Annotation of wikisrc/security/kaslr.mdwn, revision 1.1
1.1 ! maxv 1: [[!meta title="Using KASLR"]]
! 2:
! 3: NetBSD supports Kernel ASLR on x86 64bit CPUs (amd64), starting from
! 4: NetBSD 9.0.
! 5:
! 6: Installation
! 7: ------------
! 8:
! 9: Install the prekern:
! 10:
! 11: [[!template id=programlisting text="""
! 12: # cp /usr/mdec/prekern /
! 13: """]]
! 14:
! 15: Obtain a GENERIC_KASLR kernel. Such a kernel can be either downloaded from
! 16: the NetBSD FTP server, for example on:
! 17:
! 18: [[!template id=programlisting text="""
! 19: http://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/201808020450Z/amd64/binary/kernel/netbsd-GENERIC_KASLR.gz
! 20: """]]
! 21:
! 22: Or compiled from scratch, using:
! 23:
! 24: [[!template id=programlisting text="""
! 25: # cd /usr/src
! 26: # ./build.sh kernel=GENERIC_KASLR
! 27: """]]
! 28:
! 29: Install this KASLR kernel:
! 30:
! 31: [[!template id=programlisting text="""
! 32: # cp /path/to/your/kernel /netbsd_kaslr
! 33: """]]
! 34:
! 35: Finally, add the following line in the `/boot.cfg` file:
! 36:
! 37: [[!template id=filecontent name="/boot.cfg" text="""
! 38: menu=Boot KASLR:rndseed /var/db/entropy-file;pkboot netbsd_kaslr
! 39: """]]
! 40:
! 41: Now the installation is complete.
! 42:
! 43: Use
! 44: ---
! 45:
! 46: To use KASLR, just choose the "Boot KASLR" option in the menu at boot
! 47: time. That's it!
! 48:
! 49: Technical Resources
! 50: -------------------
! 51:
! 52: * NetBSD.org: [Kernel ASLR on amd64](http://blog.netbsd.org/tnf/entry/kernel_aslr_on_amd64)
! 53: * NetBSD.org: [The strongest KASLR, ever?](http://blog.netbsd.org/tnf/entry/the_strongest_kaslr_ever)
! 54:
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to kaslr.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / security