From owner-freebsd-security@freebsd.org Wed Mar 9 16:22:16 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6545AC9B85 for ; Wed, 9 Mar 2016 16:22:15 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E24A278 for ; Wed, 9 Mar 2016 16:22:15 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qg0-x22e.google.com with SMTP id t4so45780262qge.0 for ; Wed, 09 Mar 2016 08:22:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=cdpEmDXEkeuocFMl1SLtGFANxlae0K4WNkgjOV1WBVw=; b=IltHIvg2HdRVgeH8Xdn6xEWmlX3U4zZMgLj3PiEnUZ2l9nDQRDc0OuSGQO/x/phH1U 8yrOZEcbZycr50C4XGfRXyNztEB+2Vmvgl7ARaCrp79M7fQzx+ObLgagef/gaPzr4Urm 7K5pcbRmgg/c/UjSnpNratzq+jHR6pnYUoauHVdvPOTp+sXa8LdAeQI9bylBooOEE7Po ezIGBCJtrThslswAXH1aqv43YSAOce+Y70DsI2NMpUnYb0uzOLjZ+Adg0SLZbiF+FMWT dtkpOJkRgPDtU3KZ1IAW2bw/VE54bYhvzRyy/zvGYWt5EBXlTn3jthYrbwIlFOm3Oiv9 B0xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=cdpEmDXEkeuocFMl1SLtGFANxlae0K4WNkgjOV1WBVw=; b=dneJO4YuY2z1n37ymsuBzOEV+ODJaXu0mjbX/tJqwcFz6YO1b27v9fdpg/W7P8WVIc bGDm1k7PKRG5fZBpfQMFtfB/yie0GU3dypTmEBZfxGSHAIhbGBX5mvwQ7KRxlh3FD8dA LZECktZntJerbINZsOYLkWYmsb+Go2gjJYNUaqDpMFjS+s8KTnxi/oOOvM7NQwEvMVHH cCyru9gDhvKtVjYgn1kHfnc82GAnSXNnEA/6/5pePzD24c59plTdrI87NnSjTNd4hTFP NuTd+h3tQWUcHUSR4ioiEdY93g34xsi5hxs60yrnUsYVszc2N1QaEC7zLffk2cL6PXPW fsZA== X-Gm-Message-State: AD7BkJK1YtE+UouLkivdYyUKiREzJp7iTRiSKHLlwlCsEuflsMKS2vjumZJqzMT5hoHVM03u X-Received: by 10.140.201.209 with SMTP id w200mr46975566qha.57.1457540534646; Wed, 09 Mar 2016 08:22:14 -0800 (PST) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id c66sm3926524qha.27.2016.03.09.08.22.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 09 Mar 2016 08:22:13 -0800 (PST) Date: Wed, 9 Mar 2016 11:22:10 -0500 From: Shawn Webb To: Big Lebowski Cc: Piotr Kubaj , freebsd-security Subject: Re: Will 11.0-RELEASE include ASLR? Message-ID: <20160309162210.GA42303@mutt-hardenedbsd> References: <56E02D95.9020303@anongoth.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 16:22:16 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable (Responding inline) On Wed, Mar 09, 2016 at 04:05:12PM +0000, Big Lebowski wrote: > Hi Piotr, >=20 > There are people who can probably answer it better, but until they do, I > can share what I've heard about it: on the FreeBSD side there are few > things that stop ASLR implementation: >=20 > - there's no actual agreement between the influencial developers on wether > ASLR is viable or needed in first place Some FreeBSD developers think ASLR would be a good addition and others don't. We at HardenedBSD believe that ASLR provides a great foundation for further exploit mitigation technologies. We don't hold the belief that ASLR is the "end-all-be-all" of security as some would like you to believe. > - there was no planning or discussion how to implement ALSR in FreeBSD, > Shawn simply started writing the code, and some developers would like to > discuss and plan things first Discussions took place over a period of over two years. I was very cooperative. If you take a look at the two reviews on FreeBSD's Phabricator instance (linked to below), you'll notice that there's a lot of back-and-forth discussion. > - there are doubts expressed in the code reviews about code quality and > compliance to FreeBSD standards. Some developers dedicated their time to > review the code and provide feedback, there were few cycles of rewrite, > review, rinse, repeat, but if you'd look into the reviews, Shawn closed > them, and I understand they'd only be considered for inclusion if they'd > meet the code quality standards expected Initial patches did not meet code quality standards. However, those style(9) violations were fixed early on. Even though the patches on Phabricator are closed, they can still be looked at for independent review. However, the code is now old and does not reflect the current implementation in HardenedBSD. We closed the reviews so that we could focus on making HardenedBSD great, not because of the lack of code quality. I'm not sure whether the patches would be considered for inclusion. That's up to FreeBSD to decide. Given that the last patch went months without any input from FreeBSD--input that was promised to be delivered. >=20 > As a side note, one person saying 'ASLR implementation is finished' and > proper ASLR implementation that's properly tested, functional and not in > fact opening other security issues are two vastly different things, that > should be approached very carefully. Does "being tested over the period of three or so years through many full package builds, production deployments, and dogfooding" not mean "properly tested?" What does "properly tested" mean to you? The developers at HardenedBSD make it a point to run HardenedBSD on all their hardware--even laptops. HardenedBSD has been available for over two years, so it can be tested by anyone who downloads it and runs tests themselves. If there's a test you'd like me to run, please let me know. Thanks, Shawn Original Phabricator review: https://reviews.freebsd.org/D473 (warning: huge load time since this review spans around two years). New Phabricator review for a smaller prereq patch: https://reviews.freebsd.org/D3565 Thanks, Shawn >=20 > Cheers, > BL >=20 > On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj wrote: >=20 > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Shawn Webb has recently announced that ASLR is complete on HardenedBSD. > > There are patches ready for FreeBSD to use and it's ready to be shipped > > in FreeBSD. However, for some reason FreeBSD developers do not want to > > ship ASLR in FreeBSD. Why can't it be included at least as non-default > > src.conf option and marked as experimental? > > > > FreeBSD is the only OS that matters that doesn't have ASLR. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2 > > > > iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH > > tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ > > xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM > > Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA > > n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG > > 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb > > oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf > > CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM > > 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic > > KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC > > IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW > > OdRGf2V3trcK664nKgEA > > =3DlM/6 > > -----END PGP SIGNATURE----- > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.= org > > " > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW4E2vAAoJEGqEZY9SRW7uC58P/REKa/2MuNFigeLu9/cbEYlA 8q0wWeNsPd34LxnJX82TT+Wutsd75PHDKXsI+IuwuRbaBY/CK73GKn0L17OM50+3 crXbbvfQUu6Fh2ui9z69wGTZG9lNQLir4JL9WLQ3Q4WwtFHBOuf/JL8/XPBL6DiZ 2WsX11p+JP1cC6uMpeuXij/0DdShcoh121hBJK+thzz09/2kf0dcqdbcPGB5D8GI H1b+pM3b0w1bKbkziTOLwBZ4D0xcDYIZ1n40YaS/WuZ8RwNHOUoOXE93ZwdcF6Z/ lWn7gL7jawwnEusKYvZc1oY5ZOVKib+ra7+HSJyN3XDSoo4fOoGDRwfx0vYeotpF mgS0dkWhvTmHrnL04ZspOF9JWvB5NyKFZAuhwolBH5ze/JRG4FV5dpoL807FVv6s nhKn6qBjvsH+Jd6eIAvodWkupdvVMuCWM52bOFISfpPG5Nk5Z4QrMSKdWwP7MHPl T/0HICXJKv3QgmXfMTplvPK5h2DFHrJKoCeNEoZM26JTJZVsmHZqkpzly2IoIc6K uTQiQZru2ekJzDlFJRPmiKq7k8oEjZYILZtQfvCzyTvBC5WAe2T6QwaWno/Llvyo IYALlySWIKPXxxG7/V6YJeytQ77EwYJFbzIOVc5DDxpuXnnNsmsW3UBaWcdDYGOJ v7CdCswIYWtY4vNEMjkD =X6e1 -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--