Diff for /wikisrc/security/kaslr.mdwn between versions 1.2 and 1.5

version 1.2, 2018/08/28 13:11:52 version 1.5, 2020/02/14 06:37:24
Line 16  Obtain a GENERIC_KASLR kernel. Such a ke Line 16  Obtain a GENERIC_KASLR kernel. Such a ke
 the NetBSD FTP server, for example on:  the NetBSD FTP server, for example on:
   
 [[!template id=programlisting text="""  [[!template id=programlisting text="""
 http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/201808020450Z/amd64/binary/kernel/netbsd-GENERIC_KASLR.gz  https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC2/amd64/binary/kernel/netbsd-GENERIC_KASLR.gz
 """]]  """]]
   
 Or compiled from scratch, using:  Or compiled from scratch, using:
Line 26  Or compiled from scratch, using: Line 26  Or compiled from scratch, using:
 # ./build.sh kernel=GENERIC_KASLR  # ./build.sh kernel=GENERIC_KASLR
 """]]  """]]
   
 Install this KASLR kernel:  Extract this KASLR kernel, and install it:
   
 [[!template id=programlisting text="""  [[!template id=programlisting text="""
 # cp /path/to/your/kernel /netbsd_kaslr  # cp /path/to/your/kaslr/kernel /netbsd_kaslr
 """]]  """]]
   
 Finally, add the following line in the `/boot.cfg` file:  Finally, add the following line in the `/boot.cfg` file:
Line 44  Use Line 44  Use
 ---  ---
   
 To use KASLR, just choose the "Boot KASLR" option in the menu at boot  To use KASLR, just choose the "Boot KASLR" option in the menu at boot
 time. That's it!  time. That's it! You are now using Kernel ASLR.
   
 Technical Details  Technical Details
 -----------------  -----------------
   
 Kernel ASLR is applied by default in GENERIC on as many VM areas as possible.  "Kernel ASLR" means randomizing the location of the kernel memory areas.
 GENERIC_KASLR offers randomization of one more area: the Kernel Image.  By default, in GENERIC, all areas are already randomized except one: the
   Kernel Image.
   
   The GENERIC_KASLR configuration provides randomization of this additional
   area.
   
   Therefore, it should be understood that GENERIC actually provides 80% of
   KASLR, and GENERIC_KASLR covers the remaining 20%.
   
 Table of what gets randomized:  Table of what gets randomized:
   
Line 67  Kernel Image  |No   |Yes   |No Line 74  Kernel Image  |No   |Yes   |No
 Technical Resources  Technical Resources
 -------------------  -------------------
   
 * NetBSD.org: [Kernel ASLR on amd64](http://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64)  * NetBSD.org: [Kernel ASLR on amd64](https://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64)
 * NetBSD.org: [The strongest KASLR, ever?](http://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever)  * NetBSD.org: [The strongest KASLR, ever?](https://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever)
   

Removed from v.1.2  
changed lines
  Added in v.1.5


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb