From owner-freebsd-security@freebsd.org  Fri Aug  4 12:48:04 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D419DD7CDA
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Fri,  4 Aug 2017 12:48:04 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com
 [IPv6:2607:f8b0:400d:c09::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C56FE66C72
 for <freebsd-security@freebsd.org>; Fri,  4 Aug 2017 12:48:03 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-qk0-x22c.google.com with SMTP id d136so8269841qkg.3
 for <freebsd-security@freebsd.org>; Fri, 04 Aug 2017 05:48:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=XbJU25/YH3SKJKPlsg6sqhQnQQfCnKbIDGyQJuF4PKw=;
 b=ph4l8UrcsYXj0Y8+qXuF3t5bCq9ga0ltxSNoVDXMU9umFbc6XNxZTG/9R4MgxN/LSC
 +U7Fkvmzfx2lZ6ISjAFciCUyyi6D3G1l0dfRCivmGuYg+uXR+1irUcuu+P9uzP5VNvBe
 e25bz9PS7duuLrkp2wqGZNNKhHbM92/tA0FiMatgmWB/oWiB3WZ7+XNiLzdnoy8eT9xW
 4ZHCC0QUJyyRQo7jHVGy9Z1M1N5WnE1eluC7HMX53+9aHedzawveeGQJuKQCUxTH8u5Z
 ryjAmFRaSixb3/vTLO8PPVqGYwmxFk4+8VSL5GcmCnlc0h4LFJotmPcpvn9Nygpyllqs
 PRsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=XbJU25/YH3SKJKPlsg6sqhQnQQfCnKbIDGyQJuF4PKw=;
 b=isxPqEPhD7JxjWHW6zffo1sBc+zGsfBrVJBpmbUVKfuXXaD5AVwwKmzSABruTpCXwg
 SzTXghtrv/JHTtCcptZwL+ILl/jar3PYzrWtlBB1zcrHVfYIMhVnHc+H+FYkwQ1Z2A60
 ujhhA4x+WXEeOQyHjD3fpv8i63pNdx1+SUrffxPE3Hr2NXyt/OxAwYCUzTtnADQwRuXo
 oYEAG1kQc+NvNyJ3fRaSObxyqbFjNjyaw8LyfkJETvGpzay2hHSSP+1I7iyX2GCgFQft
 jOJ7x6yPYMOdnGmYEvsEdGpLYlV/JnZ5JYflJ1Wkdj5fuXDE2h7CaYSEx8jmzKTmIg+o
 AD3Q==
X-Gm-Message-State: AHYfb5hO8NmIh5CS3g3gAMfJfqsNwsMv+Xej2+UFlbEF3bvURwbL+DgU
 zQ9DBjdfYxB6sXLT
X-Received: by 10.55.41.85 with SMTP id p82mr2607492qkh.292.1501850882835;
 Fri, 04 Aug 2017 05:48:02 -0700 (PDT)
Received: from mutt-hbsd ([63.88.83.66])
 by smtp.gmail.com with ESMTPSA id i8sm969646qtb.40.2017.08.04.05.48.02
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Fri, 04 Aug 2017 05:48:02 -0700 (PDT)
Date: Fri, 4 Aug 2017 08:48:01 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: syed khalid <0xsyed@gmail.com>
Cc: Johannes Jost Meixner <johannes@perceivon.net>,
 freebsd-security@freebsd.org
Subject: Re: SEGVGUARD in freeBSD
Message-ID: <20170804124801.u6wpk47zfl5yl7ba@mutt-hbsd>
References: <CAERAQ8eYOAW-v5g6SYhtJf4v9OpBMWJEUirGgPVq6QhTNrc85A@mail.gmail.com>
 <bae76062-1b69-6350-8b47-bf11a0b61f1e@perceivon.net>
 <CAERAQ8e=qFGzdjZZcrt25T83CTrFZS9qJkAPFMB4GOX0Pa4Gfw@mail.gmail.com>
 <20170804124646.xxu74ibdm73ut354@mutt-hbsd>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="4lpkcj4nbapfejla"
Content-Disposition: inline
In-Reply-To: <20170804124646.xxu74ibdm73ut354@mutt-hbsd>
X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: NeoMutt/20170714 (1.8.3)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 12:48:04 -0000


--4lpkcj4nbapfejla
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I forgot to mention that hardening.pax.segvguard.status is a sysctl
node. To set it:

sysctl hardening.pax.segvguard.status=3D2

Or in /etc/sysctl.conf:

hardening.pax.segvguard.status=3D2

Thanks,

Shawn

On Fri, Aug 04, 2017 at 08:46:46AM -0400, Shawn Webb wrote:
> After booting HardenedBSD, set hardening.pax.segvguard.status=3D2. No
> configuration is necessary.
>=20
> Thanks,
>=20
> Shawn
>=20
> On Fri, Aug 04, 2017 at 05:15:51PM +0530, syed khalid wrote:
> > Hello Johannes/Shawn,
> >=20
> > Thanks for the information. I would like to experiment SEGVGUARD and I
> > would like to monitor the performance of the kernel in the context of
> > SEGVGUARD enabled for a single application. How do i enable or configure
> > the SEGVGUARD service in HardenedBSD?
> >=20
> > Regards,
> > Syed
> >=20
> > On Thu, Aug 3, 2017 at 9:18 PM, Johannes Jost Meixner <
> > johannes@perceivon.net> wrote:
> >=20
> > > You'll want to checkout HardenedBSD[1], especially the 10-STABLE buil=
ds
> > > [2].
> > >
> > >
> > > [1] https://www.hardenedbsd.org
> > > [2]
> > > http://jenkins.hardenedbsd.org/builds/HardenedBSD-10-STABLE-amd64-LAT=
EST/
> > >
> > >
> > >
> > > Best regards,
> > >
> > > Johannes Meixner
> > >
> > >
> > > Perceivon O??
> > > Pikk 7-17
> > > 10123 Tallinn
> > >
> > > tel: +372 5855 1779
> > > web: http://www.perceivon.net
> > >
> > > On 08/03/2017 18:35, syed khalid wrote:
> > > > Hello All,
> > > >
> > > > I would like to configure SEGVGUARD for few critical applications in
> > > > FreeBSD10 . Is is available natively in FreeBSD10 ?
> > > >
> > > > If so you could anyone help me in enabling/configuring SEGVGUARD
> > > >
> > >
> > >
> >=20
> >=20
> > --=20
> > *Thanks & Regards*
> > *Syed Khalid M*
> > *Mobile No:+91-8148910714*
>=20
> --=20
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>=20
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE



--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--4lpkcj4nbapfejla
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlmEbQAACgkQaoRlj1JF
bu4mKg//U8yn06ZmFR67aK7qEeTyUZCo1Ty3EZg2xjenmVqEjl7Tl9IYRRplbHFr
kQ+QcyxtFRxvu9sRwZ9hoLSkBUiq2rKnuOBrmo84vsvG/ZDIgedfpICcO5TBus/g
8VhVhpdi584FHRRbcmZyE2lDxA9aEo0t+8r901iflpxlI5LDFaORI2R4Uu/oTfHW
5yRKKGIc3G0+/+EVfYZyUDBr8Ppl8wZnNC1b0oo7NuC8WYOLdCeVGM+FP3Wl8NM2
SytXQZND56fhKSa2HK8/wzcrD+WMWQEw+MQh6/LPGeazGjldHXTRqfWf7ljCD1uV
xydL37yTFbMGWPvE0JFs0sDKkUfcJcYUmljg75G6UXPvvxGzuT07VwE/WFNB+GDX
U/n3AFBrqw4mMmowfuN0yfpmygLu+WAMzx0843xfMgvHxrIT0Q9R/bNoe6EWRZvp
fOhBulSjDc86ISYYLed47G+jV6worFcMQjPeaglj1y6O0fYr6tRm7uGOGGBk3+MC
uFdYALC+tpCmjJbLZF6/7R3XOpP3kfUjttN3mmPsvgc1AwxGgk2t28tuLXINodVm
Y8fiqsYNQojv23XmuTRiLHCwRLmT4eiGOw4ZwWB/16dwPn8+uaihYYLtTok88eyD
zNcgZlmgXWomF8dp2dkrwWAHgNE1q4w/Zjs0CUku66L9A2qVJDs=
=WNl6
-----END PGP SIGNATURE-----

--4lpkcj4nbapfejla--