Mike Belopuhov @mike@x0r.be

By combining ASLR, NOEXEC, CFI, SafeStack, and the other hardening techniques, #HardenedBSD provides a pretty hostile environment for exploit authors. That's not to say exploitation is impossible; rather, it becomes much more difficult and time consuming.

3/3

The CFI implementation in llvm only protects forward edges. The primary use case is to prevent abusing function pointers and indirect branches to hijack the control flow.

llvm also includes SafeStack, which can help secure backward edges. We use that in #HardenedBSD, too

2/3

Did you know that #HardenedBSD's feature set includes more than ASLR? We have also implemented PaX NOEXEC, integrated non-Cross-DSO CFI, and many other features.

We're working hard on Cross-DSO CFI. Control Flow Integrity (CFI) is a powerful exploit mitigation.

1/3

Fernando Gont on #IPv6 security #hip18

https://mastodon.social/media/f11B6exT2pE3lDoASWs

"Our TLBleed exploit successfully leaks a 256-bit EdDSA key from libgcrypt (used in e.g. GPG) with a
98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time."

https://www.blackhat.com/us-18/briefings.html#tlbleed-when-protecting-your-cpu-caches-is-not-enough

At BSDCan: "Everytime I see one of you OpenBSD developers you look like you are ready for the next hike."
Me: 😊

@mike and all of you together rock!

Thank you for kicking me into the correct direction. As you can see, that was successful. :-)

@florian it seems there is a new sysctl in GENERIC.MP #24 : I see a sysctl_hwsmt symbol. wonder what it should be... 😃

I learned some C++ and taught GNU gold to understand #OpenBSD soname versioning. gold can now be used as a general purpose linker on OpenBSD (provided you don't need static and/or nopie linking).
https://github.com/jasperla/openbsd-wip/commit/6c108050ee794b33e6db3905ae7ecf286511fbf1

TIL There are music typewriters and they came in all sorts of shapes, sizes, and mechanisms

http://www.musicprintinghistory.org/music-typewriters

#RetroHardware

“Open source is like sex: it’s better when Richard Stallman is not involved.”

Useless Fact of the Day: this Monday, it will be 17500 days since Epoch.

@stsp @mulander @cynicalsecurity @csirac2 Yeah, as mentioned in the other thread from January, the option to disable HT has been removed from many BIOSes.

It’s the reason why we had to add code to the Muen kernel which basically only brings up one thread per physical CPU core.

Software that links and works correctly with GNU gold on #OpenBSD/amd64 so far:
* GNU gold itself
* oed (cause I know you'd all ask 🤣)
* oksh
* my portable mg
* GNU bc and dc
* editors/nano
* games/corsixth
* games/openclonk (upcoming)
* games/openjk
* games/mars
* games/hyperrogue
* games/julius
* games/jumpnbump
* lang/cparser
* lang/fort (upcoming)
* lang/lily (upcoming)

Overall, I consider this a success!
(The shared lib search problem hurts though.)

More details about the #LazyFP Intel CPU issue. Affected OSes:
- Linux (mostly pre 4.4.y, y < 138)
- FreeBSD
- Windows
- KVM when run on affected Linux kernel versions
- All Xen versions and generally all hypervisors that employ lazy FPU switching

Affected CPUs:
- Verified on the Intel Core microarchitecture from Sandy Bridge to Skylake
- State of other processors unclear

There are also attack details, at least for one of three variants they discovered.

http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html

Works directly from clang too without having to mess around with moving binaries around. Adding -fuse-ld=gold to your LDFLAGS does all the magic.

Neat. I've gotten GNU gold to link pie binaries on #OpenBSD and added -z wxallowed support to it as well.

archiving punched card decks has some surprises ....

Beer Standard Time