upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/hardenedbsd
History
Shawn Webb ec93b44059 HBSD: Change ASLR defaults for 32bit systems. 
On i386, the stack isn't randomized enough to provide enough space for
the VDSO to be randomized. Bump the stack randomization up to 14 for
32bit systems and lower the VDSO randomization to 8. This provides
enough of a difference between the two to allow for both stack and
VDSO randomization.

Note that ASLR on 32bit systems is still rather weak. Not much entropy
can be introduced into the stack and VDSO. Brute forcing the stack and
VDSO is well within the realm of possibility. Users are strongly
advised to migrate to 64bit systems.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
2016-05-19 21:07:58 +02:00
..
hbsd_pax_aslr.c HBSD: Change ASLR defaults for 32bit systems. 2016-05-19 21:07:58 +02:00
hbsd_pax_common.c HBSD OPNsense: Separate out the ASLR code. 2016-05-19 21:07:57 +02:00
hbsd_pax_internal.h HBSD OPNsense: Separate out the ASLR code. 2016-05-19 21:07:57 +02:00
hbsd_pax_log.c HBSD OPNsense: Separate out the ASLR code. 2016-05-19 21:07:57 +02:00