ASLR/PIE status in FreeBSD HEAD
Ed Maste
emaste at freebsd.org
Mon May 25 15:24:27 UTC 2020
On Wed, 20 May 2020 at 03:20, Damien DEVILLE
<damien.deville at stormshield.eu> wrote:
>
> Hi everyone,
>
> This a very good news. Thanks to Semihalf to their commitment on this subject.
> At Stormshield as a security vendor using FreeBSD we are highly interested in all subjects that enhance the security level of FreeBSD.
> What is your target in term of timing ? Are there any plans to work on other hardening subjects (like for example improving W^X) ? Do you have any roadmap in terms of features and deadlines ?
My goal is that we can test & enable these features in advance of
FreeBSD 13.0 (although there's no published timeline for 13 yet). We
can aim for iterating over each of the settings over the rest of this
year.
Basic W^X for mmap and mprotect at the system call interface is
trivial - I put a(n untested) patch up at
https://reviews.freebsd.org/D24933 as an illustration. There's a TODO
in the description before this could be committable - adding
procctl(2), proccontrol(1), and ELF tagging support.
> We would be interested to take part to live discussions as a vendor if some are planned.
Sounds good. This will make a good topic in lieu of BSDCan developer
summit sessions.
Interested folks please email me off-list and fill in the poll of
suitable times at http://whenisgood.net/qbmg72a
More information about the freebsd-security
mailing list