Hi,
We have added below changes in 'sysctl.conf' to get ASLR enabled on FreeBSD 13.0-RELEASE-p11.
Also after above changes, we can see below sysctl output for ASLR
We are using dASLR tool, https://wwwin-github.cisco.com/Trust/daslr to confirm the Randomization. Among the reported test result I'm seeing FAIL for 'THREAD STACKS'(Diagnostic test). Does Randomization supported for 'THREAD STACKS' on FreeBSD 13.0-RELEASE-p11 or is there any latest patch to address this ?
We have added below changes in 'sysctl.conf' to get ASLR enabled on FreeBSD 13.0-RELEASE-p11.
Code:
#Enable ASLR
kern.elf32.aslr.enable=1
kern.elf32.aslr.pie_enable=1
kern.elf64.aslr.enable=1
kern.elf64.aslr.pie_enable=1
Code:
#sysctl -a | grep aslr
kern.elf32.aslr.stack_gap: 3
kern.elf32.aslr.honor_sbrk: 1
kern.elf32.aslr.pie_enable: 1
kern.elf32.aslr.enable: 1
kern.elf64.aslr.stack_gap: 3
kern.elf64.aslr.honor_sbrk: 1
kern.elf64.aslr.pie_enable: 1
kern.elf64.aslr.enable: 1
vm.aslr_restarts: 11744
We are using dASLR tool, https://wwwin-github.cisco.com/Trust/daslr to confirm the Randomization. Among the reported test result I'm seeing FAIL for 'THREAD STACKS'(Diagnostic test). Does Randomization supported for 'THREAD STACKS' on FreeBSD 13.0-RELEASE-p11 or is there any latest patch to address this ?
Code:
Diagnostic test: Result of executing a standalone binary whose sole function is to output the addresses of its program segments.Different memory segments are examined during this as given.
By default it runs 25 times.
#Diagnostic Check:/root/chaitra/bin-x86_64/daslr_diag 25 Runs FAIL
Stack PASS Entrpy = 20 bits
Heap PASS Entrpy = 34 bits
Bss PASS Entrpy = 24 bits
Data PASS Entrpy = 24 bits
Text PASS Entrpy = 24 bits
Thread Stacks FAIL Entrpy = 0 bits
Anon Map PASS Entrpy = 34 bits