|File: [cvs.NetBSD.org] / src / doc / TODO.kaslr (download)
Revision 1.10, Thu Jun 20 17:33:30 2019 UTC (20 months, 1 week ago) by maxv
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, netbsd-9-base, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9, is-mlppp-base, is-mlppp, HEAD
Changes since 1.9: +1 -1
Add KASLR support in UEFI.
====== POINTER LEAKS ======
[DONE] -- Change the permissions of /dev/ksyms, as discussed in:
-- The address of a non-public section is leaked because of Meltdown,
"jmp handler". This can easily be fixed by pushing the handlers into
their own section.
-- Replace the "%p" fmt by something relative to the kernel section (if
any). Eg, from
printf("%p", &some_global_var); --> "0xffffffffe38010f0"
printf("%p", &some_global_var); --> ".data.4:0x8010f0"
This eases debugging and also prevents leaks if a driver prints
kernel addresses as debug (I've seen that already).
[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.)
-- Several entry points leak kernel addresses:
[DONE] - "modstat -k"
[DONE] - kern.proc
[DONE] - kern.proc2
[DONE] - kern.file
[DONE] - kern.file2
[DONE] - kern.lwp
[DONE] - sysctl_inpcblist
[DONE] - sysctl_unpcblist
[DONE] - sysctl_doevcnt
[DONE] - sysctl_dobuf
-- Be careful with dmesg.
====== RANDOMIZATION ======
[DONE] -- Randomize the PTE space.
[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).
[DONE] -- Randomize the direct map.
[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area.
====== GENERAL ======
-- Sort the kernel sections by size, from largest to smallest, to save
[DONE] -- Add the "pkboot" command in the EFI bootloader.