HardenedBSD October 2020 Status Report

A bit of progress has been made in October. I've started working on randomizing per-thread stacks. I've added a new delta to our ASLR implementation. That delta is applied on all mmap(MAP_STACK) calls. That causes a different delta to be applied than the regular mmap delta, and we're able to introduce a lot more entropy than the delta applied to regular mmap calls. This is only phase one. Phase two will likely be implemented in libthr, to apply a per-thread delta at pthread_create time, thus completing the per-thread stack randomization implementation.

I've fixed a number of ports that had issues with PIE being set. More ports should compile now, as some of these ports that I fixed were dependencies of others.

The infrastructure is becoming more and more stable. I've been tweaking Gitea's config to prevent it from consuming more memory than it can handle on the system. The system Gitea is deployed on has a lot of memory, but its CPU is a bit on the slow side. That slow CPU means Gitea has a tough time crawling through its in-app caches. Disabling caching made Gitea perform better for our particular use caase.

I created the HardenedBSD 12.2-RELEASE branch. I plan to provide base updates for that branch. Due to the way FreeBSD designed the package manager, we'll not be able to provide packages for the 12.2-RELEASE branch since we put the priority on 12-STABLE.

Having the 12.2-RELEASE branch, though, allows projects downstream of us to have a release branch from which to build upon.