opnsense-src

upstream/opnsense-src

Fork 0

mirror of https://github.com/opnsense/src.git synced 2026-06-09 16:50:25 -04:00

Commit graph

Author	SHA1	Message	Date
Shawn Webb	e13c0d42eb	HBSD OPNsense: Separate out the ASLR code. On OPNsense's 16.7 roadmap is HardenedBSD's ASLR code. This commit separates out the ASLR code from the rest of our exploit mitigation and system hardening code. Testing and verification still need to be performed. Initial testing (compile + boot + `procstat -v PIDofPIEapplication) has been performed. More thorough testing should occur. Shared object load order randomization in the RTLD is not included in this patch. That will be discussed with the fine folks at OPNsense at a later time. Since OPNsense is based on FreeBSD 10.x, this patch will need to be backported to 10-STABLE. However, a "horizontal port" to 11-CURRENT, which is what this commit is, needed to be done first. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>	2016-05-19 21:07:57 +02:00
delphij	86e48d4566	Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so	2016-01-27 09:29:55 +01:00
Franco Fichtner	402e7dde73	src: initial commit based on FreeBSD-10.0 Taken from: https://github.com/freebsd/freebsd.git Commit id: d44ce30d3054a38723f89a161c5e003e64d1aaae	2014-11-09 09:30:14 +01:00

Author

SHA1

Message

Date

Shawn Webb

e13c0d42eb

HBSD OPNsense: Separate out the ASLR code.

On OPNsense's 16.7 roadmap is HardenedBSD's ASLR code. This commit
separates out the ASLR code from the rest of our exploit mitigation
and system hardening code.

Testing and verification still need to be performed. Initial testing
(compile + boot + `procstat -v PIDofPIEapplication) has been
performed. More thorough testing should occur.

Shared object load order randomization in the RTLD is not included in
this patch. That will be discussed with the fine folks at OPNsense at
a later time.

Since OPNsense is based on FreeBSD 10.x, this patch will need to be
backported to 10-STABLE. However, a "horizontal port" to 11-CURRENT,
which is what this commit is, needed to be done first.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>

2016-05-19 21:07:57 +02:00

delphij

86e48d4566

Fix multiple vulnerabilities of ntp. [SA-16:09]

Fix Linux compatibility layer issetugid(2) system call
vulnerability. [SA-16:10]

Security:	FreeBSD-SA-16:09.ntp
Security:	FreeBSD-SA-16:10.linux
Approved by:	so

2016-01-27 09:29:55 +01:00

Franco Fichtner

402e7dde73

src: initial commit based on FreeBSD-10.0

Taken from:	https://github.com/freebsd/freebsd.git
Commit id:	d44ce30d3054a38723f89a161c5e003e64d1aaae

2014-11-09 09:30:14 +01:00

3 commits