From owner-freebsd-arch@FreeBSD.ORG Thu Jul 17 23:54:13 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3BA20AC7 for ; Thu, 17 Jul 2014 23:54:13 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 080542F69 for ; Thu, 17 Jul 2014 23:54:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s6HNsCLm094099 for ; Thu, 17 Jul 2014 23:54:12 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s6HNsCOP094095 for freebsd-arch@freebsd.org; Thu, 17 Jul 2014 23:54:12 GMT (envelope-from bdrewery) Received: (qmail 13543 invoked from network); 17 Jul 2014 18:54:09 -0500 Received: from unknown (HELO blah) (freebsd@shatow.net@67.182.131.225) by sweb.xzibition.com with ESMTPA; 17 Jul 2014 18:54:09 -0500 Message-ID: <53C8621E.5040101@FreeBSD.org> Date: Thu, 17 Jul 2014 18:54:06 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-arch@freebsd.org Subject: Re: [RFC] ASLR Whitepaper and Candidate Final Patch References: <20140711232914.GH41807@pwnie.vrt.sourcefire.com> In-Reply-To: <20140711232914.GH41807@pwnie.vrt.sourcefire.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: PaX Team , alc@rice.edu, Oliver Pinter , des@freebsd.org, Shawn Webb X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2014 23:54:13 -0000 On 7/11/14, 6:29 PM, Shawn Webb wrote: > Hey All, > > Oliver Pinter and I have been working hard on our ASLR implementation. > We're now in the final stages of development and would like to get > feedback from the community. I've attached to this email a small > whitepaper that details our implementation and the accompanying patch. > > There is one part of the patch that I wrote that is quite an ugly hack > and would like to get some feedback on. I added a little hack to > sys_mmap() to apply ASLR to calls to mmap(2) when MAP_32BIT is > specified. I'd like to remove that ugly hack to something a bit more > beautiful, so if anyone has any suggestions, I'm all ears. > > Other than that ugly hack, the code adheres to FreeBSD's style(9) > standards. I believe we have an awesome implementation, one I've > personally been using without issue for months. > > I'm looking forward to your comments and questions. I've CC'd the PaX > team. Please keep them CC'd in your replies. > > Thank you very much, > > Shawn Webb > CC: PaX Team > CC: Oliver Pinter > CC: des@freebsd.org > CC: alc@rice.edu > CC: bdrewery@freebsd.org > > PS - Sorry for the duplicate emails. I hit the wrong key and didn't CC > everyone. I plan to review and test this and then commit it likely next weekend (7/27). I would do it sooner but will be busy next week. One big shortcoming I reported to Shawn was lack of committable documentation. He is working on that now. There was a lot of outrage over the NO_PIE commit which seemed to be much more directed at ASLR and its support scope across the system than the simple -fPIE change that was committed. If anyone has any concerns please do speak up now with constructive input. I am leaning towards leaving by PIE/ASLR off by default on head until more widespread testing can be done. Eventually we will want it enabled by default though. -- Regards, Bryan Drewery