[BACK]Return to TODO.kaslr CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / doc

File: [cvs.NetBSD.org] / src / doc / TODO.kaslr (download)

Revision 1.10, Thu Jun 20 17:33:30 2019 UTC (4 years, 9 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9, netbsd-10-base, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, is-mlppp-base, is-mlppp, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, HEAD
Changes since 1.9: +1 -1 lines

Add KASLR support in UEFI.

====== POINTER LEAKS ======

[DONE] -- Change the permissions of /dev/ksyms, as discussed in:
          http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html

-- The address of a non-public section is leaked because of Meltdown,
   "jmp handler". This can easily be fixed by pushing the handlers into
   their own section.

-- Replace the "%p" fmt by something relative to the kernel section (if
   any). Eg, from
       printf("%p", &some_global_var); --> "0xffffffffe38010f0"
   to
       printf("%p", &some_global_var); --> ".data.4:0x8010f0"
   This eases debugging and also prevents leaks if a driver prints
   kernel addresses as debug (I've seen that already).

[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.)

-- Several entry points leak kernel addresses:
       [DONE] - "modstat -k"
       [DONE] - kern.proc
       [DONE] - kern.proc2
       [DONE] - kern.file
       [DONE] - kern.file2
       [DONE] - kern.lwp
       [DONE] - sysctl_inpcblist
       [DONE] - sysctl_unpcblist
       [DONE] - sysctl_doevcnt
       [DONE] - sysctl_dobuf

-- Be careful with dmesg.

====== RANDOMIZATION ======

[DONE] -- Randomize the PTE space.

[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).

[DONE] -- Randomize the direct map.

[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area.

====== GENERAL ======

-- Sort the kernel sections by size, from largest to smallest, to save
   memory.

[DONE] -- Add the "pkboot" command in the EFI bootloader.