Starting with build 47, we have removed support for the a.out executable file format and NULL page mapping support. This also means that gzipped kernels in a.out format are not supported anymore in HardenedBSD as well. The a.out file format is an extremely dated format. We in the HardenedBSD project have no desire to support and ensure feature interop with such an old format. Additionally, we have no way to generate a.out files and test against it. Removing support for the a.out format further means one less attack vector.
We have also removed support for userland memory mappings at NULL. The ``security.bsd.map_at_null''
sysctl(8)
has been removed. This completely prevents all processes from mapping at NULL and making valid NULL dereferences possible. Note that it is still possible for applications to attempt in dereferencing NULL (a problem HardenedBSD can't solve), but doing so in HardenedBSD will cause a segfault.
We've been working extremely hard in the development of new security features, the enhancement of existing security features, and infrastructure work. Blog posts about all of our work will be coming soon.