TODO.kaslr revision 1.7
1====== POINTER LEAKS ====== 2 3[DONE] -- Change the permissions of /dev/ksyms, as discussed in: 4 http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html 5 6-- The address of a non-public section is leaked because of Meltdown, 7 "jmp handler". This can easily be fixed by pushing the handlers into 8 their own section. 9 10-- Replace the "%p" fmt by something relative to the kernel section (if 11 any). Eg, from 12 printf("%p", &some_global_var); --> "0xffffffffe38010f0" 13 to 14 printf("%p", &some_global_var); --> ".data.4:0x8010f0" 15 This eases debugging and also prevents leaks if a driver prints 16 kernel addresses as debug (I've seen that already). 17 18[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.) 19 20-- Several entry points leak kernel addresses: 21 [DONE] - "modstat -k" 22 - "netstat -nat" 23 [DONE] - kern.proc 24 [DONE] - kern.proc2 25 - kern.file 26 [DONE] - kern.file2 27 - kern.lwp 28 - sysctl_inpcblist 29 - sysctl_unpcblist 30 31-- Be careful with dmesg. 32 33====== RANDOMIZATION ====== 34 35[DONE] -- Randomize the PTE space. 36 37[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). 38 39[DONE] -- Randomize the direct map. 40 41[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area. 42 43====== GENERAL ====== 44 45-- Sort the kernel sections by size, from largest to smallest, to save 46 memory. 47 48-- Add the "pkboot" command in the EFI bootloader. 49