SX at Defcon 23

Thanks to corporate funding, SX will be hosting an event similar to those that we used to host at Defcon when it was at the Alexis Park. The event will take place at a secret location starting Thursday, August 6th, at 18:00 PDT. Confirmed SX Crew are Everest, Amp, Blake and even a surprise visit by cisc0ninja. If you're interested in attending, please contact me. Please put some way for us to contact you, either an email address that you'll be checking during Defcon or a phone number that we can send an SMS number to. If you're not really part of the SX community, please put in the message why I should let you attend our event. We also put up a new shirt design over at RedBubble just for Defcon. I hope everybody has a great time in Las Vegas next week!

HardenedBSD Call For Donations

It takes a lot to run a project like HardenedBSD. We're grateful for SoldierX's sponsorship. In 2014, we asked the community for help in funding a development server. The community responded quickly and our server was fully-funded within a short amount of time. That server is now being put to great use as our package building server. We appreciate all the help everyone has given us to date.

We would like to ask the community today for further donations. Our target is $7,000 USD. The funds will go towards hardware updates, hosting requirements, and potentially setting up a not-for-profit (501(c)(3)) organization so further donations will become tax-deductible.

If you'd like to donate, please donate via PayPal at address [email protected]. We also accept BitCoin at address 1FmbSRvZK4yC1b6ajeZWSvYXV2nmvwdWQq. If you donate and wish your name to be added to the Donors page, please drop an email to [email protected]. Every donation counts and is appreciated, even donations as small as $1.00 USD.

HardenedBSD Completes Its ASLR Implementation

Over the July 4th weekend, we implemented randomization of the VDSO (Virtual Dynamic Shared Object). The VDSO is a spot in memory that is shared between the kernel and userland memory. It contains the signal trampoline and time-related code (like gettimeofday(2)). Even though the amount of code is small in the VDSO, it could still theoretically be used to generate ROP gadgets. Removing that piece of determinism makes generating ROP gadgets based on code in the VDSO more difficult. Randomizing the VDSO was the last piece of the address space to randomize.

Now that VDSO randomization is implemented, our ASLR implementation is now complete. You'll notice a new sysctl(8): hardening.pax.aslr.vdso_len. That controls the amount of entropy applied to the VDSO base. Our version of ASLR is the strongest form ever implemented in any BSD operating system.

Our ASLR implementation features:

  1. Execution base randomization of Position-Independent Executables (PIEs)
  2. Full stack randomization in addition to a random stack gap
  3. RTLD base randomization
  4. mmap randomization
  5. VDSO randomization
  6. Shared object load order randomization

You will still see further improvements. We are looking into making our shared object load order randomization more efficient with help from Michael Zandi. We need to update our aslr(4) manpage. We need to clarify some of the inline comments. These improvements are mostly cosmetic and result in no functionality changes.

HardenedBSD Gains True Stack Randomization

When we first implemented ASLR for FreeBSD, we implemented the stack randomization portion as a random gap. This means that the base address for the stack remained constant, but where applications started utilizing the stack would change randomly. We have now implemented true stack randomization. The base address for the stack is now randomized. We still utilize a random stack gap on top of true stack randomization to provide further entropy and security. This means that we can effectively achieve 42 bits of entropy for the stack. Compare that to OpenBSD, which utilizes only a gap with 14 bits of entropy. This change breaks both ABI and API and we have bumped the HardenedBSD version up to 26 with this change. We will be doing a new package build to ensure packages are up-to-date with this change.

You can find the git commit here. For more details about how the PaX Team recommends doing stack randomization, take a look here.

RoboAmp 1.01 Released

Due to some changes to google voice, RoboAmp 1.00 (public Defcon 22 release) stopped working. RoboAmp has been updated to adapt to these changes, as well as a few other minor changes. You can get the new version here. If you would like to see more changes to RoboAmp or any of our other SX Labs releases, please drop by for our IRC meeting tomorrow at 4 PM EST.

Site Enhancements

Just a heads up to all, we are working to make the site faster. We've already made some database changes that should have increased the site speed quite a bit. We hope these optimizations will increase the current usage of the forums. We also have plans to move to newer hardware, but we're still working those details out due to our limited budget. Please contact me if you notice any particularly slow areas of the site that you'd like to be faster.

Syndicate content