There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 44
You can grab it from Here. (45.8 Mb)
root password: solobsd
martes, 29 de marzo de 2016
SoloBSD 10.3-PRERELEASE-v44
There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 44
root password: solobsd
lunes, 21 de marzo de 2016
RELEASE: SoloBSD 10.3-PRERELEASE-v42.2
There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 42.2
You can grab it from Here. (45.7 Mb)
root password: solobsd
jueves, 17 de marzo de 2016
Lección sobre PIE, RELRO, BIND NOW y compatibilidad W^X
Esta mañana estuve charlando con Shawn Webb en el canal de IRC #HardenedBSD, acerca del nuevo soporte para PIE + RELRO + BIND NOW + compatibilidad W^X en Firefox para HardenedBSD y esto es lo que me comentó:
lattera SoloBSD: also, I hope you enjoy PIE + RELRO + BIND NOW + W^X compat firefox like I am ;) SoloBSD what all of those things do? SoloBSD PIE is Position-Independent Executable SoloBSD I almost got that SoloBSD so it is randomly running in memory space right? lattera PIE means that the application itself will be loaded in a random spot in memory lattera RELRO means that the relocation section will be marked as read-only lattera BIND NOW means that the runtime linker will resolve all symbols (like functions, variables, etc.) immediately, before running the application SoloBSD RELRO ----> cause sometimes is maked as r/w SoloBSD right? lattera if an application doesn't use RELRO, the part in memory where the relocation entries are located will be marked as RW SoloBSD so what can go wrong there? lattera W^X compat means that its javascript interpreter won't create RWX memory mappings SoloBSD someone can write there? lattera yeah, there's a part of the application called the PLT/GOT lattera and that part is abused by attackers SoloBSD got it lattera if it's marked as RW, then an attacker can redirect function calls lattera so when you think your application is calling printf(), it's really calling evil_printf() SoloBSD ohhh interesting, and the same goes for W^X, right? lattera kinda/sorta, but not really lattera if a memory mapping is marked as RWX, then an attacker could write arbitrary code into that mapping and execute it lattera W^X means "exclusively write or execute, but not both" lattera so if a memory mapping is marked as writable, it can't be marked as executable lattera and if a memory mapping is marked as executable, it can't be marked as writable SoloBSD got that now SoloBSD ok question on PIE, correct me if I'm wrong, which is likely possible, from the HBSD Internals lecture: SoloBSD OpenBSD does the same, but we already know where the memory stack lives, right? which doesn't happen with HBSD lattera OpenBSD has enabled PIE for all of base, something which we haven't done, yet lattera we have PIE enabled for certain applications like ssh and sshd lattera and HardenedBSD is the only BSD with true stack randomization, if I remember right lattera meaning we randomize the top of the stack address SoloBSD and that's why we love it, right????? SoloBSD :) lattera we still also utilize a random stack gap, too, to provide more entropyEspero sirva para entender un poco más cómo funciona todo esto en HardenedBSD.
lunes, 14 de marzo de 2016
RELEASE: SoloBSD 10.3-PRERELEASE-v42.1
There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 42.1
You can grab it from Here. (44.8 Mb)
root password: solobsd
lunes, 7 de marzo de 2016
RELEASE: SoloBSD 10.3-BETA3-v41.1
There is a new build of SoloBSD 10.3-BETA3 based on the latest HardenedBSD stable branch version 41.1
You can grab it from Here. (42.2 Mb)
root password: solobsd
martes, 1 de marzo de 2016
RELEASE: SoloBSD 10.3-BETA3-v41
There is a new build of SoloBSD 10.3-BETA3 based on the latest HardenedBSD stable branch version 41
You can grab it from Here. (42.2 Mb)
root password: solobsd
Suscribirse a:
Entradas (Atom)