svn commit: r45786 - head/en_US.ISO8859-1/htdocs/news/status
Benjamin Kaduk
bjk at FreeBSD.org
Sat Oct 11 01:53:31 UTC 2014
Author: bjk
Date: Sat Oct 11 01:53:30 2014
New Revision: 45786
URL: https://svnweb.freebsd.org/changeset/doc/45786
Log:
Add the ASLR report
Approved by: hrs (mentor, blanket)
Modified:
head/en_US.ISO8859-1/htdocs/news/status/report-2014-07-2014-09.xml
Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-07-2014-09.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2014-07-2014-09.xml Sat Oct 11 01:49:33 2014 (r45785)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2014-07-2014-09.xml Sat Oct 11 01:53:30 2014 (r45786)
@@ -2096,4 +2096,94 @@
</task>
</help>
</project>
+
+ <project cat='proj'>
+ <title>Address Space Layout Randomization (ASLR)</title>
+
+ <contact>
+ <person>
+ <name>
+ <given>Shawn</given>
+ <common>Webb</common>
+ </name>
+
+ <email>shawn.webb at hardenedbsd.org</email>
+ </person>
+ <person>
+ <name>
+ <given>Oliver</given>
+ <common>Pinter</common>
+ </name>
+
+ <email>oliver.pinter at hardenedbsd.org</email>
+ </person>
+ </contact>
+
+ <links>
+ <url href="http://hardenedbsd.org/">The HardenedBSD Project</url>
+ <url href="https://reviews.freebsd.org/D473">ASLR review
+ on Phabricator</url>
+ <url href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193940">
+ EXP-RUN test results</url>
+ <url href="https://wiki.freebsd.org/201409DevSummit/ASLR">EuroBSDCon
+ 2014 Devsummit page on ASLR</url>
+ <url href="https://wiki.freebsd.org/AddressSpaceLayoutRandomization">
+ FreeBSD wiki page on ASLR</url>
+ </links>
+
+ <body>
+ <p>Address Space Layout Randomization (ASLR) is a computer
+ security technique that aids in mitigating low-level
+ vulnerabilities such as buffer overflows. In order to
+ prevent an attacker from knowing where a given
+ exploitable vulnerability lies in memory, ASLR randomizes
+ the memory layout of running applications.</p>
+
+ <p>FreeBSD lacks behind the industry in exploit mitigation
+ technologies. ASLR is a great first step in implementing
+ such technologies. Future exploit mitigation technologies
+ will rely on ASLR.</p>
+
+ <p>A lot has happened in the last few months. Shawn Webb gave
+ presentations at both BSDCan 2014 and EuroBSDCon 2014. The
+ presentations were met with a lot of support and backing.
+ At the end of EuroBSDCon, an awesome developer named Ilya
+ Bakulin fixed our ARM bug. Shawn Webb and Oliver Pinter
+ have submitted our patch to Phabricator, FreeBSD's new
+ code review utility. Shawn Webb added an API for allowing
+ a debugger to disable ASLR in order to support
+ deterministic debugging with applications such as lldb or
+ gdb. Oliver Pinter enhanced the performance of our ASLR
+ implementation. A package building exp-run was ran and came
+ out favorably in terms of performance. Shawn Webb bumped up
+ the maximum number of bits allowed to be randomized to 20
+ and set the default to 14.</p>
+
+ <p>To aid in the upstreaming process of the ASLR project and
+ other security-related projects, Shan Webb and Oliver Pinter
+ founded The HardenedBSD project. It exists primarily to
+ serve as a staging area for bleeding-edge development of
+ security-related projects for FreeBSD prior to being merged
+ upstream.</p>
+
+ </body>
+
+ <sponsor>SoldierX</sponsor>
+
+ <help>
+ <task>
+ <p>Get more people testing and reviewing our patch</p>
+ </task>
+ <task>
+ <p>Run more performance tests</p>
+ </task>
+ <task>
+ <p>Figure out why the two ports failed in the EXP-RUN.
+ Involve the port maintainers.</p>
+ </task>
+ <task>
+ <p>Test on different architectures (we need help with this)</p>
+ </task>
+ </help>
+ </project>
</report>
More information about the svn-doc-all
mailing list