Date: Sun, 12 Apr 2015 20:22:16 +0000 (UTC) From: Benjamin Kaduk <bjk@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46518 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201504122022.t3CKMGoi094224@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bjk Date: Sun Apr 12 20:22:15 2015 New Revision: 46518 URL: https://svnweb.freebsd.org/changeset/doc/46518 Log: Add the ASLR report Approved by: hrs (mentor, implicit) Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Sun Apr 12 00:06:59 2015 (r46517) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Sun Apr 12 20:22:15 2015 (r46518) @@ -83,4 +83,71 @@ <description>Miscellaneous</description> </category> + <project cat='kern'> + <title>Address Space Layout Randomization (ASLR)</title> + + <contact> + <person> + <name> + <given>Shawn</given> + <common>Webb</common> + </name> + <email>shawn.webb@hardenedbsd.org</email> + </person> + <person> + <name> + <given>Oliver</given> + <common>Pinter</common> + </name> + <email>oliver.pinter@hardenedbsd.org</email> + </person> + </contact> + + <links> + <url href="https://hardenedbsd.org/">HardenedBSD</url>; + <url href="https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054669.html">ASLR Call For Testing</url> + <url href="https://reviews.freebsd.org/D473">FreeBSD Code Review of ASLR</url> + </links> + + <body> + <p>Address Space Layout Randomization (ASLR) is a + computer security technique that aids in mitigating + low-level vulnerabilities such as buffer overflows. + ASLR randomizes the memory layout of running + applications to prevent an attacker from knowing where + a given exploitable vulnerability lies in memory.</p> + + <p>We have been working hard the last few months to ensure + the robustness of our ASLR implementation. We have + written a helpful manpage. We have updated the patch on + FreeBSD's code review system (Phabricator). Our ASLR + implementation is in heavy use by the HardenedBSD team + in production environments and is performing + robustly.</p> + + <p>The next task is to compile the base system applications as + Position-Independent Executables (PIEs). In order for + ASLR to be effective, applications must be compiled as + PIEs. It is likely that this part will take a long time + to accomplish, given the complexity surrounding + building the libraries in the base system. Even if applications + are not compiled as PIEs, having ASLR available still + helps those applications (like HardenedBSD's secadm) + which force compilation as PIE for themselves.</p> + </body> + + <sponsor>SoldierX</sponsor> + + <help> + <task> + <p>Test our patch against 11-CURRENT.</p> + </task> + + <task> + <p>For &os; committers: work with us to get this merged + into &os;.</p> + </task> + </help> + </project> + </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504122022.t3CKMGoi094224>