On 17.06.2017 12:25, Maxime Villard wrote: > Le 23/03/2017 à 18:30, Maxime Villard a écrit : >> I have some plans to implement kernel aslr on amd64. Actually, a few >> months >> ago I wrote set of patches for the bootloader and the kernel, and also a >> complete kernel relocator. As far as I can test, everything works >> correctly >> and reliably; the whole implementation can relocate and jump into a >> PIE binary >> in kernel mode with a proper page tree. >> >> But the thing is, I don't quite see how to have the kernel itself >> compiled as >> PIE. My attempts so far have been unfruitful, so I thought I could ask >> here. >> Ideally, we would have a kernel that has the same binary layout as our >> kernel >> modules. >> >> Is there someone interested in working on that? This is a toolchain >> work, but >> I don't know that stuff. > > This still stands; beyond aslr, there are several new features that we > could implement - such a live kernel patching -, and they imply being able > to build a PIE kernel in the first place. > > Perhaps add the "Toolchain: Build kernel as PIE" idea in the projects list? I noted that Kernel ASLR is treated as industry standard now. Fuchsia (Magenta) implemented it from get go and enabled when possible. I have dreams to get sanitizers (asan, msan, ubsan, ...) into the kernel at some point. It should reduce significantly the time required to shake out bugs from the kernel. However first I need to get these debugging facilities to the usable point in userland.
Attachment:
signature.asc
Description: OpenPGP digital signature