Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/doc/TODO.kaslr,v rcsdiff: /ftp/cvs/cvsroot/src/doc/TODO.kaslr,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.1 retrieving revision 1.1.2.6 diff -u -p -r1.1 -r1.1.2.6 --- src/doc/TODO.kaslr 2018/06/18 06:09:56 1.1 +++ src/doc/TODO.kaslr 2018/11/26 01:49:59 1.1.2.6 @@ -1,7 +1,7 @@ ====== POINTER LEAKS ====== --- Change the permissions of /dev/ksyms, as discussed in: - http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html +[DONE] -- Change the permissions of /dev/ksyms, as discussed in: + http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html -- The address of a non-public section is leaked because of Meltdown, "jmp handler". This can easily be fixed by pushing the handlers into @@ -15,23 +15,31 @@ This eases debugging and also prevents leaks if a driver prints kernel addresses as debug (I've seen that already). --- PPPoE sends a kernel address as host unique. (What is this shit.) +[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.) --- "netstat -nat" leaks kernel addresses. - --- Investigate some other tools. +-- Several entry points leak kernel addresses: + [DONE] - "modstat -k" + [DONE] - kern.proc + [DONE] - kern.proc2 + [DONE] - kern.file + [DONE] - kern.file2 + [DONE] - kern.lwp + [DONE] - sysctl_inpcblist + [DONE] - sysctl_unpcblist + [DONE] - sysctl_doevcnt + [DONE] - sysctl_dobuf -- Be careful with dmesg. ====== RANDOMIZATION ====== --- Randomize the PTE space. +[DONE] -- Randomize the PTE space. --- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). +[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). --- Randomize the direct map. +[DONE] -- Randomize the direct map. --- Randomize the PCPU area. +[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area. ====== GENERAL ======