svn commit: r48064 - head/en_US.ISO8859-1/htdocs/news/status
Benjamin Kaduk
bjk at FreeBSD.org
Tue Jan 19 02:41:46 UTC 2016
Author: bjk
Date: Tue Jan 19 02:41:44 2016
New Revision: 48064
URL: https://svnweb.freebsd.org/changeset/doc/48064
Log:
Add HardenedBSD entry from Shawn Webb
Modified:
head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml
Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml Tue Jan 19 02:28:43 2016 (r48063)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml Tue Jan 19 02:41:44 2016 (r48064)
@@ -4282,4 +4282,89 @@
</task>
</help>
</project>
+
+ <project cat='misc'>
+ <title>HardenedBSD</title>
+
+ <contact>
+ <person>
+ <name>
+ <given>Shawn</given>
+ <common>Webb</common>
+ </name>
+ <email>shawn.webb at hardenedbsd.org</email>
+ </person>
+
+ <person>
+ <name>
+ <given>Oliver</given>
+ <common>Pinter</common>
+ </name>
+ <email>oliver.pinter at hardenedbsd.org</email>
+ </person>
+ </contact>
+
+ <links>
+ <url href="https://hardenedbsd.org/" />
+ <url href="https://hardenedbsd.org/article/shawn-webb/2015-12-31/introducing-hardenedbsds-new-binary-updater">Introducing HardenedBSD's New Binary Updater</url>
+ <url href="https://hardenedbsd.org/article/shawn-webb/2015-11-22/introducing-secadm-030-beta-01"><tt>secadm</tt> Beta Published</url>
+ <url href="https://hardenedbsd.org/article/admin/2015-11-22/new-package-building-server">New Package Building Server</url>
+ <url href="https://github.com/HardenedBSD/secadm"><tt>secadm</tt></url>
+ <url href="https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/experimental/master-i915">HardenedBSD Haswell Support</url>
+ <url href="http://jenkins.hardenedbsd.org/builds/HardenedBSD-CURRENT-i915kms-amd64-LATEST/">Nightly Builds for HardenedBSD Haswell Support</url>
+ </links>
+
+ <body>
+ <p>HardenedBSD has been hard at work improving the
+ performance and stability of our security enhancements. Security
+ flags are now per-thread instead of per-process, removing some
+ locking overhead. ASLR for mmap(MAP_32BIT) requests has been
+ refactored, but lib32 is now disabled by default.</p>
+
+ <p>We've developed a new binary update utility,
+ <tt>hbsd-update</tt> akin to <tt>freebsd-update</tt>.
+ In addition to normal OS installs, it can also update
+ jails and ZFS Boot Environments (ZFS BEs). Updates are
+ signed using X.509 certificates.</p>
+
+ <p><tt>secadm</tt> 0.3-beta has landed. It has been
+ rewritten from scratch in order to be more efficient. As part of
+ the rewrite, the rule syntax has changed and users must update
+ their rulesets as described in the README.</p>
+
+ <p>Thanks to generous donations of a server from G2, Inc and
+ hosting from Automated Tendencies, we can now do full
+ package builds in just 35 hours, down from 75 hours.
+ This machine will also provide weekly binary updates for
+ the kernel and base system.</p>
+
+ <p>Owing partly to the needs of the developers, we have
+ an experimental branch that includes the work
+ &a.dumbbell; has underway for Haswell graphics support,
+ on top of &os; 11-current. Binary updates are also
+ provided for this branch.</p>
+
+ <p>Unfortunately, in order to focus our efforts on improving
+ HardenedBSD, we have had to pull back from submitting our ASLR
+ patches to &os;. The past two years' efforts to address comments
+ on the submission have taken their toll, and the effort is no
+ longer sustainable. We are proud to be based on &os; and believe
+ that the whole community could benefit from the security
+ technologies we are developing. We hope that someone else will
+ be able to step forward and finish off the task of integrating
+ ASLR into &os;.</p>
+ </body>
+
+ <sponsor>
+ Automated Tendencies
+ </sponsor>
+
+ <sponsor>
+ G2, Inc
+ </sponsor>
+
+ <sponsor>
+ SoldierX
+ </sponsor>
+ </project>
</report>
More information about the svn-doc-all
mailing list