BSDCan2018 - 1.54
BSDCan 2018
The Technical BSD Conference
| Speakers | |
|---|---|
|
Florian Obser |
| Schedule | |
|---|---|
| Day | Talks #2 - 9 June - 2018-06-09 |
| Room | DMS 1140 |
| Start time | 16:00 |
| Duration | 01:00 |
| Info | |
| ID | 929 |
| Event type | Lecture |
| Track | Hacking |
| Language used for presentation | English |
slaacd(8)
A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon
For IPv6 stateless address auto configuration the KAME IPv6 stack, shared by all the BSDs, parses router advertisement messages in the kernel. These messages are fairly complicated, with optional parts and varying lengths. Parsing them is dangerously close to string handling in the kernel. If a mistake is made only a few mitigations stand in the way of a full-system compromise.
Moving this functionality to user land with much more powerful mitigations is prudent.
We present slaacd, the stateless address auto configuration daemon. It was written from scratch following the well established pattern of privilege separated OpenBSD daemons.
We will show how pledge(2) annotations guided the privilege separation, leading to a secure design. Other systems that lack OpenBSD's pledge annotations and kernel enforcement can still benefit from the secure design when slaacd gets ported to them.