A couple of days I got as a responsible personell for a couple of systems a 
warning about
the vulnerabilities of the mechanism called "Kernel SamePage Mergin". On this 
year's IEEE
symposion there has been submitted a paper by Bosman et al., 2016, describing 
an attack
on KSM. This technique, also referred to as memory/page deduplication, seems to 
vulnerable by design under certain circumstances. I guess the experts of the 
readers here
do already know, but I consider myself a non-expert and therefore, I'd like to 
ask about
the status of that kind of development in FreeBSD. I read about a project of 
last year's
Google Summer of Code 2015 targetting KSM on FreeBSD.

In Linux, this deduplication techniques is implemented since kernel 2.6.38 and 
Kernel uses this techniques since Windows 8.1 and sibblings (also Windows 
Server). We
were strongly advised to disable those "features" in Windows clients, servers 
and Linux
servers, if used.

Other papers describe successful attacks on memory contents and ASLR by 
misusing KSM. On
Windows, mmap() entropy is 19bit, on Linux usually 28bit. And FreeBSD (if
planned/used/already implemented?)? 

If you are interested I could provide links or PDFs of the papers I already 
about that subject (it is not much, simply google for "KSM FReeBSD" or KSM 

Thanks in advance,


Attachment: pgpaCTmo1B49J.pgp
Description: OpenPGP digital signature

Reply via email to