TODO.kaslr revision 1.1
1====== POINTER LEAKS ====== 2 3-- Change the permissions of /dev/ksyms, as discussed in: 4 http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html 5 6-- The address of a non-public section is leaked because of Meltdown, 7 "jmp handler". This can easily be fixed by pushing the handlers into 8 their own section. 9 10-- Replace the "%p" fmt by something relative to the kernel section (if 11 any). Eg, from 12 printf("%p", &some_global_var); --> "0xffffffffe38010f0" 13 to 14 printf("%p", &some_global_var); --> ".data.4:0x8010f0" 15 This eases debugging and also prevents leaks if a driver prints 16 kernel addresses as debug (I've seen that already). 17 18-- PPPoE sends a kernel address as host unique. (What is this shit.) 19 20-- "netstat -nat" leaks kernel addresses. 21 22-- Investigate some other tools. 23 24-- Be careful with dmesg. 25 26====== RANDOMIZATION ====== 27 28-- Randomize the PTE space. 29 30-- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). 31 32-- Randomize the direct map. 33 34-- Randomize the PCPU area. 35 36====== GENERAL ====== 37 38-- Sort the kernel sections by size, from largest to smallest, to save 39 memory. 40 41-- Add the "pkboot" command in the EFI bootloader. 42