1====== POINTER LEAKS ====== 2 3[DONE] -- Change the permissions of /dev/ksyms, as discussed in: 4 http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html 5 6-- The address of a non-public section is leaked because of Meltdown, 7 "jmp handler". This can easily be fixed by pushing the handlers into 8 their own section. 9 10-- Replace the "%p" fmt by something relative to the kernel section (if 11 any). Eg, from 12 printf("%p", &some_global_var); --> "0xffffffffe38010f0" 13 to 14 printf("%p", &some_global_var); --> ".data.4:0x8010f0" 15 This eases debugging and also prevents leaks if a driver prints 16 kernel addresses as debug (I've seen that already). 17 18[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.) 19 20-- Several entry points leak kernel addresses: 21 [DONE] - "modstat -k" 22 [DONE] - kern.proc 23 [DONE] - kern.proc2 24 [DONE] - kern.file 25 [DONE] - kern.file2 26 [DONE] - kern.lwp 27 [DONE] - sysctl_inpcblist 28 [DONE] - sysctl_unpcblist 29 [DONE] - sysctl_doevcnt 30 [DONE] - sysctl_dobuf 31 32-- Be careful with dmesg. 33 34====== RANDOMIZATION ====== 35 36[DONE] -- Randomize the PTE space. 37 38[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). 39 40[DONE] -- Randomize the direct map. 41 42[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area. 43 44====== GENERAL ====== 45 46-- Sort the kernel sections by size, from largest to smallest, to save 47 memory. 48 49[DONE] -- Add the "pkboot" command in the EFI bootloader. 50