Diff for /wikisrc/security/kaslr.mdwn between versions 1.3 and 1.5

version 1.3, 2018/12/06 17:46:56 version 1.5, 2020/02/14 06:37:24
Line 16  Obtain a GENERIC_KASLR kernel. Such a ke Line 16  Obtain a GENERIC_KASLR kernel. Such a ke
 the NetBSD FTP server, for example on:  the NetBSD FTP server, for example on:
   
 [[!template id=programlisting text="""  [[!template id=programlisting text="""
 http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/201808020450Z/amd64/binary/kernel/netbsd-GENERIC_KASLR.gz  https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC2/amd64/binary/kernel/netbsd-GENERIC_KASLR.gz
 """]]  """]]
   
 Or compiled from scratch, using:  Or compiled from scratch, using:
Line 26  Or compiled from scratch, using: Line 26  Or compiled from scratch, using:
 # ./build.sh kernel=GENERIC_KASLR  # ./build.sh kernel=GENERIC_KASLR
 """]]  """]]
   
 Install this KASLR kernel:  Extract this KASLR kernel, and install it:
   
 [[!template id=programlisting text="""  [[!template id=programlisting text="""
 # cp /path/to/your/kaslr/kernel /netbsd_kaslr  # cp /path/to/your/kaslr/kernel /netbsd_kaslr
Line 49  time. That's it! You are now using Kerne Line 49  time. That's it! You are now using Kerne
 Technical Details  Technical Details
 -----------------  -----------------
   
 Kernel ASLR is applied by default in GENERIC on as many VM areas as possible.  "Kernel ASLR" means randomizing the location of the kernel memory areas.
 GENERIC_KASLR provides randomization of one more area: the Kernel Image.  By default, in GENERIC, all areas are already randomized except one: the
   Kernel Image.
   
   The GENERIC_KASLR configuration provides randomization of this additional
   area.
   
   Therefore, it should be understood that GENERIC actually provides 80% of
   KASLR, and GENERIC_KASLR covers the remaining 20%.
   
 Table of what gets randomized:  Table of what gets randomized:
   
Line 67  Kernel Image  |No   |Yes   |No Line 74  Kernel Image  |No   |Yes   |No
 Technical Resources  Technical Resources
 -------------------  -------------------
   
 * NetBSD.org: [Kernel ASLR on amd64](http://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64)  * NetBSD.org: [Kernel ASLR on amd64](https://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64)
 * NetBSD.org: [The strongest KASLR, ever?](http://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever)  * NetBSD.org: [The strongest KASLR, ever?](https://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever)
   

Removed from v.1.3  
changed lines
  Added in v.1.5


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb