From ae719a8e515861790ba6c07dd871e1d639a86ed6 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Mon, 20 Mar 2023 13:30:12 +1100 Subject: [PATCH] docs: include hardening in measures (#5093) --- docs/content/en/contributing/prologue/financial.md | 4 +++- docs/content/en/overview/security/measures.md | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/content/en/contributing/prologue/financial.md b/docs/content/en/contributing/prologue/financial.md index 1e82a1ab8..46eca384e 100644 --- a/docs/content/en/contributing/prologue/financial.md +++ b/docs/content/en/contributing/prologue/financial.md @@ -44,4 +44,6 @@ We are currently directly looking for someone to sponsor: * [Security Audit](../../policies/security.md#help-wanted) -To see a list of our sponsors pleaase see the [sponsors section](../../information/about.md#sponsors) on the about page. +To see a list of our sponsors please see the [sponsors section](../../information/about.md#sponsors) on the about page. + +[Open Collective]: https://opencollective.com/authelia-sponsors diff --git a/docs/content/en/overview/security/measures.md b/docs/content/en/overview/security/measures.md index 5cd77d588..88714dd16 100644 --- a/docs/content/en/overview/security/measures.md +++ b/docs/content/en/overview/security/measures.md @@ -75,6 +75,14 @@ Lastly Authelia's implementation of Argon2id is highly tunable. You can tune the (time), parallelism, and memory usage. To read more about this please read how to [configure](../../configuration/first-factor/file.md) file authentication. +## Protections against return oriented programming attacks and general hardening + +Authelia is built as a position independent executable which makes Return Oriented Programming (ROP) attacks +significantly more difficult to execute reliably. + +In addition it is built as a static binary with full relocation read-only support making this and several other +traditional binary weaknesses significantly more difficult to exploit. + ## User profile and group membership always kept up-to-date (LDAP authentication provider) This measure is unrelated to the File authentication provider.