Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/doc todo list for kaslr, with the issues I can think of righ...
details: https://anonhg.NetBSD.org/src/rev/7c7e26c776a8
branches: trunk
changeset: 362623:7c7e26c776a8
user: maxv <maxv%NetBSD.org@localhost>
date: Mon Jun 18 06:09:56 2018 +0000
description:
todo list for kaslr, with the issues I can think of right now
diffstat:
doc/TODO.kaslr | 41 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 41 insertions(+), 0 deletions(-)
diffs (45 lines):
diff -r cdc144777213 -r 7c7e26c776a8 doc/TODO.kaslr
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/TODO.kaslr Mon Jun 18 06:09:56 2018 +0000
@@ -0,0 +1,41 @@
+====== POINTER LEAKS ======
+
+-- Change the permissions of /dev/ksyms, as discussed in:
+ http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html
+
+-- The address of a non-public section is leaked because of Meltdown,
+ "jmp handler". This can easily be fixed by pushing the handlers into
+ their own section.
+
+-- Replace the "%p" fmt by something relative to the kernel section (if
+ any). Eg, from
+ printf("%p", &some_global_var); --> "0xffffffffe38010f0"
+ to
+ printf("%p", &some_global_var); --> ".data.4:0x8010f0"
+ This eases debugging and also prevents leaks if a driver prints
+ kernel addresses as debug (I've seen that already).
+
+-- PPPoE sends a kernel address as host unique. (What is this shit.)
+
+-- "netstat -nat" leaks kernel addresses.
+
+-- Investigate some other tools.
+
+-- Be careful with dmesg.
+
+====== RANDOMIZATION ======
+
+-- Randomize the PTE space.
+
+-- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).
+
+-- Randomize the direct map.
+
+-- Randomize the PCPU area.
+
+====== GENERAL ======
+
+-- Sort the kernel sections by size, from largest to smallest, to save
+ memory.
+
+-- Add the "pkboot" command in the EFI bootloader.
Home |
Main Index |
Thread Index |
Old Index