upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/amd64/linux32
History
Shawn Webb e13c0d42eb HBSD OPNsense: Separate out the ASLR code. 
On OPNsense's 16.7 roadmap is HardenedBSD's ASLR code. This commit
separates out the ASLR code from the rest of our exploit mitigation
and system hardening code.

Testing and verification still need to be performed. Initial testing
(compile + boot + `procstat -v PIDofPIEapplication) has been
performed. More thorough testing should occur.

Shared object load order randomization in the RTLD is not included in
this patch. That will be discussed with the fine folks at OPNsense at
a later time.

Since OPNsense is based on FreeBSD 10.x, this patch will need to be
backported to 10-STABLE. However, a "horizontal port" to 11-CURRENT,
which is what this commit is, needed to be done first.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
2016-05-19 21:07:57 +02:00
..
linux.h *: upgrade to 10.1 as a bulk commit 2015-02-10 19:21:02 +01:00
linux32_dummy.c *: upgrade to 10.1 as a bulk commit 2015-02-10 19:21:02 +01:00
linux32_genassym.c src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
linux32_ipc64.h src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
linux32_locore.s src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
linux32_machdep.c HBSD OPNsense: Separate out the ASLR code. 2016-05-19 21:07:57 +02:00
linux32_proto.h o Fix filemon and bmake meta-mode stability issues. [EN-16:01] o Fix invalid TCP checksums with pf(4). [EN-16:02.pf] o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] 2016-01-14 11:21:11 +01:00
linux32_support.s src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
linux32_syscall.h src: clean-cut move to 10.2-RELEASE 2015-08-14 14:15:00 +02:00
linux32_syscalls.c src: clean-cut move to 10.2-RELEASE 2015-08-14 14:15:00 +02:00
linux32_sysent.c src: clean-cut move to 10.2-RELEASE 2015-08-14 14:15:00 +02:00
linux32_systrace_args.c o Fix filemon and bmake meta-mode stability issues. [EN-16:01] o Fix invalid TCP checksums with pf(4). [EN-16:02.pf] o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] 2016-01-14 11:21:11 +01:00
linux32_sysvec.c HBSD OPNsense: Separate out the ASLR code. 2016-05-19 21:07:57 +02:00
Makefile src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
syscalls.conf src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
syscalls.master o Fix filemon and bmake meta-mode stability issues. [EN-16:01] o Fix invalid TCP checksums with pf(4). [EN-16:02.pf] o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] 2016-01-14 11:21:11 +01:00