Skip to content

Latest commit

 

History

History
65 lines (36 loc) · 1.27 KB

SECURITY.md

File metadata and controls

65 lines (36 loc) · 1.27 KB

Security

Security is not binary. Software is not 'secure' or 'insecure'. It's more of a spectrum.

This document contains any pro-active measures we've enabled.

ASLR:

  • Stack Randomization

  • Heap Randomization

  • Library Randomization

  • Binary Randomization

KASLR:

  • Kernel Load Address Randomization

  • Klib Load Address Randomization

Page Protections:

  • Stack Execution off by Default

  • Heap Execution off by Default

  • Null Page is Not Mapped

  • Stack Cookies/Canaries

  • Rodata no execute

  • Text no write

  • Guard gap between process stack and adjacent mapping

Random Number Generation:

  • virtio-rng driver

  • rdseed and rdrand CPU instructions on x86 platforms

By default neither the user application nor the interpreter is allowed to be overwritten.

Optional 'exec_protection' may also be turned on where one needs to explicitly mark files as executable. When this is turned on the application can not modify the executable and cannot create new executable files.

Nanos also supports the pledge and unveil syscalls from OpenBSD for more restricted operating modes.

Other Considerations

  • Single Process

  • No Users

  • No Shell

To report security issues email security @ . We don't do PGP. (https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f)