From owner-freebsd-security@freebsd.org Fri Aug 4 12:46:49 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C7FFDD7B51 for ; Fri, 4 Aug 2017 12:46:49 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C6C1566B07 for ; Fri, 4 Aug 2017 12:46:48 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt0-x234.google.com with SMTP id p3so8369561qtg.2 for ; Fri, 04 Aug 2017 05:46:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=lToThBjapditnGQy2COUikf2oPEj/tgUigx1c4m0lu0=; b=i07cMhgIhi7LVoTT9FsS91ugWVL1p36Bsmw07arxqSZnm4h0ozIm8+VfvDrkppAjRa uT1ATXhmyiTAktkVlJDpTTnTwgnXHDY0pX94kiG0iqk8HC1LIxDufHl0Cd4GGN8YkYUl 50O2LQ/ckeT4UUsw7de7lKy275vQTjOiopbrpuT2nTNseng4iLmpBVZ3qC5ONCe0rI0v EEodEwUur0IXBsV52L2u9nKmEGYrSETsEWHV8daelecz3crcuAWpybpBdiRRAwKdvXcG tu24wYAvdmG9hhs5MtN9a8cO/yTYWR5NoB/mbbmVnDwyICfdmNpVWhnYdXJmfr4joTRp aPWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=lToThBjapditnGQy2COUikf2oPEj/tgUigx1c4m0lu0=; b=nRFmIgH3NvdrfrgfMedRUhBfsLsWPcEkCZr76yKrvcaeX8YN5PuapG9B4+Xssj28qL WscAQ9wNU86kNc7w/0paWE/IOjI+TXMHd4tzwS172BK0WaVf67KotxOPu3NYUVppygFY CesNhMqT/ZQKxoeztiE63YXxYJNCp37dZZ8rM7nK6Vdvro81/egwJPkH2JBJ3pSO4OI+ gzKwvmW3uCSYwAXtagDf4CSFDNQDRAQeS02STiLftUP7SuY2nLTAlVXtxAQcsZWY7vhP 1iue5XOd57R2Fjlgjjj3GtMJwAjgOE2BuJZmK5yuwHUjIJo7RArMhpThacADSkPlTrME MgFw== X-Gm-Message-State: AHYfb5jNIAb43pKJPhSZY3DTSdizi8QZjvoY1Ew3UxqoakFuV0nYDMRm GtPrr3wmGfPYBGUdMltiXw== X-Received: by 10.200.41.166 with SMTP id 35mr3029841qts.141.1501850807603; Fri, 04 Aug 2017 05:46:47 -0700 (PDT) Received: from mutt-hbsd ([63.88.83.66]) by smtp.gmail.com with ESMTPSA id i79sm955874qke.3.2017.08.04.05.46.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 04 Aug 2017 05:46:46 -0700 (PDT) Date: Fri, 4 Aug 2017 08:46:46 -0400 From: Shawn Webb To: syed khalid <0xsyed@gmail.com> Cc: Johannes Jost Meixner , freebsd-security@freebsd.org Subject: Re: SEGVGUARD in freeBSD Message-ID: <20170804124646.xxu74ibdm73ut354@mutt-hbsd> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="yvgxhhunstx5whka" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20170714 (1.8.3) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Aug 2017 12:46:49 -0000 --yvgxhhunstx5whka Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable After booting HardenedBSD, set hardening.pax.segvguard.status=3D2. No configuration is necessary. Thanks, Shawn On Fri, Aug 04, 2017 at 05:15:51PM +0530, syed khalid wrote: > Hello Johannes/Shawn, >=20 > Thanks for the information. I would like to experiment SEGVGUARD and I > would like to monitor the performance of the kernel in the context of > SEGVGUARD enabled for a single application. How do i enable or configure > the SEGVGUARD service in HardenedBSD? >=20 > Regards, > Syed >=20 > On Thu, Aug 3, 2017 at 9:18 PM, Johannes Jost Meixner < > johannes@perceivon.net> wrote: >=20 > > You'll want to checkout HardenedBSD[1], especially the 10-STABLE builds > > [2]. > > > > > > [1] https://www.hardenedbsd.org > > [2] > > http://jenkins.hardenedbsd.org/builds/HardenedBSD-10-STABLE-amd64-LATES= T/ > > > > > > > > Best regards, > > > > Johannes Meixner > > > > > > Perceivon O?? > > Pikk 7-17 > > 10123 Tallinn > > > > tel: +372 5855 1779 > > web: http://www.perceivon.net > > > > On 08/03/2017 18:35, syed khalid wrote: > > > Hello All, > > > > > > I would like to configure SEGVGUARD for few critical applications in > > > FreeBSD10 . Is is available natively in FreeBSD10 ? > > > > > > If so you could anyone help me in enabling/configuring SEGVGUARD > > > > > > > >=20 >=20 > --=20 > *Thanks & Regards* > *Syed Khalid M* > *Mobile No:+91-8148910714* --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --yvgxhhunstx5whka Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlmEbLMACgkQaoRlj1JF bu5/JRAAhaGlaNF2t7m0tB65bVK7FWlCqXO+UROLUeoj0eS6I6H77BG9LE0s91sf gmpDmdFX/Lzh7ipEi8DEGt0l/8U8/vBbsybPS6UgZX4s6pVkWoK4z/c68jCybZb7 I/k9faohxwEWLZpbZVSUG0i8qAkLxazp8tePR0an3zt5ssQL+mqD+WxEqU+vG4SP NbD2jPh7vSV3MY/MLJV06VzISUxNeubQX8bJ26FMGtuhgHU+uFHIrb+qqZdyf0ye qSZ8mR+/nQ06FCuR4X7Puy6IJFmSS4IFrp1Qp/3kb8nlADVkTFCU3b7zL3qHmTfN F4wEsvkvn1/Jp3yku/c6g6XREbLue5IkBuQdqQC6RF2a/msl4MoaI4Iyuokf2pV2 Q1Fr7oeLD110nt8AZl/S50LZBcm6tLAIcmkM+LYWiaRS84DlCeH6vZeM0faNqkXZ QCiJInYKpiaDK3nTBUQCd2Amj7GGmdQgAbktwBOk4DjMRXjyqwAluD942Xe4g0Ll CRhke62QNtc7Qlq3lGQoK6FJ+GDRiGj5j9veLrn+NtTaoOgn/cfVCwdBamyrxZjp 5mNVPxZA8dxL5JdxCBYCzQGUWptbQKrKrFE27b5XqVRd+qxxwYR7K9fhHZ3wt7vj tUNk01FdYdv9mxnH4QNQEKIyFvoeW/1TXVCGmpVdAqYueoR32mI= =0D26 -----END PGP SIGNATURE----- --yvgxhhunstx5whka--