NetBSD/doc/TODO.kaslr

====== POINTER LEAKS ======

[DONE] -- Change the permissions of /dev/ksyms, as discussed in:
          http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html

-- The address of a non-public section is leaked because of Meltdown,
   "jmp handler". This can easily be fixed by pushing the handlers into
   their own section.

-- Replace the "%p" fmt by something relative to the kernel section (if
   any). Eg, from
       printf("%p", &some_global_var); --> "0xffffffffe38010f0"
   to
       printf("%p", &some_global_var); --> ".data.4:0x8010f0"
   This eases debugging and also prevents leaks if a driver prints
   kernel addresses as debug (I've seen that already).

[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.)

-- Several entry points leak kernel addresses:
       [DONE] - "modstat -k"
       [DONE] - kern.proc
       [DONE] - kern.proc2
       [DONE] - kern.file
       [DONE] - kern.file2
       [DONE] - kern.lwp
       [DONE] - sysctl_inpcblist
       [DONE] - sysctl_unpcblist
       [DONE] - sysctl_doevcnt
       [DONE] - sysctl_dobuf

-- Be careful with dmesg.

====== RANDOMIZATION ======

[DONE] -- Randomize the PTE space.

[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).

[DONE] -- Randomize the direct map.

[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area.

====== GENERAL ======

-- Sort the kernel sections by size, from largest to smallest, to save
   memory.

[DONE] -- Add the "pkboot" command in the EFI bootloader.
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00			`====== POINTER LEAKS ======`

Mark two entries as done. 2018-08-02 20:34:51 +03:00			`[DONE] -- Change the permissions of /dev/ksyms, as discussed in:`
			`http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
			`-- The address of a non-public section is leaked because of Meltdown,`
			`"jmp handler". This can easily be fixed by pushing the handlers into`
			`their own section.`

			`-- Replace the "%p" fmt by something relative to the kernel section (if`
			`any). Eg, from`
			`printf("%p", &some_global_var); --> "0xffffffffe38010f0"`
			`to`
			`printf("%p", &some_global_var); --> ".data.4:0x8010f0"`
			`This eases debugging and also prevents leaks if a driver prints`
			`kernel addresses as debug (I've seen that already).`

mark one entry as done 2018-08-24 20:09:30 +03:00			`[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.)`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
more kernel address leaks 2018-09-04 18:41:08 +03:00			`-- Several entry points leak kernel addresses:`
			`[DONE] - "modstat -k"`
mark two entries as done, and add two more 2018-09-07 13:20:32 +03:00			`[DONE] - kern.proc`
			`[DONE] - kern.proc2`
Mark four issues as fixed, add two more. Netstat was actually sysctl_unpcblist, so remove it as duplicate. 2018-11-24 20:31:10 +03:00			`[DONE] - kern.file`
Mark one entry as done, and another one as pointless. 2018-10-13 08:53:50 +03:00			`[DONE] - kern.file2`
Mark four issues as fixed, add two more. Netstat was actually sysctl_unpcblist, so remove it as duplicate. 2018-11-24 20:31:10 +03:00			`[DONE] - kern.lwp`
			`[DONE] - sysctl_inpcblist`
			`[DONE] - sysctl_unpcblist`
Mark as done the two entries I added just minutes ago, they are now fixed. 2018-11-24 20:54:18 +03:00			`[DONE] - sysctl_doevcnt`
			`[DONE] - sysctl_dobuf`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
			`-- Be careful with dmesg.`

			`====== RANDOMIZATION ======`

mark two entries as done 2018-08-12 18:33:36 +03:00			`[DONE] -- Randomize the PTE space.`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
mark two entries as done 2018-08-12 18:33:36 +03:00			`[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
Mark two entries as done. 2018-08-02 20:34:51 +03:00			`[DONE] -- Randomize the direct map.`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
Mark one entry as done, and another one as pointless. 2018-10-13 08:53:50 +03:00			`[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area.`
todo list for kaslr, with the issues I can think of right now 2018-06-18 09:09:56 +03:00
			`====== GENERAL ======`

			`-- Sort the kernel sections by size, from largest to smallest, to save`
			`memory.`

Add KASLR support in UEFI. 2019-06-20 20:33:30 +03:00			`[DONE] -- Add the "pkboot" command in the EFI bootloader.`