TЯEИTJul 5, 2017
@lattera Interested to hear your thoughts on KARL and if you think it's possible to port to Hardened?
Show threadShawn WebbJul 5, 2017

@pr1ntf KARL is interesting research. However, I probably wouldn't take that approach. Kernel exploits are typically for local privesc. Randomization techniques (whether ASR, ASLR, KSR, KASRL, or KARL) are nullified by information disclosure vulnerabilities, which kernels are notorious for having all over the place.

I'd be interested in a long-term efficacy study.

Show threadShawn WebbJul 5, 2017
@pr1ntf As far as porting to HardenedBSD, I'm not sure it'd be a great fit. The first thing to do would be to fix the hundreds (if not thousands) of kernel address space information disclosures. Doing so would break fstat(1) and a number of other useful userland utilities.
Show threadShawn Webb
@pr1ntf Time would better be spent in protecting the kernel. For example, finishing Nathan Dautenhahn's Nested Kernel project, something he wants to import into #HardenedBSD, but lacks time.
Jul 5, 2017 at 11:46pmWeb