The OPNsense project is growing rapidly and it’s with great pleasure that the OPNsense core team may announce that our team will be strengthened with Shawn Webb. Shawn has already been doing lots of great work and his formal membership is seen as a logical step forward by all of us.
– Jos Schellevis
Over the past year, I have had the wonderful experience of working with the OPNsense core team in porting over HardenedBSD’s robust ASLR
implementation. It is with pleasure and humility that I have accepted their invitation to join the core team. My overarching goal will be to port the main features of HardenedBSD to OPNsense.
Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology that aims to make certain kinds of vulnerabilities
harder to successfully exploit. In order to fully apply ASLR, applications must be compiled as a Position-Independent Executable (PIE). In the short term, my next goal is to enable PIE fully across OPNsense’s ports tree. I’m using HardenedBSD’s ports tree and package building infrastructure as a test bed prior to importing into OPNsense.
OPNsense is investigating migrating to 11.0-RELEASE for its 17.1 release. The Virtual Memory (VM) subsystem has changed drastically between FreeBSD 10 and FreeBSD 11. Since ASLR deals with the VM subsystem, extreme care must be taken in the update of the codebase from FreeBSD 10.3 to 11.0. I will assist in those efforts by freshly porting over the ASLR implementation from HardenedBSD 11.0 to OPNsense’s FreeBSD 11.0 codebase.
I look forward to being a part of the OPNsense core team. The coordination between HardenedBSD and OPNsense will bring a more solid
foundation on which home users and enterprises alike can build secure and scalable networks.
Shawn Webb, on behalf of the OPNsense team.