|
version 1.1, 2018/08/02 17:24:41
|
version 1.3, 2018/12/06 17:46:56
|
|
Line 29 Or compiled from scratch, using:
|
Line 29 Or compiled from scratch, using:
|
| Install this KASLR kernel: |
Install this KASLR kernel: |
| |
|
| [[!template id=programlisting text=""" |
[[!template id=programlisting text=""" |
| # cp /path/to/your/kernel /netbsd_kaslr |
# cp /path/to/your/kaslr/kernel /netbsd_kaslr |
| """]] |
"""]] |
| |
|
| Finally, add the following line in the `/boot.cfg` file: |
Finally, add the following line in the `/boot.cfg` file: |
|
Line 44 Use
|
Line 44 Use
|
| --- |
--- |
| |
|
| To use KASLR, just choose the "Boot KASLR" option in the menu at boot |
To use KASLR, just choose the "Boot KASLR" option in the menu at boot |
| time. That's it! |
time. That's it! You are now using Kernel ASLR. |
| |
|
| |
Technical Details |
| |
----------------- |
| |
|
| |
Kernel ASLR is applied by default in GENERIC on as many VM areas as possible. |
| |
GENERIC_KASLR provides randomization of one more area: the Kernel Image. |
| |
|
| |
Table of what gets randomized: |
| |
|
| |
[[!table data=""" |
| |
Memory Region |GENERIC |GENERIC_KASLR |Xen dom0/domU |
| |
Userland |Yes |Yes |Yes |
| |
PTE Area |Yes |Yes |No |
| |
Main Kernel Memory |Yes |Yes |Yes |
| |
Direct Map |Yes |Yes |[Not Applicable] |
| |
PCPU Area |[Not Applicable] |[Not Applicable] |[Not Applicable] |
| |
Kernel Image |No |Yes |No |
| |
"""]] |
| |
|
| Technical Resources |
Technical Resources |
| ------------------- |
------------------- |
![[BACK]](/icons/back.gif){kind=icon}
Return to kaslr.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security