From owner-freebsd-security@freebsd.org Sun Sep 20 18:44:42 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33D8CA0555A; Sun, 20 Sep 2015 18:44:42 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id E3ACA14E1; Sun, 20 Sep 2015 18:44:41 +0000 (UTC) (envelope-from des@des.no) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 806178C35; Sun, 20 Sep 2015 18:44:33 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 57292851F; Sun, 20 Sep 2015 20:44:33 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Slawa Olhovchenkov Cc: grarpamp , freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds References: <86vbb7dhaa.fsf@nine.des.no> <20150918134804.GU3158@zxy.spb.ru> <86oagzwf8j.fsf@nine.des.no> <20150919125023.GA21849@zxy.spb.ru> Date: Sun, 20 Sep 2015 20:44:33 +0200 In-Reply-To: <20150919125023.GA21849@zxy.spb.ru> (Slawa Olhovchenkov's message of "Sat, 19 Sep 2015 15:50:23 +0300") Message-ID: <868u81vsku.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2015 18:44:42 -0000 Slawa Olhovchenkov writes: > Dag-Erling Sm=C3=B8rgrav writes: > > freebsd-update will most likely be gone in 11. > What is planed for replacement? Packaged base. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Sun Sep 20 18:48:17 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B784AA05740; Sun, 20 Sep 2015 18:48:17 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 746101823; Sun, 20 Sep 2015 18:48:17 +0000 (UTC) (envelope-from des@des.no) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 664C68C3F; Sun, 20 Sep 2015 18:48:16 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 453438521; Sun, 20 Sep 2015 20:48:16 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Dmitry Morozovsky Cc: Slawa Olhovchenkov , freebsd-security@freebsd.org, grarpamp , freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds References: <86vbb7dhaa.fsf@nine.des.no> <20150918134804.GU3158@zxy.spb.ru> <86oagzwf8j.fsf@nine.des.no> Date: Sun, 20 Sep 2015 20:48:16 +0200 In-Reply-To: (Dmitry Morozovsky's message of "Sat, 19 Sep 2015 15:44:10 +0300 (MSK)") Message-ID: <864mipvsen.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2015 18:48:17 -0000 Dmitry Morozovsky writes: > Dag-Erling Sm=C3=B8rgrav writes: > > freebsd-update will most likely be gone in 11. > Are there any published plans available? The plan is for 11 to have a fully packaged base system. There should be some information in developer summit reports on the wiki. The code is in projects/release-pkg. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Mon Sep 21 09:06:14 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C2CCA06851; Mon, 21 Sep 2015 09:06:14 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC23A1AA9; Mon, 21 Sep 2015 09:06:13 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id t8L95xnr011616; Mon, 21 Sep 2015 12:05:59 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Mon, 21 Sep 2015 12:05:59 +0300 (MSK) From: Dmitry Morozovsky To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org, grarpamp , Slawa Olhovchenkov Subject: Re: HTTPS on freebsd.org, git, reproducible builds In-Reply-To: <864mipvsen.fsf@nine.des.no> Message-ID: References: <86vbb7dhaa.fsf@nine.des.no> <20150918134804.GU3158@zxy.spb.ru> <86oagzwf8j.fsf@nine.des.no> <864mipvsen.fsf@nine.des.no> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Mon, 21 Sep 2015 12:06:00 +0300 (MSK) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Sep 2015 09:06:14 -0000 On Sun, 20 Sep 2015, Dag-Erling Sm?rgrav wrote: > > > freebsd-update will most likely be gone in 11. > > Are there any published plans available? > > The plan is for 11 to have a fully packaged base system. There should > be some information in developer summit reports on the wiki. The code > is in projects/release-pkg. That sounds very promisive! Unfortunately I couldn't find any report on the wiki... -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ From owner-freebsd-security@freebsd.org Thu Sep 24 18:27:31 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AE71A08293 for ; Thu, 24 Sep 2015 18:27:31 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm33-vm8.bullet.mail.bf1.yahoo.com (nm33-vm8.bullet.mail.bf1.yahoo.com [72.30.238.198]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4AEE1640 for ; Thu, 24 Sep 2015 18:27:27 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1443119081; bh=N2SgLrxY3SbkJnUeWnv2oRy6/t9f0dAkIx9DG07vA60=; h=To:From:Subject:Date:From:Subject; b=OUCDs3DO0MSJJiaeu0ZxmY6nTR2Z6oZvnMItIO6xsxPxvJ6lueBDI3CqXAuhOVWRpLaPLDFPvjhREqWqRl5tivxvL5L2VEEvutdUNg1AN0VxwdOhExeLiOcDcL8S8io5/rXJc+XdnfHYnOE3A/G3ecbnzrVMpI6NudNbLY/zjeyd9cw5Ofaeopnsxd7fSdox/tgSAxXOQLycNOxoi3+pFI/bB5sp5XqT53oz2ipDwAEZESs2gZvHyZ0XIEOXU79tzU1YK/Q33cYH4RJ5WXDx9o+llAtFND6Xm1VRXvSRN5/8jZrar1WE8eAPPwjR3f50CKxtiv9pO75yGiekguJUig== Received: from [66.196.81.174] by nm33.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 Received: from [98.139.211.162] by tm20.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 Received: from [127.0.0.1] by smtp219.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 X-Yahoo-Newman-Id: 657907.93606.bm@smtp219.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: JQtQa2UVM1kwFD4BCn3w54Tksu2AOWkxNMtsNq1LZ1x4xdt IgYezRvaOePVnfs963BpWaaS4DFbidqB2Z0pDxa8IdzulvcHBlYqPPwXRC5s dWuKPpiatfbHzjOZuGksE6Npsvilj49cKhqRJywXJ2uZklibF1jU_PjYZZxm sVJnBAkS.N58xNtZdYsRcq8yZP.XPzR7uu6GNxJ4K_K9eVpMg09NUbQNxY5W lExs2EcEKw.Z8mOQCZC2xWAj36KvFJmRh5LGcH6W9aJbUNnmaf9TUSZCbRTW NJVqCO52_QuHKSGZWa.qlcu5nlvPK1yAOYmVtpcFWX3cZ10c6H3QSCa0tumZ iolkgKHzSxaReDh7AR8Jnw0n5CTuhlZYAUh9EX3dKR3KTdnRZqOVdoKLZouH KKUf5jJxFaszfRzEAmxITb0rivrwbI5pZUnZZS5s7Dc9IbVy8Q8sKjzVbuJK NKTqRfv9n85RVl0QDdK.wyFJiSwGBpc_35gjsHxLCslWQpRyJxaaEkksj_Y4 hXXIoYhj4zANW_cDrPuZRaUXqNABRN_Xj X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf To: freeBSD-security@FreeBSD.org From: Pedro Giffuni Subject: RFC Stack protector strong Message-ID: <56043FEF.7040307@FreeBSD.org> Date: Thu, 24 Sep 2015 13:24:47 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 24 Sep 2015 19:02:50 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2015 18:27:31 -0000 (excuse me if you get this message repeated .. I hit the wrong list previously) Hello; Our current stack protection is very weak (about 1-2 % coverage). Google engineers have developed a new level of protection (about 20% coverage) that according to Google and Redhat has a negligible impact on performance. I have opened a code review with a simple update to the default setting for our stack protector: https://reviews.freebsd.org/D3463/ Sadly I haven't received much feedback. I have no hurry to commit this but as stated in the review I think it is worthwhile. I don’t expect any issue, but it would be better to apply this change soonish rather than later so any collateral issues are detected and worked out with ample time before 11-Release. Any objection? If there is no feedback I will just play with other things. Pedro. From owner-freebsd-security@freebsd.org Thu Sep 24 21:09:32 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F06EA077C3 for ; Thu, 24 Sep 2015 21:09:32 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 62C1B124E for ; Thu, 24 Sep 2015 21:09:32 +0000 (UTC) (envelope-from marquis@roble.com) Received: from secure.postconf.com (mx5.roble.com [206.40.34.5]) by mx5.roble.com (Postfix) with ESMTP id 94B2C6784B for ; Thu, 24 Sep 2015 14:09:25 -0700 (PDT) Date: Thu, 24 Sep 2015 14:09:25 -0700 Subject: vuln.xml to oval script? From: "Roger Marquis" To: freebsd-security@freebsd.org Reply-To: marquis@roble.com MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2015 21:09:32 -0000 Anyone familiar with the OS repositories for OVAL ? Considering how similar these dbs are to vuln.xml it seems odd that FreeBSD is not represented as a "supported operating system". If any XML devs are reading this, how difficult would it be to write a translation script? Roger Marquis From owner-freebsd-security@freebsd.org Fri Sep 25 02:54:01 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B5C0A071DF for ; Fri, 25 Sep 2015 02:54:01 +0000 (UTC) (envelope-from mark@foster.cc) Received: from mail.foster.cc (omega.foster.cc [104.236.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 09C6D1E3D for ; Fri, 25 Sep 2015 02:54:01 +0000 (UTC) (envelope-from mark@foster.cc) Received: from localhost (localhost [127.0.0.1]) by mail.foster.cc (Postfix) with ESMTP id 8008D1231D3; Thu, 24 Sep 2015 22:48:15 -0400 (EDT) Received: from mail.foster.cc ([127.0.0.1]) by localhost (omega.foster.cc [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hyCgAlnbAM32; Thu, 24 Sep 2015 22:48:14 -0400 (EDT) Received: from [10.0.0.18] (c-24-18-81-12.hsd1.wa.comcast.net [24.18.81.12]) by mail.foster.cc (Postfix) with ESMTPSA id B28981231C2; Thu, 24 Sep 2015 22:48:14 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: vuln.xml to oval script? From: Mark Foster X-Mailer: iPhone Mail (13A344) In-Reply-To: <20150924211000.4B6DE123189@mail.foster.cc> Date: Thu, 24 Sep 2015 19:48:35 -0700 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20150924211000.4B6DE123189@mail.foster.cc> To: marquis@roble.com X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 02:54:01 -0000 I have this some though a couple of years ago. Some of the attributes didn't= seem to map cleanly. I think the conversion would be possible once the fiel= d map was figured out. The date time and version representations in particular would need massaging= . Also I recall OVAL has some variations like remediation that go beyond what v= uln.xml contains. > On Sep 24, 2015, at 2:09 PM, Roger Marquis wrote: >=20 > Anyone familiar with the OS repositories for OVAL > ? Considering how similar these dbs ar= e to > vuln.xml it seems odd that FreeBSD is not represented as a "supported > operating system". >=20 > If any XML devs are reading this, how difficult would it be to write a > translation script? >=20 > Roger Marquis >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org= " From owner-freebsd-security@freebsd.org Fri Sep 25 09:21:50 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 324BCA078E7 for ; Fri, 25 Sep 2015 09:21:50 +0000 (UTC) (envelope-from milios@ccsys.com) Received: from cargobay.net (cargobay.net [198.178.123.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 13EF41436; Fri, 25 Sep 2015 09:21:49 +0000 (UTC) (envelope-from milios@ccsys.com) Received: from [10.5.65.227] (mobile-166-176-251-187.mycingular.net [166.176.251.187]) by cargobay.net (Postfix) with ESMTPSA id 79CC7E61; Fri, 25 Sep 2015 09:16:23 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: RFC Stack protector strong From: "Chad J. Milios" X-Mailer: iPhone Mail (13A344) In-Reply-To: <56043FEF.7040307@FreeBSD.org> Date: Fri, 25 Sep 2015 05:21:52 -0400 Cc: freeBSD-security@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <89B05640-7733-4FAA-8E2C-3209EC546837@ccsys.com> References: <56043FEF.7040307@FreeBSD.org> To: Pedro Giffuni X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 09:21:50 -0000 > On Sep 24, 2015, at 2:24 PM, Pedro Giffuni wrote: >=20 > (excuse me if you get this message repeated .. I hit the wrong list previo= usly) >=20 > Hello; >=20 > Our current stack protection is very weak (about 1-2 % coverage). > Google engineers have developed a new level of protection > (about 20% coverage) that according to Google and Redhat has > a negligible impact on performance. >=20 > I have opened a code review with a simple update to the default > setting for our stack protector: >=20 > https://reviews.freebsd.org/D3463/ >=20 > Sadly I haven't received much feedback. >=20 > I have no hurry to commit this but as stated in the review I think it > is worthwhile. I don=E2=80=99t expect any issue, but it would be better to= apply > this change soonish rather than later so any collateral issues are > detected and worked out with ample time before 11-Release. >=20 > Any objection? If there is no feedback I will just play with other > things. >=20 > Pedro. That URL did not work for me (404). I found what you are directing us toward= instead at https://reviews.freebsd.org/D3463 I like what I'm reading so far, alas I am a nobody. Could you clarify/elaborate what is meant when you say "coverage" and using t= hese approximate percentages as a metric? Compare and contrast the safestack= approach for us, if you would, as well. Please bear with me, I am a C novic= e and what I know about the magic of compilers could fit on a Post-it Note, t= he really small kind. While I acknowledge I have no place in this conversati= on, I think it would draw more people into the discussion if you'd be willin= g to educate us laypeople a little as attempting to teach often exposes the o= verlooked gaps in ones own knowledge. I understand the difference between a heap and a stack, the process model, t= he idea of a virtualized memory address space, kernel and user modes of exec= ution and that is about where my expertise ends. I have a vague understandin= g of how function calls happen, what a system call interface is, an ABI, an I= SA, buffer overflows and such as concepts but little experience with the mec= hanics of any of the aforementioned. I know that things like W^X and MMUs an= d some mythical "rings" exist to make our lives safer and more productive bu= t as for how they work or if we can trust them, I generally must defer to gr= eater minds whom I then judge by superficial traits such as the size and mes= siness of their beards and the variety and age of their shirts, both t- and H= awaiian. Without simply referring me to a full bookshelf of thousand-page books is th= ere a way people such as myself could become more helpful at assessing such a= change? If I enable this on a couple of systems what sorts of breakage or i= mpact should I be looking for? This is an invitation for anyone to enlighten me, not only the original post= er. I'm sure there are a hundred more lurkers afraid to ask. Thank you for contributing.= From owner-freebsd-security@freebsd.org Fri Sep 25 14:49:54 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08B4FA082C4 for ; Fri, 25 Sep 2015 14:49:54 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm38-vm9.bullet.mail.bf1.yahoo.com (nm38-vm9.bullet.mail.bf1.yahoo.com [72.30.239.25]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF1F117DB for ; Fri, 25 Sep 2015 14:49:52 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1443192447; bh=gRA2rC0r75Du7YlByxOyacMb35SQyO3HXCx3QyjKc7s=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=BqMF8xudMNI1aIdTgsV7HXA/1WC9cbXPG9+6d5pATshk89ZIbgiL3JYfY0ywjM1bUkR/96Mq+YLSs6xO/cwanjisV5jZWyh03yW6BvYWO3CVqL9l72FIoQF1vBn46Vtb9FGViaJM7MXLPK38z5msf7sXb0cUIjyuWnROA9pp/ca6J0sakpLLiGZLK+W1+aa3wx6VVqP4H9XOIQfLTVnLo1ajYqWOXaWnp1j4Z6S3WZRSILntvLNIZd1BCHmfFB7u66zGihpbaKTTEoy/XU1ae11nuA2PkSBQozZF1uZMkYZgQBZJG7gx2MAK32d4kMokCtug360BFAg4gP6fba2fNg== Received: from [66.196.81.170] by nm38.bullet.mail.bf1.yahoo.com with NNFMP; 25 Sep 2015 14:47:27 -0000 Received: from [98.139.211.161] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 25 Sep 2015 14:47:26 -0000 Received: from [127.0.0.1] by smtp218.mail.bf1.yahoo.com with NNFMP; 25 Sep 2015 14:47:26 -0000 X-Yahoo-Newman-Id: 978490.41782.bm@smtp218.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 2FpQCzUVM1m9N63hXdTxOCLh.ZTSCEIlcMSB6Brxq9bbu3u BAC_0SWm2rRd6EDrj_RCto8h7qHGSRVn1pYFIH8QEgO1KI7a32O4fa_6KAbU hhIwr_.cDs1uJribRgGII1VlJ7PSuoL2uFK1P6WP9UGxBJqVsrvqn9Gm3Psi XUOLlmkUEOMygm0ihjdo.ExSDpA69mZFIFK2puGbcd.kba2SV5OdN0_VadQ_ Tr_cS4dKgd2T7yynYfT3WNfsNXBkHlOhO6FojshI_IiaBpr.I2J1c9Ff9Wfo G_PEQQD29v1zaTixjmMkXU8GftfZgsJp.mD2W.dc38ZRivOyVElMpNwk_6eh U07wceMETyMrIVpW.r_P3PkS_ZR_wXdQafZ.NpROYtt0b56WnYfh9uPgWgHy 5xosWejf_HCWt_ITCJXoup3qkVF1_frq3AnyhGq7JWnUeGdJZnZNI117HkOm AZWUaDovehZ_zuH6CRLstDgNxbgZa.j061o7LFmdhM8nTfF7Cs6j6LaQSR99 QXJ2U4m_402zoS0fA9Q1P5EsAuTp1KYpB X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Subject: Re: RFC Stack protector strong To: "Chad J. Milios" References: <56043FEF.7040307@FreeBSD.org> <89B05640-7733-4FAA-8E2C-3209EC546837@ccsys.com> Cc: freeBSD-security@FreeBSD.org From: Pedro Giffuni Message-ID: <56055E86.3090505@FreeBSD.org> Date: Fri, 25 Sep 2015 09:47:34 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <89B05640-7733-4FAA-8E2C-3209EC546837@ccsys.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 14:49:54 -0000 On 09/25/15 04:21, Chad J. Milios wrote: >> On Sep 24, 2015, at 2:24 PM, Pedro Giffuni wrote: >> >> (excuse me if you get this message repeated .. I hit the wrong list previously) >> >> Hello; >> >> Our current stack protection is very weak (about 1-2 % coverage). >> Google engineers have developed a new level of protection >> (about 20% coverage) that according to Google and Redhat has >> a negligible impact on performance. >> >> I have opened a code review with a simple update to the default >> setting for our stack protector: >> >> https://reviews.freebsd.org/D3463/ >> >> Sadly I haven't received much feedback. >> >> I have no hurry to commit this but as stated in the review I think it >> is worthwhile. I don’t expect any issue, but it would be better to apply >> this change soonish rather than later so any collateral issues are >> detected and worked out with ample time before 11-Release. >> >> Any objection? If there is no feedback I will just play with other >> things. >> >> Pedro. > > That URL did not work for me (404). I found what you are directing us toward instead at https://reviews.freebsd.org/D3463 > > I like what I'm reading so far, alas I am a nobody. > Well, I am a mechanical engineer, I am not supposed to know about this things either ;). > Could you clarify/elaborate what is meant when you say "coverage" and using these approximate percentages as a metric? Compare and contrast the safestack approach for us, if you would, as well. Please bear with me, I am a C novice and what I know about the magic of compilers could fit on a Post-it Note, the really small kind. While I acknowledge I have no place in this conversation, I think it would draw more people into the discussion if you'd be willing to educate us laypeople a little as attempting to teach often exposes the overlooked gaps in ones own knowledge. > Well, adding the so-called canaries within the executables is something that that involves performance issues. Both GCC and clang implement stack-protector-all but nobody uses it except for very special cases (sshd, perhaps), The default is to only use canaries in a restricted set of functions that are likely to be more vulnerable. A Redhat developer made a nice summary of this and other security measures here: https://youtu.be/T4NadnbfYjY He also includes the metrics for the stack protection. > I understand the difference between a heap and a stack, the process model, the idea of a virtualized memory address space, kernel and user modes of execution and that is about where my expertise ends. I have a vague understanding of how function calls happen, what a system call interface is, an ABI, an ISA, buffer overflows and such as concepts but little experience with the mechanics of any of the aforementioned. I know that things like W^X and MMUs and some mythical "rings" exist to make our lives safer and more productive but as for how they work or if we can trust them, I generally must defer to greater minds whom I then judge by superficial traits such as the size and messiness of their beards and the variety and age of their shirts, both t- and Hawaiian. > > Without simply referring me to a full bookshelf of thousand-page books is there a way people such as myself could become more helpful at assessing such a change? If I enable this on a couple of systems what sorts of breakage or impact should I be looking for? > I wouldn't expect any breakage: the stack protector attempts to prevent buffer overflows from happening. Buffer overflows are errors: nothing good comes from them. I won't make any hard claims but it should be the case that FreeBSD has no buffer overflows and the stack protector will never kick in (famous last words ;)). We haven't ever, and likely will never ever, enable stack-protector-all due to performance issues and if the stronger protector had a serious performance impact it would be disabled. I won't really talk about safestack, I understand it is meant to be much better but I am unaware about how complete it is or the support status on stock FreeBSD. > This is an invitation for anyone to enlighten me, not only the original poster. I'm sure there are a hundred more lurkers afraid to ask. > > Thank you for contributing. > Welcome, Pedro.