TODO.kaslr revision 1.2
11.1Smaxv====== POINTER LEAKS ====== 21.1Smaxv 31.2Smaxv[DONE] -- Change the permissions of /dev/ksyms, as discussed in: 41.2Smaxv http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html 51.1Smaxv 61.1Smaxv-- The address of a non-public section is leaked because of Meltdown, 71.1Smaxv "jmp handler". This can easily be fixed by pushing the handlers into 81.1Smaxv their own section. 91.1Smaxv 101.1Smaxv-- Replace the "%p" fmt by something relative to the kernel section (if 111.1Smaxv any). Eg, from 121.1Smaxv printf("%p", &some_global_var); --> "0xffffffffe38010f0" 131.1Smaxv to 141.1Smaxv printf("%p", &some_global_var); --> ".data.4:0x8010f0" 151.1Smaxv This eases debugging and also prevents leaks if a driver prints 161.1Smaxv kernel addresses as debug (I've seen that already). 171.1Smaxv 181.1Smaxv-- PPPoE sends a kernel address as host unique. (What is this shit.) 191.1Smaxv 201.1Smaxv-- "netstat -nat" leaks kernel addresses. 211.1Smaxv 221.1Smaxv-- Investigate some other tools. 231.1Smaxv 241.1Smaxv-- Be careful with dmesg. 251.1Smaxv 261.1Smaxv====== RANDOMIZATION ====== 271.1Smaxv 281.1Smaxv-- Randomize the PTE space. 291.1Smaxv 301.1Smaxv-- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS). 311.1Smaxv 321.2Smaxv[DONE] -- Randomize the direct map. 331.1Smaxv 341.1Smaxv-- Randomize the PCPU area. 351.1Smaxv 361.1Smaxv====== GENERAL ====== 371.1Smaxv 381.1Smaxv-- Sort the kernel sections by size, from largest to smallest, to save 391.1Smaxv memory. 401.1Smaxv 411.1Smaxv-- Add the "pkboot" command in the EFI bootloader. 42