OpenBSD Memory protection mechanisms that are not enabled by default?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
Besides the "S" option for malloc.conf and increasing kern.stackgap_random and removing the wxallowed mount option, what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel, if minimal source code modification is needed.
Usually they don't enable it because many application, exampe from ports would crash because of bad code.
Tried to get lists/ideas from grsecurity (if there is any, that is not already used in OpenBSD), but it is hard when you are not a programmer: https://grsecurity.net/features.php
security memory openbsd
asked Feb 9 at 8:59
Hessnov
31314
add a comment |Â
up vote
2
down vote
favorite
Besides the "S" option for malloc.conf and increasing kern.stackgap_random and removing the wxallowed mount option, what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel, if minimal source code modification is needed.
Usually they don't enable it because many application, exampe from ports would crash because of bad code.
Tried to get lists/ideas from grsecurity (if there is any, that is not already used in OpenBSD), but it is hard when you are not a programmer: https://grsecurity.net/features.php
security memory openbsd
asked Feb 9 at 8:59
Hessnov
31314
securelevel=2man.openbsd.org/securelevel prevents non-console root from doing some nasty things.pledgeman.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code
– Neil McGuigan
Feb 13 at 22:19
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Besides the "S" option for malloc.conf and increasing kern.stackgap_random and removing the wxallowed mount option, what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel, if minimal source code modification is needed.
Usually they don't enable it because many application, exampe from ports would crash because of bad code.
Tried to get lists/ideas from grsecurity (if there is any, that is not already used in OpenBSD), but it is hard when you are not a programmer: https://grsecurity.net/features.php
security memory openbsd
asked Feb 9 at 8:59
Hessnov
31314
Besides the "S" option for malloc.conf and increasing kern.stackgap_random and removing the wxallowed mount option, what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel, if minimal source code modification is needed.
Usually they don't enable it because many application, exampe from ports would crash because of bad code.
Tried to get lists/ideas from grsecurity (if there is any, that is not already used in OpenBSD), but it is hard when you are not a programmer: https://grsecurity.net/features.php
security memory openbsd
asked Feb 9 at 8:59
Hessnov
31314
edited Feb 14 at 6:58
asked Feb 9 at 8:59
Hessnov
31314
asked Feb 9 at 8:59
Hessnov
31314
asked Feb 9 at 8:59
Hessnov
31314
31314
securelevel=2man.openbsd.org/securelevel prevents non-console root from doing some nasty things.pledgeman.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code
– Neil McGuigan
Feb 13 at 22:19
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58
add a comment |Â
securelevel=2man.openbsd.org/securelevel prevents non-console root from doing some nasty things.pledgeman.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code
– Neil McGuigan
Feb 13 at 22:19
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58
securelevel=2 man.openbsd.org/securelevel prevents non-console root from doing some nasty things. pledge man.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code– Neil McGuigan
Feb 13 at 22:19
securelevel=2 man.openbsd.org/securelevel prevents non-console root from doing some nasty things. pledge man.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code– Neil McGuigan
Feb 13 at 22:19
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
"... what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel [or programs I use], if minimal source code modification is needed.".
What I dug up so far:
Always update to the latest stable version of the Kernel. Also look at http://www.trustedbsd.org/. Read references such as Wikipedia's OpenBSD security features webpage.
OpenBSD memory related security features:
Address Space Layout Randomization (ASLR): setting the sysctl vm.randomize_mmap to 1 (should be on by default, but it's off in DragonflyBSD and apparently not implemented in FreeBSD).
Use timingsafe_bcmp(3) and timingsafe_memcmp(3) instead of bcmp(3) or memcmp(3).
Use the explicit_bzero(3) variant instead of bzero(3) to clear sensitive memory (like password variables).
Position Independent Executables (PIE): Link with -pie or --pic-executable
Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries.
Randomized mmap(2): Don't use MAP_FIXED. Check with mquery.
Replace random(): rand(3), random(3), and rand48(3), etc. replaced with BSD's arc4random(3).
Consider using reallocarray(3) and recallocarray(3) and freezero(3) for sensitive data instead of malloc(3), calloc(3), or realloc(3).
Stack Smashing Protection (SSP): GCC + Propolice (SSP) activated by default to build all libraries and applications.
KERN_STACKGAPRANDOM (kern.stackgap_random) Sets the range of the random value added to the stack pointer on each program execution. The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. Default: 262144.
Use the new strlcpy(3) and strlcat(3) instead of strcpy(3), strcat(3), strncpy(3) or strncat(3) - allows safe string copies.
Use strtonum(3) function instead of the atoi(3) and strtol(3) family of interfaces.
W^X policy: A page may be both writable or executable, but not both. Hence W^X. The idea is to create a .rodata segment with the PROT_READ attribute only thus it loses the PROT_EXEC attribute.
answered Feb 15 at 4:35
Rob
15117
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
"... what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel [or programs I use], if minimal source code modification is needed.".
What I dug up so far:
Always update to the latest stable version of the Kernel. Also look at http://www.trustedbsd.org/. Read references such as Wikipedia's OpenBSD security features webpage.
OpenBSD memory related security features:
Address Space Layout Randomization (ASLR): setting the sysctl vm.randomize_mmap to 1 (should be on by default, but it's off in DragonflyBSD and apparently not implemented in FreeBSD).
Use timingsafe_bcmp(3) and timingsafe_memcmp(3) instead of bcmp(3) or memcmp(3).
Use the explicit_bzero(3) variant instead of bzero(3) to clear sensitive memory (like password variables).
Position Independent Executables (PIE): Link with -pie or --pic-executable
Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries.
Randomized mmap(2): Don't use MAP_FIXED. Check with mquery.
Replace random(): rand(3), random(3), and rand48(3), etc. replaced with BSD's arc4random(3).
Consider using reallocarray(3) and recallocarray(3) and freezero(3) for sensitive data instead of malloc(3), calloc(3), or realloc(3).
Stack Smashing Protection (SSP): GCC + Propolice (SSP) activated by default to build all libraries and applications.
KERN_STACKGAPRANDOM (kern.stackgap_random) Sets the range of the random value added to the stack pointer on each program execution. The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. Default: 262144.
Use the new strlcpy(3) and strlcat(3) instead of strcpy(3), strcat(3), strncpy(3) or strncat(3) - allows safe string copies.
Use strtonum(3) function instead of the atoi(3) and strtol(3) family of interfaces.
W^X policy: A page may be both writable or executable, but not both. Hence W^X. The idea is to create a .rodata segment with the PROT_READ attribute only thus it loses the PROT_EXEC attribute.
answered Feb 15 at 4:35
Rob
15117
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
add a comment |Â
up vote
1
down vote
"... what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel [or programs I use], if minimal source code modification is needed.".
What I dug up so far:
Always update to the latest stable version of the Kernel. Also look at http://www.trustedbsd.org/. Read references such as Wikipedia's OpenBSD security features webpage.
OpenBSD memory related security features:
Address Space Layout Randomization (ASLR): setting the sysctl vm.randomize_mmap to 1 (should be on by default, but it's off in DragonflyBSD and apparently not implemented in FreeBSD).
Use timingsafe_bcmp(3) and timingsafe_memcmp(3) instead of bcmp(3) or memcmp(3).
Use the explicit_bzero(3) variant instead of bzero(3) to clear sensitive memory (like password variables).
Position Independent Executables (PIE): Link with -pie or --pic-executable
Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries.
Randomized mmap(2): Don't use MAP_FIXED. Check with mquery.
Replace random(): rand(3), random(3), and rand48(3), etc. replaced with BSD's arc4random(3).
Consider using reallocarray(3) and recallocarray(3) and freezero(3) for sensitive data instead of malloc(3), calloc(3), or realloc(3).
Stack Smashing Protection (SSP): GCC + Propolice (SSP) activated by default to build all libraries and applications.
KERN_STACKGAPRANDOM (kern.stackgap_random) Sets the range of the random value added to the stack pointer on each program execution. The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. Default: 262144.
Use the new strlcpy(3) and strlcat(3) instead of strcpy(3), strcat(3), strncpy(3) or strncat(3) - allows safe string copies.
Use strtonum(3) function instead of the atoi(3) and strtol(3) family of interfaces.
W^X policy: A page may be both writable or executable, but not both. Hence W^X. The idea is to create a .rodata segment with the PROT_READ attribute only thus it loses the PROT_EXEC attribute.
answered Feb 15 at 4:35
Rob
15117
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
add a comment |Â
up vote
1
down vote
up vote
1
down vote
"... what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel [or programs I use], if minimal source code modification is needed.".
What I dug up so far:
Always update to the latest stable version of the Kernel. Also look at http://www.trustedbsd.org/. Read references such as Wikipedia's OpenBSD security features webpage.
OpenBSD memory related security features:
Address Space Layout Randomization (ASLR): setting the sysctl vm.randomize_mmap to 1 (should be on by default, but it's off in DragonflyBSD and apparently not implemented in FreeBSD).
Use timingsafe_bcmp(3) and timingsafe_memcmp(3) instead of bcmp(3) or memcmp(3).
Use the explicit_bzero(3) variant instead of bzero(3) to clear sensitive memory (like password variables).
Position Independent Executables (PIE): Link with -pie or --pic-executable
Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries.
Randomized mmap(2): Don't use MAP_FIXED. Check with mquery.
Replace random(): rand(3), random(3), and rand48(3), etc. replaced with BSD's arc4random(3).
Consider using reallocarray(3) and recallocarray(3) and freezero(3) for sensitive data instead of malloc(3), calloc(3), or realloc(3).
Stack Smashing Protection (SSP): GCC + Propolice (SSP) activated by default to build all libraries and applications.
KERN_STACKGAPRANDOM (kern.stackgap_random) Sets the range of the random value added to the stack pointer on each program execution. The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. Default: 262144.
Use the new strlcpy(3) and strlcat(3) instead of strcpy(3), strcat(3), strncpy(3) or strncat(3) - allows safe string copies.
Use strtonum(3) function instead of the atoi(3) and strtol(3) family of interfaces.
W^X policy: A page may be both writable or executable, but not both. Hence W^X. The idea is to create a .rodata segment with the PROT_READ attribute only thus it loses the PROT_EXEC attribute.
answered Feb 15 at 4:35
Rob
15117
"... what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?
Even options would be useful if we have to re-compile the kernel [or programs I use], if minimal source code modification is needed.".
What I dug up so far:
Always update to the latest stable version of the Kernel. Also look at http://www.trustedbsd.org/. Read references such as Wikipedia's OpenBSD security features webpage.
OpenBSD memory related security features:
Address Space Layout Randomization (ASLR): setting the sysctl vm.randomize_mmap to 1 (should be on by default, but it's off in DragonflyBSD and apparently not implemented in FreeBSD).
Use timingsafe_bcmp(3) and timingsafe_memcmp(3) instead of bcmp(3) or memcmp(3).
Use the explicit_bzero(3) variant instead of bzero(3) to clear sensitive memory (like password variables).
Position Independent Executables (PIE): Link with -pie or --pic-executable
Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries.
Randomized mmap(2): Don't use MAP_FIXED. Check with mquery.
Replace random(): rand(3), random(3), and rand48(3), etc. replaced with BSD's arc4random(3).
Consider using reallocarray(3) and recallocarray(3) and freezero(3) for sensitive data instead of malloc(3), calloc(3), or realloc(3).
Stack Smashing Protection (SSP): GCC + Propolice (SSP) activated by default to build all libraries and applications.
KERN_STACKGAPRANDOM (kern.stackgap_random) Sets the range of the random value added to the stack pointer on each program execution. The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. Default: 262144.
Use the new strlcpy(3) and strlcat(3) instead of strcpy(3), strcat(3), strncpy(3) or strncat(3) - allows safe string copies.
Use strtonum(3) function instead of the atoi(3) and strtol(3) family of interfaces.
W^X policy: A page may be both writable or executable, but not both. Hence W^X. The idea is to create a .rodata segment with the PROT_READ attribute only thus it loses the PROT_EXEC attribute.
answered Feb 15 at 4:35
Rob
15117
answered Feb 15 at 4:35
Rob
15117
answered Feb 15 at 4:35
Rob
15117
answered Feb 15 at 4:35
Rob
15117
15117
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
add a comment |Â
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
but the q was for memory protection besides the mentioned ones by me " that can be turned on and it is not enabled by default" - but please, please keep this great list, Thanks!
– Hessnov
Feb 19 at 20:01
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422985%2fopenbsd-memory-protection-mechanisms-that-are-not-enabled-by-default%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
securelevel=2man.openbsd.org/securelevel prevents non-console root from doing some nasty things.pledgeman.openbsd.org/pledge is "on" by default but some programs need to incorporate it in their source code– Neil McGuigan
Feb 13 at 22:19
Thank you! Although securelevel is related to make a system more secure, it has nothing to do with memory security. Also, pledge is there by default on OpenBSD, the question was for non-default functions.
– Hessnov
Feb 14 at 6:58