svn commit: r46518 - head/en_US.ISO8859-1/htdocs/news/status

Benjamin Kaduk bjk at FreeBSD.org
Sun Apr 12 20:22:17 UTC 2015 

Author: bjk
Date: Sun Apr 12 20:22:15 2015
New Revision: 46518
URL: https://svnweb.freebsd.org/changeset/doc/46518

Log:
  Add the ASLR report
  
  Approved by:	hrs (mentor, implicit)

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml	Sun Apr 12 00:06:59 2015	(r46517)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml	Sun Apr 12 20:22:15 2015	(r46518)
@@ -83,4 +83,71 @@
     <description>Miscellaneous</description>
   </category>
 
+  <project cat='kern'>
+    <title>Address Space Layout Randomization (ASLR)</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Shawn</given>
+	  <common>Webb</common>
+	</name>
+	<email>shawn.webb at hardenedbsd.org</email>
+      </person>
+      <person>
+	<name>
+	  <given>Oliver</given>
+	  <common>Pinter</common>
+	</name>
+	<email>oliver.pinter at hardenedbsd.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://hardenedbsd.org/">HardenedBSD</url>
+      <url href="https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054669.html">ASLR Call For Testing</url>
+      <url href="https://reviews.freebsd.org/D473">FreeBSD Code Review of ASLR</url>
+    </links>
+
+    <body>
+      <p>Address Space Layout Randomization (ASLR) is a
+	computer security technique that aids in mitigating
+	low-level vulnerabilities such as buffer overflows.
+	ASLR randomizes the memory layout of running
+	applications to prevent an attacker from knowing where
+	a given exploitable vulnerability lies in memory.</p>
+
+      <p>We have been working hard the last few months to ensure
+	the robustness of our ASLR implementation. We have
+	written a helpful manpage. We have updated the patch on
+	FreeBSD's code review system (Phabricator).  Our ASLR
+	implementation is in heavy use by the HardenedBSD team
+	in production environments and is performing
+	robustly.</p>
+
+      <p>The next task is to compile the base system applications as
+	Position-Independent Executables (PIEs). In order for
+	ASLR to be effective, applications must be compiled as
+	PIEs. It is likely that this part will take a long time
+	to accomplish, given the complexity surrounding
+	building the libraries in the base system. Even if applications
+	are not compiled as PIEs, having ASLR available still
+	helps those applications (like HardenedBSD's secadm)
+	which force compilation as PIE for themselves.</p>
+    </body>
+
+    <sponsor>SoldierX</sponsor>
+
+    <help>
+      <task>
+	<p>Test our patch against 11-CURRENT.</p>
+      </task>
+
+      <task>
+	<p>For &os; committers: work with us to get this merged
+	  into &os;.</p>
+      </task>
+    </help>
+  </project>
+
 </report>

More information about the svn-doc-all mailing list