The development team at NetBSD is going to implement the KASLR (kernel Address Space Layout Randomisation) for 64-bit AMD processors.
The KASLR coding technique allows randomizing the location of memory where the NetBSD kernel is loaded. The ASRL technique is widely adopted as a security measure to protect applications from the exploitation of vulnerabilities like buffer overflow because it is impossible for the attacker to predict the memory location that could be used to inject malicious code.
The current design decouples the bootloader and the kernel with an additional layer dubbed “prekern.”
“The current design is based on a specialized kernel called the “prekern“, which operates between the bootloader and the kernel itself. The kernel is compiled as a raw library with the GENERIC_KASLR configuration file, while the prekern is compiled as a static binary.” explained the developer Maxime Villard.
“When the machine boots, the bootloader jumps into the prekern. The prekern relocates the kernel at a random virtual address (VA), and jumps into it. Finally, the kernel performs some cleanup, and executes normally.”
The implementation is still incomplete, Villard anticipated the future work:
Randomise the kernel sections independently, and intertwine them;
Modify several kernel entry points not to leak kernel addresses to userland;
Randomise the kernel heap too (which is still static for now).”
All of the patches are already available in the current NetBSD, the post written by the developer also includes a link to the instructions on how to install and use this implementation.
This KASLR implementation will be available starting from NetBSD 9.
“Once it is stabilized, it may be backported to NetBSD 8. Until then, feel free to test it!”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.