New Core Team Member - HardenedBSD's Shawn Webb

[lattera]

Over the past year, I have had the wonderful experience of working with the OPNsense core team in porting over HardenedBSD’s robust ASLR implementation. It is with pleasure and humility that I have accepted their invitation to join the core team. My overarching goal will be to port the main features of HardenedBSD to OPNsense.

Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology that aims to make certain kinds of vulnerabilities harder to successfully exploit. In order to fully apply ASLR, applications must be compiled as a Position-Independent Executable (PIE). In the short term, my next goal is to enable PIE fully across OPNsense’s ports tree. As this is a feature HardenedBSD also needs, I’m using HardenedBSD’s ports tree and package building infrastructure as a test bed prior to importing into OPNsense.

OPNsense is investigating migrating to 11.0-RELEASE for its 17.1 release. The Virtual Memory (VM) subsystem has changed drastically between FreeBSD 10 and FreeBSD 11. Since ASLR deals with the VM subsystem, extreme care must be taken in the update of the codebase from FreeBSD 10.3 to 11.0. I will assist in those efforts by freshly porting over the ASLR implementation from HardenedBSD 11.0 to OPNsense’s FreeBSD 11.0 codebase.

I look forward to being a part of the OPNsense core team. The coordination between HardenedBSD and OPNsense will bring a more solid foundation on which home users and enterprises alike can build secure and scalable networks.

Stay safe,

Shawn Webb, on behalf of the OPNsense team.