From mirageos-devel-bounces@lists.xenproject.org Tue Jan 02 20:29:30 2024 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Tue, 02 Jan 2024 20:29:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.660843.1030484 (Exim 4.92) (envelope-from ) id 1rKlO2-0005Iw-7y; Tue, 02 Jan 2024 20:29:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 660843.1030484; Tue, 02 Jan 2024 20:29:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rKlO2-0005Ip-5A; Tue, 02 Jan 2024 20:29:18 +0000 Received: by outflank-mailman (input) for mailman id 660843; Tue, 02 Jan 2024 20:29:16 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rKlO0-0005HJ-Ph for mirageos-devel@lists.xenproject.org; Tue, 02 Jan 2024 20:29:16 +0000 Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [2001:4b98:dc4:8::221]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9779158e-a9ad-11ee-98ef-6d05b1d4d9a1; Tue, 02 Jan 2024 21:29:15 +0100 (CET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 4B6B5240005; Tue, 2 Jan 2024 20:29:11 +0000 (UTC) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: 9779158e-a9ad-11ee-98ef-6d05b1d4d9a1 From: Thomas Gazagnaire Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\)) Subject: Solo5 security features Message-Id: Date: Tue, 2 Jan 2024 21:29:00 +0100 To: mirageos-devel , solo5@lists.h3q.com X-Mailer: Apple Mail (2.3774.200.91.1.1) X-GND-Sasl: thomas@gazagnaire.org Hey there, Do we have an up-to-date table of the defense-in-depth security features = enforced by solo5 on the different targets? So far I found: - W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly = where this is enforced nowadays. The tests in = https://github.com/Solo5/solo5/pull/363/files seems to say that this = only works on spt? - heap canaries: https://github.com/mirage/ocaml-solo5/issues/48 -> all = targets? - Unmap zero page: https://github.com/Solo5/solo5/issues/296 -> seems to = be enforced on all targets? - Stack protector: https://github.com/Solo5/solo5/issues/293 and = https://github.com/Solo5/solo5/pull/294 -> seems to be enforced for all = targets? - ASLR: https://github.com/Solo5/solo5/pull/310 -> only spt ? As we have = https://github.com/Solo5/solo5/issues/304 for the hvt TODO's=20 Anything else worth mentioning? Best, Thomas= From mirageos-devel-bounces@lists.xenproject.org Fri Jan 05 13:12:05 2024 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Fri, 05 Jan 2024 13:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.662179.1032124 (Exim 4.92) (envelope-from ) id 1rLjzO-0000zu-KJ; Fri, 05 Jan 2024 13:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 662179.1032124; Fri, 05 Jan 2024 13:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rLjzO-0000zn-Gn; Fri, 05 Jan 2024 13:11:54 +0000 Received: by outflank-mailman (input) for mailman id 662179; Fri, 05 Jan 2024 13:11:53 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rLjzN-0000zh-ME for mirageos-devel@lists.xenproject.org; Fri, 05 Jan 2024 13:11:53 +0000 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [2607:f8b0:4864:20::42b]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id fc5c2f5e-abcb-11ee-98ef-6d05b1d4d9a1; Fri, 05 Jan 2024 14:11:52 +0100 (CET) Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-6d9a795cffbso400513b3a.0 for ; Fri, 05 Jan 2024 05:11:50 -0800 (PST) Received: from [192.168.0.10] (27-140-183-241.rev.home.ne.jp. [27.140.183.241]) by smtp.gmail.com with ESMTPSA id a2-20020a630b42000000b005ca5619a764sm1330849pgl.11.2024.01.05.05.11.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Jan 2024 05:11:48 -0800 (PST) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: fc5c2f5e-abcb-11ee-98ef-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704460309; x=1705065109; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=cncNyq9AjhebG4FlEBQZZPlMNoVHDazPs4Z7Lrw+AkA=; b=Tb7yAsbyjNfsYn1fZNtAVLGZMx0vqQrHZ/tOie96YOcknXN6V65X49tw5iDV0c+H5g 9IDQf07NS+/KjB64J3aqtH0cOvx+hT+5+fy3H10AHM80awh5zuKGbUDE77d+/t6G7kA/ MhHziAg9TsM0CHBbaxAgWl0djaihRd2MSz7bmWgnyeMID2R5WLcOSL11r/su/dpwrz/y 2V8e/s6Ozj0/4mkQRJrBQ07LroDRFuG4NQQqPXWph5+iciAMLwQx02N94AJ/s4x9nPA6 E0YC22mn/LQDsStRXyxGruLbPBsd/hr7wHp4a1UnmOZQ04Er8e9yatLdv642VQzF5kE2 qiiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704460309; x=1705065109; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cncNyq9AjhebG4FlEBQZZPlMNoVHDazPs4Z7Lrw+AkA=; b=JoDjZa7E6rjH2GLsOqfYTKCXdmYERzuQKW0rddpXAKOBAstrob262+xujfgz9qzJou QMoGAfHaV52CYhb1x0vPAZPXBd8Q0Or28RL/4+vYB3dXiw5PNoEtx9YAXh/Nha7851jl hd6c3mw1c0/xpMGg0OdHAkEqPu9QkC0E5yVI/U+64GLdA9UID4C7RBltqOQ5R+7EY/sm 4U5kTvDQDy9xM9MxjDYuSWQ5heDhDHN4qFNUNWJLvEM4V96BAvn/obe9KDRKBTFTN38K NxTs+2JH3rbomorIP4lORpgn7twQeyqGm1Q1Sw7M3FR88h8M9HzXickp7QkHFuoIMLYS G07w== X-Gm-Message-State: AOJu0Yws0e089BJMR65G6o7bb5qpxRKDoksyf0qLr/KtYJZMO+O4fO0t qrboQImX9FV+updluf2tL6Ecm52jd1k= X-Google-Smtp-Source: AGHT+IEiprFnB0G2gO70knfBcJb7Ig9rJfiaVJqVovypLkjXzspS/dgRWHzV9S06ecWxrMqnYV+jIA== X-Received: by 2002:a05:6a20:8e0b:b0:196:2e7b:489d with SMTP id y11-20020a056a208e0b00b001962e7b489dmr2757430pzj.17.1704460308863; Fri, 05 Jan 2024 05:11:48 -0800 (PST) Message-ID: <96cb9a13-a427-dfec-0071-d343bff3915a@gmail.com> Date: Fri, 5 Jan 2024 22:11:44 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: Solo5 security features Content-Language: en-US To: Thomas Gazagnaire , mirageos-devel , solo5@lists.h3q.com References: From: Takayuki Imada In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Thomas, Is this worth mentioning? - System call filtering (by seccomp): https://github.com/Solo5/solo5/blob/master/tenders/spt/spt_core.c#L318 -> only spt Kind regards, -- Takayuki Imada On 2024/01/03 5:29, Thomas Gazagnaire wrote: > Hey there, > > Do we have an up-to-date table of the defense-in-depth security features enforced by solo5 on the different targets? > > So far I found: > - W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly where this is enforced nowadays. The tests in https://github.com/Solo5/solo5/pull/363/files seems to say that this only works on spt? > - heap canaries: https://github.com/mirage/ocaml-solo5/issues/48 -> all targets? > - Unmap zero page: https://github.com/Solo5/solo5/issues/296 -> seems to be enforced on all targets? > - Stack protector: https://github.com/Solo5/solo5/issues/293 and https://github.com/Solo5/solo5/pull/294 -> seems to be enforced for all targets? > - ASLR: https://github.com/Solo5/solo5/pull/310 -> only spt ? As we have https://github.com/Solo5/solo5/issues/304 for the hvt TODO's > > Anything else worth mentioning? > > Best, > Thomas From mirageos-devel-bounces@lists.xenproject.org Thu Jan 18 16:14:28 2024 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Thu, 18 Jan 2024 16:14:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.668846.1041342 (Exim 4.92) (envelope-from ) id 1rQV21-0003ZV-4H; Thu, 18 Jan 2024 16:14:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 668846.1041342; Thu, 18 Jan 2024 16:14:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rQV21-0003ZO-1W; Thu, 18 Jan 2024 16:14:17 +0000 Received: by outflank-mailman (input) for mailman id 668846; Thu, 18 Jan 2024 16:14:15 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rQV1y-0003ZI-Q3 for mirageos-devel@lists.xenproject.org; Thu, 18 Jan 2024 16:14:15 +0000 Received: from smtp1.servers.tyktech.dk (smtp1.servers.tyktech.dk [85.209.118.35]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9e28d326-b61c-11ee-98f2-6d05b1d4d9a1; Thu, 18 Jan 2024 17:14:13 +0100 (CET) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: 9e28d326-b61c-11ee-98f2-6d05b1d4d9a1 Message-ID: <4a8e1266-60b4-445e-9e59-ca8bd1d45e27@celo.io> DKIM-Filter: OpenDKIM Filter v2.10.3 smtp1.servers.tyktech.dk A572A24D1 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=celo.io; s=default; t=1705594451; bh=boMsCG+28p0tJgNbRObE1QXAYf//DN+7LK3zNFVFv1Q=; h=Date:Subject:To:References:From:In-Reply-To; b=hafSsV9eE4mRBemSwOiXrMdXKFZWScvJqdKC8UBY7FTyv2ogRqwTWqV77K9ArKd8Y j1D7+uxzKufgys+jbRD5LSjWydoIJZcB2m9MAynnWxMXsM8nqfpQTmLXdMvDDFRCEw fa+HqMuILh7VeklGfL4/gXS6OkoxOCc+oc3TZA0nNM3W2WBp5w1Ft2UbSFZLU2htvO riAguzBxIw1VL+eioKtF4+kdZ0mIX9R7CtSfwVyidTLjWD4d1uDqRknU9zdXcB6u9Q cslhkslPG35YDTCMezg+u3uToMznGyG4THmX+hqbV7CLRzBOexqpwt6cjR1j/xtc5E V9aLdAWc+8cOA== Date: Fri, 5 Jan 2024 12:51:48 +0100 MIME-Version: 1.0 Subject: Re: Solo5 security features Content-Language: en-US To: mirageos-devel@lists.xenproject.org References: From: Joe In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/2/24 21:29, Thomas Gazagnaire wrote: > Hey there, > > Do we have an up-to-date table of the defense-in-depth security features enforced by solo5 on the different targets? > > So far I found: > - W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly where this is enforced nowadays. The tests in https://github.com/Solo5/solo5/pull/363/files seems to say that this only works on spt? https://github.com/Solo5/solo5/pull/447/files looks like hvt_openbsd also supports this. Also of note: https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L138 https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L197-L227 https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_kvm.c#L143-L144 From mirageos-devel-bounces@lists.xenproject.org Thu Jan 18 21:36:13 2024 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Thu, 18 Jan 2024 21:36:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.668875.1041387 (Exim 4.92) (envelope-from ) id 1rQa3Q-0005ta-HZ; Thu, 18 Jan 2024 21:36:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 668875.1041387; Thu, 18 Jan 2024 21:36:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rQa3Q-0005tT-Ek; Thu, 18 Jan 2024 21:36:04 +0000 Received: by outflank-mailman (input) for mailman id 668875; Thu, 18 Jan 2024 21:36:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rQa3N-0005t4-O6 for mirageos-devel@lists.xenproject.org; Thu, 18 Jan 2024 21:36:02 +0000 Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 90c11147-b649-11ee-98f2-6d05b1d4d9a1; Thu, 18 Jan 2024 22:35:57 +0100 (CET) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: 90c11147-b649-11ee-98f2-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamsteen.com.au; s=protonmail3; t=1705613755; x=1705872955; bh=UoVb+zK4SfG1+aYD5f3vNTRsHvuA9utO58YzIJlT8uw=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=SF+fVgHhmWBf2Pe8OQYd+P5+sSEu7BnpXC4P69lDUDnMy/Buk6g7P9M05o2VMKKV2 cNk/31dnRFy+M277kJwVwMLqCr9m5xmaJHnbGSwdhmMXdje33n3JAh97yYczTMtpUS 6xYox76x88/gy7H9HEjf0cP0dh1mxrunnjDPfW3wHbL2BWi9MqlPNoWD8jyKsZDF0z eJkXxLa4cDK6eHzzah6Yw6lJCSXreuPv81bzbHykLluEMOMoV38DIVwyMk0SopQCc+ NOmdKViyThiCTi3WtwVzRX71PDNVrXv3D8WQs4uGNdo95YJTxPIp68+x6EpkiPl0Xv 1Zdqu/a1+0M0g== Date: Thu, 18 Jan 2024 21:35:31 +0000 To: Thomas Gazagnaire From: Adam Steen Cc: Joe , mirageos-devel@lists.xenproject.org Subject: Re: Solo5 security features Message-ID: In-Reply-To: <4a8e1266-60b4-445e-9e59-ca8bd1d45e27@celo.io> References: <4a8e1266-60b4-445e-9e59-ca8bd1d45e27@celo.io> Feedback-ID: 5603712:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Looking at the tests https://github.com/Solo5/solo5/blob/master/tests/tests= .bats#L345-L386 Solo5 on OpenBSD Supports - read not write (rnow) - W^X (xnow, wnox) - excuse no read (xnor) - read no excute (rnox) Cheers Adam On Friday, 19 January 2024 at 00:14, Joe wrote: > On 1/2/24 21:29, Thomas Gazagnaire wrote: >=20 > > Hey there, > >=20 > > Do we have an up-to-date table of the defense-in-depth security feature= s enforced by solo5 on the different targets? > >=20 > > So far I found: > > - W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly wh= ere this is enforced nowadays. The tests in https://github.com/Solo5/solo5/= pull/363/files seems to say that this only works on spt? >=20 >=20 > https://github.com/Solo5/solo5/pull/447/files looks like hvt_openbsd > also supports this. >=20 > Also of note: > https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L138 >=20 > https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L197= -L227 >=20 > https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_kvm.c#L143-L14= 4 >