[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Improving security in the binary distribution



			Hi developers,

as some of you may know already, I have spent some time again looking at
improving the security of the binary distribution.

As for the base system, SSP and ASLR (full with PIE this time) are now
enabled by default on x86 platforms, including during installation and
on Xen kernels (hosts and guests).

For pkgsrc in particular, see:
http://mail-index.netbsd.org/tech-pkg/2015/05/27/msg014911.html
http://mail-index.netbsd.org/tech-pkg/2015/07/18/msg015276.html

While I do not see either discussion leading to much changes upstream
unfortunately, it is my intention to enable as much as possible of this
work in the next bulk of binary packages for EdgeBSD. As a reminder,
what we already had there:
- unprivileged builds
- contained builds (chroot in dedicated virtual machine instances)
- signed packages and sets (with fixes)

To which I am now preparing to add:
- SSP for all packages
- full ASLR support for all packages (PIE)

A few changes are still pending before launching the first builds:
- signed system packages
- registering binaries breaking with ASLR (firefox, thunderbird,
  libreoffice...)

In a more distant future, I will also consider:
- enabling RELRO (I do not fully grasp the implications atm)
- supporting pkgng (this is too much work for the moment)

Let me know how this sounds.

Cheers!
-- 
khorben