upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/hardenedbsd
History
Shawn Webb f4ad62ed52 Introduce HardenedBSD's procfs hardening. 
OPNsense doesn't use procfs by default, but in case users try to use it,
prevent an interesting attack where an attacker can abuse procfs to
modify application execution state.

This commit also introduces the PAX_HARDENING kernel option.

Signed-off-by:	Shawn Webb <shawn@opnsense.org>

(cherry picked from commit 654d6151ef)
(cherry picked from commit 77492e5bdb)
(cherry picked from commit c506eb78e2)
(cherry picked from commit dbbb6b841f)
2017-02-16 16:50:16 +01:00
..
hbsd_pax_aslr.c aslr: permissions on previous 2016-10-21 16:21:52 +02:00
hbsd_pax_common.c Introduce HardenedBSD's procfs hardening. 2017-02-16 16:50:16 +01:00
hbsd_pax_hardening.c Introduce HardenedBSD's procfs hardening. 2017-02-16 16:50:16 +01:00
hbsd_pax_internal.h aslr: permissions on previous 2016-10-21 16:21:52 +02:00
hbsd_pax_log.c Introduce HardenedBSD's SEGVGUARD. 2016-11-09 19:11:01 +01:00
hbsd_pax_segvguard.c Some SEGVGUARD messages are debugging-only. Only output them in verbose 2016-12-21 21:14:49 -05:00