svn commit: r46975 - head/en_US.ISO8859-1/htdocs/news/status

Warren Block wblock at FreeBSD.org
Tue Jul 14 17:15:41 UTC 2015 

Author: wblock
Date: Tue Jul 14 17:15:40 2015
New Revision: 46975
URL: https://svnweb.freebsd.org/changeset/doc/46975

Log:
  Add Shawn Webb <shawn.webb at hardenedbsd.org>'s ASLR report.

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml	Tue Jul 14 16:18:23 2015	(r46974)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-04-2015-06.xml	Tue Jul 14 17:15:40 2015	(r46975)
@@ -1356,4 +1356,119 @@
       </task>
     </help>
   </project>
+
+  <project cat='proj'>
+    <title>Address Space Layout Randomization (ASLR)</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Shawn</given>
+	  <common>Webb</common>
+	</name>
+	<email>shawn.webb at hardenedbsd.org</email>
+      </person>
+
+      <person>
+	<name>
+	  <given>Oliver</given>
+	  <common>Pinter</common>
+	</name>
+	<email>oliver.pinter at hardenedbsd.org</email>
+      </person>
+
+      <person>
+	<name>HardenedBSD</name>
+	<email>core at hardenedbsd.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://hardenedbsd.org/">HardenedBSD</url>
+      <url href="https://hardenedbsd.org/article/shawn-webb/2015-06-30/introducing-true-stack-randomization">True Stack Randomization</url>
+      <url href="https://hardenedbsd.org/article/shawn-webb/2015-07-06/announcing-aslr-completion">Announcing ASLR Completion</url>
+      <url href="https://hardenedbsd.org/article/shawn-webb/2015-07-11/call-donations">Call for Donations</url>
+      <url href="https://www.soldierx.com/">SoldierX</url>
+    </links>
+
+    <body>
+      <p>HardenedBSD is a downstream distribution of &os; aimed at
+	implementing exploit mitigation and security technologies.
+	The HardenedBSD development team has focused on several key
+	features, one being Address Space Layout Randomization (ASLR).
+	ASLR is a computer security technique that aids in mitigating
+	low-level vulnerabilities such as buffer overflows.  ASLR
+	randomizes the memory layout of running applications to
+	prevent an attacker from knowing where a given vulnerability
+	lies in memory.</p>
+
+      <p>This last quarter, the HardenedBSD team has finalized the
+	core implementation of ASLR.  We implemented true stack
+	randomization along with a random stack gap.  This change
+	allows us to apply 42 bits of entropy to the stack, the
+	highest of any operating system.  We bumped the
+	<tt>hardening.pax.aslr.stack_len</tt> <tt>sysctl(8)</tt> to 42
+	by default on amd64.</p>
+
+      <p>We also now randomize the Virtual Dynamic Shared Object
+	(VDSO).  The VDSO is one or more pages of memory shared
+	between the kernel and the userland.  On amd64, it contains
+	the signal trampoline and timing code
+	(<tt>gettimeofday(4)</tt>, for example).</p>
+
+      <p>With these two changes, the ASLR implementation is now
+	complete.  There are still tasks to work on, however.  We need
+	to update our documentation and enhance a few pieces of code.
+	Our ASLR implementation is in use in production by HardenedBSD
+	and is performing robustly.</p>
+
+      <p>Additionally, we are currently running a fundraiser to help
+	us establish a not-for-profit organization and for hardware
+	updates.  We have received a lot of help from the community
+	and we greatly appreciate the help.  We need further help
+	to take the project to the next level.  We look forward to
+	working with the &os; project in providing excellent
+	security.</p>
+    </body>
+
+    <sponsor>
+      SoldierX
+    </sponsor>
+
+    <help>
+      <task>
+	<p>Update the <tt>aslr(4)</tt> manpage and the wiki
+	page.</p>
+      </task>
+
+      <task>
+	<p>Improve the Shared Object load order feature with Michael
+	  Zandi's improvements.</p>
+      </task>
+
+      <task>
+	<p>Re-port the ASLR work to vanilla &os;.  Include the
+	  custom work requested by &os; developers.</p>
+      </task>
+
+      <task>
+	<p>Close the existing review on Phabricator.</p>
+      </task>
+
+      <task>
+	<p>Open multiple smaller reviews for pieces of the ASLR
+	  patch that can be split out logically.</p>
+      </task>
+
+      <task>
+	<p>Perform a special backport to HardenedBSD 10-STABLE for
+	  OPNSense to pull in.</p>
+      </task>
+
+      <task>
+	<p><tt>golang</tt> segfaults in HardenedBSD.  Help would be
+	  nice in debugging.</p>
+      </task>
+    </help>
+  </project>
 </report>

More information about the svn-doc-head mailing list