Project

General

Profile

Actions

Feature #13786

closed

bhyve could use ASLR

Added by Andy Fiddaman 9 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
bhyve
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

# psecflags `pgrep -n bhyve`
11640:  /usr/sbin/bhyve -U 15d75ebd-b708-c0ef-eaa1-8670b7ce8a40 -H -B 1,manufa
        E:      none
        I:      none
        L:      none
        U:      aslr,forbidnullmap,noexecstack

For additional protection, bhyve should employ the ASLR security flag.

Actions #1

Updated by Andy Fiddaman 9 months ago

  • Status changed from Feedback to In Progress
Actions #2

Updated by Electric Monk 9 months ago

  • Gerrit CR set to 1474
Actions #3

Updated by Andy Fiddaman 8 months ago

I've tested this on OmniOS bloody using a range of bhyve guests (illumos, Windows, Linux, FreeBSD) in a variety of configurations including PCI passthrough and VNC framebuffer.

bloody# ptree -z bhyvetest
23710  zsched
  24162  bhyve-bhyvetest -k /etc/bhyve.cfg
bloody# psecflags 24162
24162:  bhyve-bhyvetest -k /etc/bhyve.cfg
        E:      aslr
        I:      none
        L:      none
        U:      aslr,forbidnullmap,noexecstack
Actions #4

Updated by Electric Monk 8 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 90d74ed67b4bac801bf06d75825d9a9e4bd458d0

commit  90d74ed67b4bac801bf06d75825d9a9e4bd458d0
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date:   2021-05-24T18:14:16.000Z

    13786 bhyve could use ASLR
    Reviewed by: Robert Mustacchi <rm@fingolfin.org>
    Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF