xref: /netbsd-src/doc/TODO.kaslr (revision 61683f02cbdcd40da988eba795b801ae5bb4a492)

====== POINTER LEAKS ======

[DONE] -- Change the permissions of /dev/ksyms, as discussed in:
          http://mail-index.netbsd.org/tech-kern/2018/01/17/msg022960.html

-- The address of a non-public section is leaked because of Meltdown,
   "jmp handler". This can easily be fixed by pushing the handlers into
   their own section.

-- Replace the "%p" fmt by something relative to the kernel section (if
   any). Eg, from
       printf("%p", &some_global_var); --> "0xffffffffe38010f0"
   to
       printf("%p", &some_global_var); --> ".data.4:0x8010f0"
   This eases debugging and also prevents leaks if a driver prints
   kernel addresses as debug (I've seen that already).

[DONE] -- PPPoE sends a kernel address as host unique. (What is this shit.)

-- Several entry points leak kernel addresses:
       [DONE] - "modstat -k"
       [DONE] - kern.proc
       [DONE] - kern.proc2
       [DONE] - kern.file
       [DONE] - kern.file2
       [DONE] - kern.lwp
       [DONE] - sysctl_inpcblist
       [DONE] - sysctl_unpcblist
       [DONE] - sysctl_doevcnt
       [DONE] - sysctl_dobuf

-- Be careful with dmesg.

====== RANDOMIZATION ======

[DONE] -- Randomize the PTE space.

[DONE] -- Randomize the kernel main memory (VM_MIN_KERNEL_ADDRESS).

[DONE] -- Randomize the direct map.

[POINTLESS, BECAUSE CPU LEAKY] -- Randomize the PCPU area.

====== GENERAL ======

-- Sort the kernel sections by size, from largest to smallest, to save
   memory.

[DONE] -- Add the "pkboot" command in the EFI bootloader.