Hello
I doubt if it is a good idea to touch aslr setting for testing environment, I think it is dependent of what do you need to test.
I am curious whether aslr can be disabled for package building environment without causing issues with built binary packages on production like vulnerabilities or stability issues. Maybe some people on openbsd-misc know the answer.
Thank you in advance for replies, whiteman808
Dnia 18 września 2024 20:06:02 CEST, Luca Di Gregorio <lucdig@gmail.com> napisał/a:
>library_aslr=NO is already set in /etc/rc.conf.local, because I ran:
># rcctl disable library_aslr
>
>Just tried with moving /var/db/kernel.SHA256:
># mv /var/db/kernel.SHA256 /var/db/no_kernel.SHA256
>
>At reboot, reordering libraries is skipped (due to library_aslr=NO)
>and reorder_kernel: failed ( /var/db/kernel.SHA256 moved )
>
>Thanks a lot!
>
>Il giorno mer 18 set 2024 alle ore 19:04 James Cook <falsifian@falsifian.org>
>ha scritto:
>
>> On Tue, Sep 10, 2024 at 02:39:55PM +0200, Luca Di Gregorio wrote:
>> >Hi,
>> >
>> >I'm running very little OpenBSD VMs for simple services and testing
>> >environments.
>> >
>> >I really don't need security on these VMs, I already disabled library_aslr
>> >(rcctl disable library_aslr) to avoid reordering libraries at boot, but,
>> at
>> >startup, I still see ld and ctfconv running and consuming a lot of CPU.
>> >
>> >As the VMs are little, ld and ctfconv takes a lot of time to finish.
>> >
>> >Is there a way to disable them as well?
>> >
>> >Luca
>>
>> I think you can set library_aslr=NO in /etc/rc.conf.local. See
>> rc.conf(8).
>>
>> Mizsei's answer is about kernel relinking, which I think happens
>> in the background after every boot. It might slow things down too.
>>
>> --
>> James
>>
No comments:
Post a Comment