From owner-svn-doc-head@FreeBSD.ORG Sun Apr 12 20:22:17 2015 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F152AB72; Sun, 12 Apr 2015 20:22:16 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2F28160; Sun, 12 Apr 2015 20:22:16 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3CKMGvn094225; Sun, 12 Apr 2015 20:22:16 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3CKMGoi094224; Sun, 12 Apr 2015 20:22:16 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201504122022.t3CKMGoi094224@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Sun, 12 Apr 2015 20:22:16 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46518 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Apr 2015 20:22:17 -0000 Author: bjk Date: Sun Apr 12 20:22:15 2015 New Revision: 46518 URL: https://svnweb.freebsd.org/changeset/doc/46518 Log: Add the ASLR report Approved by: hrs (mentor, implicit) Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Sun Apr 12 00:06:59 2015 (r46517) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Sun Apr 12 20:22:15 2015 (r46518) @@ -83,4 +83,71 @@ Miscellaneous + + Address Space Layout Randomization (ASLR) + + + + + Shawn + Webb + + shawn.webb@hardenedbsd.org + + + + Oliver + Pinter + + oliver.pinter@hardenedbsd.org + + + + + HardenedBSD + ASLR Call For Testing + FreeBSD Code Review of ASLR + + + +

Address Space Layout Randomization (ASLR) is a + computer security technique that aids in mitigating + low-level vulnerabilities such as buffer overflows. + ASLR randomizes the memory layout of running + applications to prevent an attacker from knowing where + a given exploitable vulnerability lies in memory.

+ +

We have been working hard the last few months to ensure + the robustness of our ASLR implementation. We have + written a helpful manpage. We have updated the patch on + FreeBSD's code review system (Phabricator). Our ASLR + implementation is in heavy use by the HardenedBSD team + in production environments and is performing + robustly.

+ +

The next task is to compile the base system applications as + Position-Independent Executables (PIEs). In order for + ASLR to be effective, applications must be compiled as + PIEs. It is likely that this part will take a long time + to accomplish, given the complexity surrounding + building the libraries in the base system. Even if applications + are not compiled as PIEs, having ASLR available still + helps those applications (like HardenedBSD's secadm) + which force compilation as PIE for themselves.

+ + + SoldierX + + + +

Test our patch against 11-CURRENT.

+ + + +

For &os; committers: work with us to get this merged + into &os;.

+ + + +