# SoldieX website.



## rigoletto@ (Jun 14, 2018)

SoldierX, interesting site.

Particular interesting thread.


----------



## Deleted member 30996 (Jun 14, 2018)

I thought I recognized security/libhijack having been mentioned recently.

It was referenced in a youtube video posted recently. I couldn't see by who, possibly Phishfry, on Writing FreeBSD Malware by Shawn Webb of HardenedBSD:


----------



## rigoletto@ (Jun 15, 2018)

I think that is @lattera. He is a really nice guy, it seems. Inclusive he often ask if someone want him to write something; like a module for something or anything like that, on IRC.


----------



## Deleted member 30996 (Jun 16, 2018)

I guess I was most surprised to see that it was part of the ports tree, but why not?

However, as the Red Devil's Advocate in this indictment I must point out while their article is dated 10 January, 2018:



> In the land of red devils known as Beasties exists a system devoid of meaningful exploit mitigations. As we explore this vast land of opportunity, we will meet our ELFish friends, [p]tracing their very moves in order to hijack them. Since *unprivileged process debugging is enabled by default* on FreeBSD, we can abuse PTrace to create anonymous memory mappings, inject code into them, and overwrite PLT/GOT entries. We will revive a tool called libhijack to make our nefarious activities of hijacking ELFs via PTrace relatively easy.
> 
> https://www.soldierx.com/news/libhijack-PoCGTFO-0x17



That is no longer the case and hasn't been since FreeBSD 11.0-RELEASE. It's one of the new System Hardening options available during the installation process I personally advise to disable in my tutorial by setting the following variables, in addition to setting others manually later on:



> Disable reading kernel message buffer for unprivledged users
> Disable process dubugging facilities for unprivledged users
> Ramndomize the PID for newly created processes
> Insert stack guard page ahead of the growable segments



https://forums.freebsd.org/threads/...-set-up-a-freebsd-desktop-from-scratch.61659/

Although, I hope this helps serve to put plans in work of further hardening FreeBSD with Senior Daemons.


----------

