On Fri, May 23, 2014 at 08:35:25PM -0400, Shawn Webb wrote:
On May 23, 2014 07:53 PM +, Wojciech A. Koszek wrote:
On Wed, May 14, 2014 at 09:58:52AM -0400, Shawn Webb wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please
Oliver Pinter oliver.p...@gmail.com writes:
Two idea here:
a) create a tunable security.pax.expert_mode, and create sysctls at
boot time depending from expert mode
b) just add CTLFLAG_SKIP and hide the sysctl from normal user
The cost of an unused sysctl is about a hundred bytes of kernel
Oliver Pinter oliver.p...@gmail.com writes:
PAX LOG: implement new logging subsystem
PAX LOG: fix pax_ulog_segvguard
PAX LOG: added sysctl's and tunables
PAX ASLR: use PAX LOG
PAX LOG: fix pax_ulog_##name()
PAX LOG: fix prison init
PAX LOG: fixed
On 5/25/14, Dag-Erling Smørgrav d...@des.no wrote:
Oliver Pinter oliver.p...@gmail.com writes:
PAX LOG: implement new logging subsystem
PAX LOG: fix pax_ulog_segvguard
PAX LOG: added sysctl's and tunables
PAX ASLR: use PAX LOG
PAX LOG: fix pax_ulog_##name()
On 25 May 2014, at 19:42, Oliver Pinter oliver.p...@gmail.com wrote:
On 5/25/14, Dag-Erling Smørgrav d...@des.no wrote:
Oliver Pinter oliver.p...@gmail.com writes:
...
PAX: blacklist clang and related binaries from PIE support
Why? Performance, or do they actually break?
No. If you
Oliver Pinter oliver.p...@gmail.com writes:
pax_log will be in future a generic pax related logging framework,
with ratelimiting and other features. It will log user, IP, binary
name, path, checksum, and others.
What are you using this for? Are you sure you can't use ktrace? It's a
lot more
On 5/25/14, Dag-Erling Smørgrav d...@des.no wrote:
Oliver Pinter oliver.p...@gmail.com writes:
pax_log will be in future a generic pax related logging framework,
with ratelimiting and other features. It will log user, IP, binary
name, path, checksum, and others.
What are you using this for?
On 25 May 2014, at 21:31, Oliver Pinter oliver.p...@gmail.com wrote:
On 5/25/14, Dag-Erling Smørgrav d...@des.no wrote:
Oliver Pinter oliver.p...@gmail.com writes:
pax_log will be in future a generic pax related logging framework,
with ratelimiting and other features. It will log user, IP,
On 5/26/14, 5:18 AM, David Chisnall wrote:
On 25 May 2014, at 21:31, Oliver Pinter oliver.p...@gmail.com wrote:
On 5/25/14, Dag-Erling Smørgrav d...@des.no wrote:
Oliver Pinter oliver.p...@gmail.com writes:
pax_log will be in future a generic pax related logging framework,
with ratelimiting
On May 23, 2014 07:44 PM -0500, Pedro Giffuni wrote:
(Dropped the cross-posting, which *is* frowned upon)
While I do very much appreciate this work being done, and I agree we should
have it in the tree, I would really prefer it opt-in rather opt-out, at least
initially.
I know this may
On 5/24/14, Shawn Webb latt...@gmail.com wrote:
On May 23, 2014 07:53 PM +, Wojciech A. Koszek wrote:
On Wed, May 14, 2014 at 09:58:52AM -0400, Shawn Webb wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if
On Wed, May 14, 2014 at 09:58:52AM -0400, Shawn Webb wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space Layout Randomization, or ASLR for short, is an exploit
mitigation
On 5/14/14, Shawn Webb latt...@gmail.com wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space Layout Randomization, or ASLR for short, is an exploit
mitigation technology. It
On May 23, 2014 07:53 PM +, Wojciech A. Koszek wrote:
On Wed, May 14, 2014 at 09:58:52AM -0400, Shawn Webb wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space
(Dropped the cross-posting, which *is* frowned upon)
While I do very much appreciate this work being done, and I agree we should
have it in the tree, I would really prefer it opt-in rather opt-out, at least
initially.
I know this may very well be the subject of a bikeshed of historical
On Wed, 2014-05-14 at 09:58 -0400, Shawn Webb wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space Layout Randomization, or ASLR for short, is an exploit
mitigation
Hi!
Cool! Does it run on MIPS? :P
-a
On 14 May 2014 06:58, Shawn Webb latt...@gmail.com wrote:
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space Layout Randomization, or ASLR
It runs on all architectures FreeBSD supports. The question is how well
it runs. The wider the testing, the better the code, of course. We're
actively testing on amd64 and i386 with limited testing on sparc64 and
ARM. I've been running with this patches on amd64 on multiple machines
for months.
On 14 May 2014 10:09, Shawn Webb latt...@gmail.com wrote:
It runs on all architectures FreeBSD supports. The question is how well
it runs. The wider the testing, the better the code, of course. We're
actively testing on amd64 and i386 with limited testing on sparc64 and
ARM. I've been running
19 matches
Mail list logo