KARL - kernel address randomized link

by
from OpenBSD Journal on (#2SRW2)

In amessage to the tech@ mailing list,Theo de Raadt (deraadt@) has announced a new randomization feature forkernel protection:

Over the last three weeks I've been working on a new randomizationfeature which will protect the kernel.[...]Recently I moved all our kernels to a new mapping model, with patrickand visa taking care of two platforms.[...]As a result, every new kernel is unique. The relative offsets betweenfunctions and data are unique.[...]However, snapshots of -current contain a futher change, which Iworked on with Robert Peichaer (rpe@):That change is scaffolding to ensure you boot a newly-linked kernelupon every reboot.[...]

Read the full messagefor the juicy details.

Note that, because of the new mechanisms, unhibernate does not work on-current (for now).

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments