On Wed, 20 May 2020 at 03:20, Damien DEVILLE <damien.devi...@stormshield.eu> wrote: > > Hi everyone, > > This a very good news. Thanks to Semihalf to their commitment on this subject. > At Stormshield as a security vendor using FreeBSD we are highly interested in > all subjects that enhance the security level of FreeBSD. > What is your target in term of timing ? Are there any plans to work on other > hardening subjects (like for example improving W^X) ? Do you have any roadmap > in terms of features and deadlines ?
My goal is that we can test & enable these features in advance of FreeBSD 13.0 (although there's no published timeline for 13 yet). We can aim for iterating over each of the settings over the rest of this year. Basic W^X for mmap and mprotect at the system call interface is trivial - I put a(n untested) patch up at https://reviews.freebsd.org/D24933 as an illustration. There's a TODO in the description before this could be committable - adding procctl(2), proccontrol(1), and ELF tagging support. > We would be interested to take part to live discussions as a vendor if some > are planned. Sounds good. This will make a good topic in lieu of BSDCan developer summit sessions. Interested folks please email me off-list and fill in the poll of suitable times at http://whenisgood.net/qbmg72a _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"