Raspberry Pi (RPI). PIE is 90% + broken. Debug and fix major issues on the RPI. The existing NX + stack protections are not obeyed on RPI. Properly implemented + ASLR requires NX stack.</task> + + <task>Shawn will be receiving a <tt>sparc64</tt> box on April 6, + 2014. He will test ASLR on <tt>sparc64</tt>, identifying and + fixing any bugs that pop up.</task> + + <task>Olivér has identified one or more bugs with the Linuxulator. + He will be looking into that and fixing those.</task> + + <task>Shawn will be cleaning up code and adding more applications + in base to support PIE. He will also add PIE support to the + ports framework for general consumption.</task> + + <task>Shawn will be giving a presentation regarding ASLR at + BSDCan 2014.</task> + </help> + </project> </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404050915.s359FE0R094888>