1e4d99eb9SDavid van Moolenbroek.Dd September 7, 2015 2e4d99eb9SDavid van Moolenbroek.Dt UPDATE_ASR 8 3e4d99eb9SDavid van Moolenbroek.Os 4e4d99eb9SDavid van Moolenbroek.Sh NAME 5e4d99eb9SDavid van Moolenbroek.Nm update_asr 6e4d99eb9SDavid van Moolenbroek.Nd perform ASR rerandomization on system services 7e4d99eb9SDavid van Moolenbroek.Sh SYNOPSYS 8e4d99eb9SDavid van Moolenbroek.Nm 9e4d99eb9SDavid van Moolenbroek.Op Fl v 10e4d99eb9SDavid van Moolenbroek.Op Ar labels 11e4d99eb9SDavid van Moolenbroek.Sh DESCRIPTION 12e4d99eb9SDavid van MoolenbroekThe 13e4d99eb9SDavid van Moolenbroek.Nm 14e4d99eb9SDavid van Moolenbroekutility performs one cycle of system service live 15e4d99eb9SDavid van MoolenbroekASR (Address Space Randomization) rerandomization. 16e4d99eb9SDavid van MoolenbroekBy default, the utility will attempt to update all system services. 17e4d99eb9SDavid van MoolenbroekIf a space-separated list of service 18e4d99eb9SDavid van Moolenbroek.Ar labels 19e4d99eb9SDavid van Moolenbroekis given, only those services are updated. 20e4d99eb9SDavid van Moolenbroek.Pp 21e4d99eb9SDavid van MoolenbroekUpdates require the presence of at least two precreated ASR binaries for the 22e4d99eb9SDavid van Moolenbroekservice: the original service binary, and at least one rerandomized ASR binary 23e4d99eb9SDavid van Moolenbroekfor the service. 24e4d99eb9SDavid van MoolenbroekThe update consists of selecting the next on-disk ASR binary for the service, 25e4d99eb9SDavid van Moolenbroekand performing a live update from the current service into the selected new 26e4d99eb9SDavid van Moolenbroekversion. 27e4d99eb9SDavid van MoolenbroekThe selection takes place in a round-robin fashion, so once the script has 28e4d99eb9SDavid van Moolenbroekgone through all rerandomized ASR binaries, it will revert to the original 29e4d99eb9SDavid van Moolenbroekservice binary, and then continue with the first rerandomized ASR binary 30e4d99eb9SDavid van Moolenbroekagain, and so on. 31e4d99eb9SDavid van Moolenbroek.Pp 32e4d99eb9SDavid van MoolenbroekThe following options are available: 33e4d99eb9SDavid van Moolenbroek.Bl -tag -width Ds 34e4d99eb9SDavid van Moolenbroek.It Fl v 35e4d99eb9SDavid van MoolenbroekEnable verbose mode. 36e4d99eb9SDavid van Moolenbroek.El 37e4d99eb9SDavid van Moolenbroek.Sh SEE ALSO 38*c58da9fbSDavid van Moolenbroek.Xr minix-service 8 39e4d99eb9SDavid van Moolenbroek.Sh AUTHORS 40e4d99eb9SDavid van MoolenbroekThe 41e4d99eb9SDavid van Moolenbroek.Nm 42e4d99eb9SDavid van Moolenbroekutility was written by 43e4d99eb9SDavid van Moolenbroek.An David van Moolenbroek 44e4d99eb9SDavid van Moolenbroek.Aq david@minix3.org . 45e4d99eb9SDavid van Moolenbroek.Sh BUGS 46e4d99eb9SDavid van MoolenbroekFailures are silently ignored. 47e4d99eb9SDavid van MoolenbroekSome failures are expected, since not all services are necessarily quiescent 48e4d99eb9SDavid van Moolenbroekand therefore ready to be updated. 49e4d99eb9SDavid van Moolenbroek.Pp 50e4d99eb9SDavid van MoolenbroekAs of writing, no infrastructure exists to perform ASR updates automatically, 51e4d99eb9SDavid van Moolenbroekand no infrastructure exists to create new rerandomized binaries at runtime. 52