[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solo5 security features

To: Thomas Gazagnaire <thomas@xxxxxxxxxxxxxx>
From: Adam Steen <adam@xxxxxxxxxxxxxxxx>
Date: Thu, 18 Jan 2024 21:35:31 +0000
Cc: Joe <joe@xxxxxxx>, mirageos-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 18 Jan 2024 21:36:13 +0000
Feedback-id: 5603712:user:proton
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Looking at the tests 
https://github.com/Solo5/solo5/blob/master/tests/tests.bats#L345-L386

Solo5 on OpenBSD Supports
- read not write (rnow)
- W^X (xnow, wnox)
- excuse no read (xnor)
- read no excute (rnox)

Cheers
Adam


On Friday, 19 January 2024 at 00:14, Joe <joe@xxxxxxx> wrote:

> On 1/2/24 21:29, Thomas Gazagnaire wrote:
> 
> > Hey there,
> > 
> > Do we have an up-to-date table of the defense-in-depth security features 
> > enforced by solo5 on the different targets?
> > 
> > So far I found:
> > - W^X: https://github.com/Solo5/solo5/issues/303 -> not sure exactly where 
> > this is enforced nowadays. The tests in 
> > https://github.com/Solo5/solo5/pull/363/files seems to say that this only 
> > works on spt?
> 
> 
> https://github.com/Solo5/solo5/pull/447/files looks like hvt_openbsd
> also supports this.
> 
> Also of note:
> https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L138
> 
> https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_freebsd.c#L197-L227
> 
> https://github.com/Solo5/solo5/blob/master/tenders/hvt/hvt_kvm.c#L143-L144
>

References:
- Solo5 security features
  - From: Thomas Gazagnaire
- Re: Solo5 security features
  - From: Joe

Prev by Date: Re: Solo5 security features
Previous by thread: Re: Solo5 security features
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.