From owner-freebsd-security@freebsd.org Sat Aug 5 11:26:40 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CCB6DCF8E1 for ; Sat, 5 Aug 2017 11:26:40 +0000 (UTC) (envelope-from spankthespam@gmail.com) Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CC03714F9 for ; Sat, 5 Aug 2017 11:26:39 +0000 (UTC) (envelope-from spankthespam@gmail.com) Received: by mail-qt0-x22e.google.com with SMTP id a18so21175850qta.0 for ; Sat, 05 Aug 2017 04:26:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ZZMFNbMRgxc2y9mRRYlCA/qGcP9u/muy4X6qzpcebkg=; b=PGyP4w5sRUez02kg69Nwqi0tLJl9ZQLU1s33V3NLWQ1//MNC8oYFUueEbYtgh6L22C g1xoYzhSyjE7vu0iS/EcP17HjSnJEy9yiGuVZM887yTrKLCSUHChFtIUTusFxsz8rqX0 28R/N+11jl+zKx5afHCNlJlRIc6LmcknvaZoZ0MfSDPKERUr5teMZz+16cIBRynG110i tYSVJeSU+Nm2o8NoMUP9FWZcssmneF6TQfjmTenQrKr+lQRjKnFB4vCBvESUZI/aNIcF Swoo1aOAFWwwEsrD75N0cKrASzQvfth7ldYLahLXjfPCRzKkF1UpUfYrZw1kL6eiUIAO Mo+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ZZMFNbMRgxc2y9mRRYlCA/qGcP9u/muy4X6qzpcebkg=; b=NT5FusbxgzYkvpN0Y35ujIXwyu8IzCsh2jXPBy4eG4FGCkJNc7lA4zFQeBhhEcMeV3 sZWuEs43vO3tHRO3gktUo++rac3KlMC4xqHQegwsoW/yo/BNKAA54nhz7HCe9ec4x7Ws bwVP2LcobfcRIdnsAo2uJUBrkKq0N2hmE05lrOf0AVQggJ56lPVnLsgjMyrKkKMySWVe WaVV2P2OcFEidFZCSkazJFlCzY6wQKASjNcBv/r+VbV4vL278IUChQi4nZ9+hmJ0XmyW /gTHdsmMruvtq6JXEvGC6OfpSeiFkk/NxlX2ULRQjhfuw4LgOBmntW3cGUuClXoXgdqq ju6Q== X-Gm-Message-State: AHYfb5hNhTGSK774b3V+EVBNR363u88rlOqf9xOrNtakEIwPXrwis3O9 Ol1XKq9fWzaElzu/jOQB3xZa9HoYrA== X-Received: by 10.237.48.65 with SMTP id 59mr7509956qte.10.1501932398890; Sat, 05 Aug 2017 04:26:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.48.19 with HTTP; Sat, 5 Aug 2017 04:26:37 -0700 (PDT) In-Reply-To: <20170804124801.u6wpk47zfl5yl7ba@mutt-hbsd> References: <20170804124646.xxu74ibdm73ut354@mutt-hbsd> <20170804124801.u6wpk47zfl5yl7ba@mutt-hbsd> From: Big Lebowski Date: Sat, 5 Aug 2017 12:26:37 +0100 Message-ID: Subject: Re: SEGVGUARD in freeBSD To: Shawn Webb Cc: syed khalid <0xsyed@gmail.com>, freebsd-security , Johannes Jost Meixner Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Aug 2017 11:26:40 -0000 It does sound like a discussion better suited for HardenedBSD mailing lists, don't you think? ;) Regards, BL On Fri, Aug 4, 2017 at 1:48 PM, Shawn Webb wrote: > I forgot to mention that hardening.pax.segvguard.status is a sysctl > node. To set it: > > sysctl hardening.pax.segvguard.status=2 > > Or in /etc/sysctl.conf: > > hardening.pax.segvguard.status=2 > > Thanks, > > Shawn > > On Fri, Aug 04, 2017 at 08:46:46AM -0400, Shawn Webb wrote: > > After booting HardenedBSD, set hardening.pax.segvguard.status=2. No > > configuration is necessary. > > > > Thanks, > > > > Shawn > > > > On Fri, Aug 04, 2017 at 05:15:51PM +0530, syed khalid wrote: > > > Hello Johannes/Shawn, > > > > > > Thanks for the information. I would like to experiment SEGVGUARD and I > > > would like to monitor the performance of the kernel in the context of > > > SEGVGUARD enabled for a single application. How do i enable or > configure > > > the SEGVGUARD service in HardenedBSD? > > > > > > Regards, > > > Syed > > > > > > On Thu, Aug 3, 2017 at 9:18 PM, Johannes Jost Meixner < > > > johannes@perceivon.net> wrote: > > > > > > > You'll want to checkout HardenedBSD[1], especially the 10-STABLE > builds > > > > [2]. > > > > > > > > > > > > [1] https://www.hardenedbsd.org > > > > [2] > > > > http://jenkins.hardenedbsd.org/builds/HardenedBSD-10- > STABLE-amd64-LATEST/ > > > > > > > > > > > > > > > > Best regards, > > > > > > > > Johannes Meixner > > > > > > > > > > > > Perceivon O?? > > > > Pikk 7-17 > > > > 10123 Tallinn > > > > > > > > tel: +372 5855 1779 > > > > web: http://www.perceivon.net > > > > > > > > On 08/03/2017 18:35, syed khalid wrote: > > > > > Hello All, > > > > > > > > > > I would like to configure SEGVGUARD for few critical applications > in > > > > > FreeBSD10 . Is is available natively in FreeBSD10 ? > > > > > > > > > > If so you could anyone help me in enabling/configuring SEGVGUARD > > > > > > > > > > > > > > > > > > > > > > -- > > > *Thanks & Regards* > > > *Syed Khalid M* > > > *Mobile No:+91-8148910714* > > > > -- > > Shawn Webb > > Cofounder and Security Engineer > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE >