[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Solo5 security features

To: mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>, solo5@xxxxxxxxxxxxx
From: Thomas Gazagnaire <thomas@xxxxxxxxxxxxxx>
Date: Tue, 2 Jan 2024 21:29:00 +0100
Delivery-date: Tue, 02 Jan 2024 20:29:30 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Hey there,

Do we have an up-to-date table of the defense-in-depth security features 
enforced by solo5 on the different targets?

So far I found:
- W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly where this 
is enforced nowadays. The tests in 
https://github.com/Solo5/solo5/pull/363/files seems to say that this only works 
on spt?
- heap canaries: https://github.com/mirage/ocaml-solo5/issues/48 -> all targets?
- Unmap zero page: https://github.com/Solo5/solo5/issues/296 -> seems to be 
enforced on all targets?
- Stack protector: https://github.com/Solo5/solo5/issues/293 and 
https://github.com/Solo5/solo5/pull/294 -> seems to be enforced for all targets?
- ASLR: https://github.com/Solo5/solo5/pull/310 -> only spt ? As we have 
https://github.com/Solo5/solo5/issues/304 for the  hvt TODO's 

Anything else worth mentioning?

Best,
Thomas

Follow-Ups:
- Re: Solo5 security features
  - From: Joe
- Re: Solo5 security features
  - From: Takayuki Imada

Next by Date: Re: Solo5 security features
Next by thread: Re: Solo5 security features
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.