BSDCan2018 - 1.54

BSDCan 2018
The Technical BSD Conference

Florian Obser
Day Talks #2 - 9 June - 2018-06-09
Room DMS 1140
Start time 16:00
Duration 01:00
ID 929
Event type Lecture
Track Hacking
Language used for presentation English


A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon

For IPv6 stateless address auto configuration the KAME IPv6 stack, shared by all the BSDs, parses router advertisement messages in the kernel. These messages are fairly complicated, with optional parts and varying lengths. Parsing them is dangerously close to string handling in the kernel. If a mistake is made only a few mitigations stand in the way of a full-system compromise.

Moving this functionality to user land with much more powerful mitigations is prudent.

We present slaacd, the stateless address auto configuration daemon. It was written from scratch following the well established pattern of privilege separated OpenBSD daemons.

We will show how pledge(2) annotations guided the privilege separation, leading to a secure design. Other systems that lack OpenBSD's pledge annotations and kernel enforcement can still benefit from the secure design when slaacd gets ported to them.