Episode Details

Back to Episodes
199: Read the source, KARL

199: Read the source, KARL

Published 8 years, 9 months ago
Description

FreeBSD 11.1-Beta1 is out, we discuss Kernel address randomized link (KARL), and explore the benefits of daily OpenBSD source code reading

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

FreeBSD 11.1-Beta1 now available

  • Glen Barber, of the FreeBSD release engineering team has announced that FreeBSD 11.1-Beta1 is now available for the following architectures:

11.1-BETA1 amd64 GENERIC
11.1-BETA1 i386 GENERIC
11.1-BETA1 powerpc GENERIC
11.1-BETA1 powerpc64 GENERIC64
11.1-BETA1 sparc64 GENERIC
11.1-BETA1 armv6 BANANAPI
11.1-BETA1 armv6 BEAGLEBONE
11.1-BETA1 armv6 CUBIEBOARD
11.1-BETA1 armv6 CUBIEBOARD2
11.1-BETA1 armv6 CUBOX-HUMMINGBOARD
11.1-BETA1 armv6 GUMSTIX
11.1-BETA1 armv6 RPI-B
11.1-BETA1 armv6 RPI2
11.1-BETA1 armv6 PANDABOARD
11.1-BETA1 armv6 WANDBOARD
11.1-BETA1 aarch64 GENERIC
Note regarding arm/armv6 images: For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access. Additionally, the root user password is set to root. It is strongly recommended to change the password for both users after gaining access to the system.

  • The full schedule for 11.1-RELEASE is here, the final release is expected at the end of July
  • It was also announced there will be a 10.4-RELEASE scheduled for October ***

KARL – kernel address randomized link

Over the last three weeks I've been working on a new randomization feature which will protect the kernel.
The situation today is that many people install a kernel binary from OpenBSD, and then run that same kernel binary for 6 months or more. We have substantial randomization for the memory allocations made by the kernel, and for userland also of course.
Previously, the kernel assembly language bootstrap/runtime locore.S was compiled and linked with all the other .c files of the kernel in a deterministic fashion. locore.o was always first, then the .c files order specified by our config(8) utility and some helper files.
In the new world order, locore is split into two files: One chunk is bootstrap, that is left at the beginning. The assembly language runtime and all other files are linked in random fashion. There are some other pieces to try to improve the randomness of the layout.
As a result, every new kernel is unique. The relative offsets between functions and data are unique.
It still loads at the same location in KVA. This is not kernel ASLR! ASLR is a concept where the base address of a module is biased to a random location, for position-independent execution. In this case, the module itself is perturbed but it lands at the same location, and
does not need to use position-independent execution modes.

LLDB: Sanitizing the debugger's runtime

  • The good

Besides the greater enhancements this month I performed a cleanup in the ATF

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us