From owner-freebsd-arch@FreeBSD.ORG Tue May 19 21:29:40 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6B21AE94 for ; Tue, 19 May 2015 21:29:40 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48BB21822 for ; Tue, 19 May 2015 21:29:40 +0000 (UTC) Received: from ralph.baldwin.cx (pool-173-54-116-245.nwrknj.fios.verizon.net [173.54.116.245]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 305D0B924 for ; Tue, 19 May 2015 17:29:38 -0400 (EDT) From: John Baldwin To: 'freebsd-arch' Subject: Expand ktr mask to 64 bits Date: Tue, 19 May 2015 17:29:36 -0400 Message-ID: <15438042.GxsTiGo31d@ralph.baldwin.cx> User-Agent: KMail/4.14.3 (FreeBSD/10.1-STABLE; KDE/4.14.3; amd64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Tue, 19 May 2015 17:29:38 -0400 (EDT) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2015 21:29:40 -0000 A common topic has been that the current set of KTR masks is bursting at the seams. I've wanted to fix it by providing some sort of per-class mask and other stuff in the past. However, just changing the masks from int to uint64_t will double the bits we have to work with. It's also a very simple change. It turns out we don't actually need to update the mask with atomic ops anyway since the downside of losing races while changing ktr_mask is pretty minor (may get fewer or more traces). Plus, we don't mark ktr_mask as volatile, so the compiler is free to cache its value anyway making several of those races far wider than worrying about changes to two adjacent words. I've put the diff up at https://reviews.freebsd.org/D2595 for anyone who'd like to review. -- John Baldwin From owner-freebsd-arch@FreeBSD.ORG Wed May 20 15:20:09 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5BF634DF for ; Wed, 20 May 2015 15:20:09 +0000 (UTC) Received: from mail-qg0-f51.google.com (mail-qg0-f51.google.com [209.85.192.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1863116E8 for ; Wed, 20 May 2015 15:20:08 +0000 (UTC) Received: by qgew3 with SMTP id w3so25096731qge.2 for ; Wed, 20 May 2015 08:20:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:organization:content-type:mime-version; bh=Fe3TCNGhj3TDxlL2042qgtz1J5YcWOPlE4fSHAzRTDA=; b=XSo4fNlWrZ8xu80Qt3qnVUPpBeRIJs85A+WM6QG0mX9A+iKB7/0sXWTMcje5PsqtFz CsNVDl0HUXZBpo1IMpTLsQBPFRusrbSKUUJV0qRa4Wjo2CWkp8zz8cn5QMfsXa5giR1W fV5Okyu/IaydFaSSJUGpj/AJmi+l5sp49TtVkBW6dPOYIEsmuy8r3f4ayrs/f5Nwub6H ec/cP/J7iX1mZc6hLi3QfuorSH983v39c9yZkrLSmirRw6qR/9hjyqmBOT8xt6PPIRA1 pAT6Bbf7ELbgAqbcfZNg2SvfI8jduHgmlt/TOnH1rMWvCDsJpUCSJLikDOIUhI/GtNH8 8Q9Q== X-Gm-Message-State: ALoCoQkNnLysrH4zGRaZGMSN2WqZ8snr0uN3Q8SAbI3mMabrO7IwexhoNMbekIZv28aBCiL2B51H X-Received: by 10.55.41.24 with SMTP id p24mr3734950qkh.55.1432135202576; Wed, 20 May 2015 08:20:02 -0700 (PDT) Received: from [192.168.1.103] ([129.6.250.136]) by mx.google.com with ESMTPSA id x142sm11420040qkx.28.2015.05.20.08.20.00 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2015 08:20:01 -0700 (PDT) Message-ID: <1432135200.4153.3.camel@hardenedbsd.org> Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Warner Losh Cc: Oliver Pinter , Adrian Chadd , "freebsd-arch@freebsd.org" , HardenedBSD Core Date: Wed, 20 May 2015 11:20:00 -0400 In-Reply-To: <9043388.Uf7dufN8KZ@shawnwebb-laptop> References: <1426878339.5550.29.camel@hardenedbsd.org> <9043388.Uf7dufN8KZ@shawnwebb-laptop> Organization: HardenedBSD Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-OOrFFrDjuGwdQ0+P3Tou" X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 15:20:09 -0000 --=-OOrFFrDjuGwdQ0+P3Tou Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2015-03-21 at 10:43 -0400, Shawn Webb wrote: > On Friday, March 20, 2015 03:14:30 PM Warner Losh wrote: > > > On Mar 20, 2015, at 1:05 PM, Shawn Webb > > > wrote: > > >=20 > > > On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote: > > >> On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote: > > >>>> On Mar 19, 2015, at 2:31 PM, Oliver Pinter > > >>>> wrote:>>>>=20 > > >>>> On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd = =20 > wrote: > > >>>>> On 19 March 2015 at 12:56, Warner Losh wrote: > > >>>>>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd > > >>>>>>> wrote: > > >>>>>>>=20 > > >>>>>>> Hi, > > >>>>>>>=20 > > >>>>>>> Apparently this is done but has stalled: > > >>>>>>>=20 > > >>>>>>> https://reviews.freebsd.org/D473 > > >>>>>>>=20 > > >>>>>>> Does anyone have any strong objections to it landing in the tre= e > > >>>>>>> as-is? > > >>>>>>=20 > > >>>>>> There=E2=80=99s rather a lot of them specifically spelled out in= the code > > >>>>>> review. > > >>>>>>=20 > > >>>>>> Many of the earlier ones were kinda blown off, so I=E2=80=99ve n= ot been > > >>>>>> inclined > > >>>>>> to take the time to re-review it. Glancing at it, I see several = minor > > >>>>>> issues that should be cleaned up. > > >>>>>=20 > > >>>>> Cool. Thanks for taking the time to look at it again. > > >>>>>=20 > > >>>>> Shawn is in #freebsd on freenode irc, so if you/others want a mor= e > > >>>>> interactive review then he's there during the day. > > >>>>=20 > > >>>> Please CC the core@hardenedbsd.org in future please, when you are > > >>>> talking about this issue. > > >>>>=20 > > >>>> Adrian: do you able to review the MIPS or ARM part especially or t= est > > >>>> them? > > >>>=20 > > >>> Adrian: Do not commit the changes. > > >>>=20 > > >>> I=E2=80=99ve gone back and re-read Robert Watson=E2=80=99s rather l= ong review and it > > >>> appears that virtually none of that has been addressed. Until it is= , do > > >>> not commit it. This code interacts with dangerous parts of the syst= em, > > >>> and the default cannot be to just let it in because no one has obje= cted > > >>> recently. Objections have been made, they have been quantified, the= y > > >>> haven=E2=80=99t been answered or acted upon. Until that changes, yo= u can assume > > >>> the objections remain in place and asking again without fixing them > > >>> isn=E2=80=99t going to change the answer. > > >>>=20 > > >>> Warner > > >>=20 > > >> Warner, > > >>=20 > > >> We've fixed the vast majority of the concerns raised in that review.= To > > >> say "virtually none of that has been addressed" and "they haven't be= en > > >> answered or acted upon" is a blatant lie. The fact that there are so > > >> many revisions of the patch is proof. We even made our ASLR > > >> implementation for FreeBSD less secure by providing a mechanism in > > >> ptrace() to disable it as requested by a member of the FreeBSD > > >> Foundation. (This "feature" doesn't exist in HardenedBSD's > > >> implementation.) If comments like these continue, I will remove the = diff > > >> from Phabricator and close the BugZilla ticket. FreeBSD can feel fre= e to > > >> pull from us, but we won't make any effort to proactively upstream o= ur > > >> work. > > >>=20 > > >> With that said, I have missed a few of the concerns raised. There's = so > > >> many comments/concerns in that review that it's easy to miss a few. = I > > >> will address them tonight and upload a new patch tomorrow. > > >=20 > > > I've updated the patch. Is there anything I've missed? > >=20 > > I=E2=80=99ve taken a look at the updated patch and see that it addresse= d the > > issues I raised. It almost looks like the update to the review a month > > ago was the wrong version, since so many more of the original > > comments appear to be addressed than when I looked. Thanks! > >=20 > > Warner >=20 > I've updated the patch again. Please let me know if there's anything I've= =20 > missed. Otherwise, I'd love to see this committed in HEAD. :-) >=20 Does anyone have any updates since I last updated the patch over a month ago? What's needed to get this patch in? Thanks, Shawn --=-OOrFFrDjuGwdQ0+P3Tou Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJVXKYgAAoJEGqEZY9SRW7uMoAP/3iKAQXdw/7QiUkQDiTIW7eT +uFb6DZYjMae8UpL+tJv8tg23mInAG2rtdOqg7dWCas2jXRdAm08Fx690mWr2WUE taZzthttecUDpHP+vZ3XENRUOrh38fCwfd8W5uVk8I3JvZaE5UkKXjS9iD3zYMLF Vc+l4mr1tKAUAWTfLsiGwa1TIZUoC5VQOCE9/RPLMXiuTT/IjdaE8OXmyYa40759 ZiC6fvNlKMkLRJYKjEisYsvhHYJ3jHj+7OYNRUBRLKsZ1ci3BSSxXxqO+h4HbIre Lif/IscmskbFCNpxN/X2X07EaaTITRXKnn7fr2lEPSSBCqFqjlwCTKH6Y4rwl9n1 bN9LfIRG45Rr/lHkzlBHH5J3pRMhfh9kzSNRJqbsb/105fXEQDFgDkD8uankYAp+ YC1iz1c5XYDWmUqH7+Ymp7UuqR26HQOlIUzGISZWUuKnkCk3LIJ/lXPrXfuOUK// 82ElchhqT33i175xFhFikJH0v54fW9b4FMhv1ua0cHXzRdP+M6yLD+G2Ekxk3ylM oYRyQtZOO3KPaiDSBm7UvATd+4KHjfupLrOO/GudzJ912KD7RSAnm3YVy+4VGQUR FTsegXUkY56BU/bD+GsuHDRNellIRhbluTPIrcgRXHpOgfGkPACR1CyiQq4bHkC4 jTHw7GUYUv6PbjgNEse1 =Nrv0 -----END PGP SIGNATURE----- --=-OOrFFrDjuGwdQ0+P3Tou-- From owner-freebsd-arch@FreeBSD.ORG Wed May 20 15:32:27 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CEB1B851 for ; Wed, 20 May 2015 15:32:27 +0000 (UTC) Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 95C6F1906 for ; Wed, 20 May 2015 15:32:27 +0000 (UTC) Received: by igbyr2 with SMTP id yr2so105631462igb.0 for ; Wed, 20 May 2015 08:32:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=TIgrHWEzLGOTf92WXS/yh+1ybNDtniBxmTHvK12+7+Y=; b=YX61s5UBVp9zCwyr13ZOzADkwj1FVje1dDdVVY121OBcQbljTRN+mWk37q+4CrETWy Mn9gruzaVAtwFTZiEDhlppJYq/CaeyLqnPT5okdfAq7wu6nHeyLS9r119U1OnX6R6r10 HtX+ZiIkQ8nNUUElN58Ad0y1u84D69zipsYgfQktkyRRzBYWEdi+A4/bO/DC4Vi5/P/E As2vZGvNlOeRS11wyVasB2hDdOQ4aKsQ9/uEkY6vcvffmoQxpVGdmVNXtZBTizGhx0YM ZVHjGzlTyHef1Mi7Mhy18LJAeTaS2OTEbAlJ/JvefaZ0gLnQjzBvAIv/pEQE4igU7G0Q 94mg== MIME-Version: 1.0 X-Received: by 10.107.34.140 with SMTP id i134mr1104618ioi.88.1432135947011; Wed, 20 May 2015 08:32:27 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.36.38.133 with HTTP; Wed, 20 May 2015 08:32:26 -0700 (PDT) In-Reply-To: <1432135200.4153.3.camel@hardenedbsd.org> References: <1426878339.5550.29.camel@hardenedbsd.org> <9043388.Uf7dufN8KZ@shawnwebb-laptop> <1432135200.4153.3.camel@hardenedbsd.org> Date: Wed, 20 May 2015 08:32:26 -0700 X-Google-Sender-Auth: --zIQrFU0G35fHysDMc7IbXBAmQ Message-ID: Subject: Re: ASLR work into -HEAD ? From: Adrian Chadd To: Shawn Webb Cc: Warner Losh , Oliver Pinter , "freebsd-arch@freebsd.org" , HardenedBSD Core Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 15:32:27 -0000 Robert's been busy on a conference presentation. That's happening this week, so I'll poke him about it later in the week and see if he has some more cycles to review things. Thanks! -a On 20 May 2015 at 08:20, Shawn Webb wrote: > On Sat, 2015-03-21 at 10:43 -0400, Shawn Webb wrote: >> On Friday, March 20, 2015 03:14:30 PM Warner Losh wrote: >> > > On Mar 20, 2015, at 1:05 PM, Shawn Webb >> > > wrote: >> > > >> > > On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote: >> > >> On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote: >> > >>>> On Mar 19, 2015, at 2:31 PM, Oliver Pinter >> > >>>> wrote:>>>> >> > >>>> On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd >> wrote: >> > >>>>> On 19 March 2015 at 12:56, Warner Losh wrote: >> > >>>>>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd >> > >>>>>>> wrote: >> > >>>>>>> >> > >>>>>>> Hi, >> > >>>>>>> >> > >>>>>>> Apparently this is done but has stalled: >> > >>>>>>> >> > >>>>>>> https://reviews.freebsd.org/D473 >> > >>>>>>> >> > >>>>>>> Does anyone have any strong objections to it landing in the tr= ee >> > >>>>>>> as-is? >> > >>>>>> >> > >>>>>> There=E2=80=99s rather a lot of them specifically spelled out i= n the code >> > >>>>>> review. >> > >>>>>> >> > >>>>>> Many of the earlier ones were kinda blown off, so I=E2=80=99ve = not been >> > >>>>>> inclined >> > >>>>>> to take the time to re-review it. Glancing at it, I see several= minor >> > >>>>>> issues that should be cleaned up. >> > >>>>> >> > >>>>> Cool. Thanks for taking the time to look at it again. >> > >>>>> >> > >>>>> Shawn is in #freebsd on freenode irc, so if you/others want a mo= re >> > >>>>> interactive review then he's there during the day. >> > >>>> >> > >>>> Please CC the core@hardenedbsd.org in future please, when you are >> > >>>> talking about this issue. >> > >>>> >> > >>>> Adrian: do you able to review the MIPS or ARM part especially or = test >> > >>>> them? >> > >>> >> > >>> Adrian: Do not commit the changes. >> > >>> >> > >>> I=E2=80=99ve gone back and re-read Robert Watson=E2=80=99s rather = long review and it >> > >>> appears that virtually none of that has been addressed. Until it i= s, do >> > >>> not commit it. This code interacts with dangerous parts of the sys= tem, >> > >>> and the default cannot be to just let it in because no one has obj= ected >> > >>> recently. Objections have been made, they have been quantified, th= ey >> > >>> haven=E2=80=99t been answered or acted upon. Until that changes, y= ou can assume >> > >>> the objections remain in place and asking again without fixing the= m >> > >>> isn=E2=80=99t going to change the answer. >> > >>> >> > >>> Warner >> > >> >> > >> Warner, >> > >> >> > >> We've fixed the vast majority of the concerns raised in that review= . To >> > >> say "virtually none of that has been addressed" and "they haven't b= een >> > >> answered or acted upon" is a blatant lie. The fact that there are s= o >> > >> many revisions of the patch is proof. We even made our ASLR >> > >> implementation for FreeBSD less secure by providing a mechanism in >> > >> ptrace() to disable it as requested by a member of the FreeBSD >> > >> Foundation. (This "feature" doesn't exist in HardenedBSD's >> > >> implementation.) If comments like these continue, I will remove the= diff >> > >> from Phabricator and close the BugZilla ticket. FreeBSD can feel fr= ee to >> > >> pull from us, but we won't make any effort to proactively upstream = our >> > >> work. >> > >> >> > >> With that said, I have missed a few of the concerns raised. There's= so >> > >> many comments/concerns in that review that it's easy to miss a few.= I >> > >> will address them tonight and upload a new patch tomorrow. >> > > >> > > I've updated the patch. Is there anything I've missed? >> > >> > I=E2=80=99ve taken a look at the updated patch and see that it address= ed the >> > issues I raised. It almost looks like the update to the review a month >> > ago was the wrong version, since so many more of the original >> > comments appear to be addressed than when I looked. Thanks! >> > >> > Warner >> >> I've updated the patch again. Please let me know if there's anything I'v= e >> missed. Otherwise, I'd love to see this committed in HEAD. :-) >> > > Does anyone have any updates since I last updated the patch over a month > ago? What's needed to get this patch in? > > Thanks, > > Shawn From owner-freebsd-arch@FreeBSD.ORG Wed May 20 15:52:27 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 439031F5 for ; Wed, 20 May 2015 15:52:27 +0000 (UTC) Received: from nm1-vm1.bullet.mail.bf1.yahoo.com (nm1-vm1.bullet.mail.bf1.yahoo.com [98.139.213.163]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EAF521BF2 for ; Wed, 20 May 2015 15:52:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432137139; bh=RJQKKHfNlEIfmBFkGpFklMxDGISlNJV6h/pKGvEVXcI=; h=Date:From:To:Subject:From:Subject; b=RbOzEdYaE5tZsoAEbs0a01FEbi3p/t2Zm/srmK8VsfsClqjcUKPH0LyJWCBPkbV/nx4a45sJwkIhY2+5krMz8jPlVZpBzYdjpbcDIOYuC5Nh4ITXDuVUR0cDVwOIzFjpzkFLlvUupOtUuUhE1QsHH8jr6RbeK0mXpJ4tRs4A4n67HwMZO2jz8+RV/RhXNdKmzWztWy2d++vv37ckz8Oy02jqNXebU/0a7UfN6XCgKwYNvSg+giC6pFeMj6SBdvtjbH+GI5ldBFPsURVOHaAyW7Tbw/G/yAZkfegtozMceRzSx25dd7sAsJWpUcEQcQwBv2m3j0LBhiuurlRAti5OJg== Received: from [66.196.81.170] by nm1.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 15:52:19 -0000 Received: from [98.139.211.206] by tm16.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 15:52:19 -0000 Received: from [127.0.0.1] by smtp215.mail.bf1.yahoo.com with NNFMP; 20 May 2015 15:52:19 -0000 X-Yahoo-Newman-Id: 74966.60384.bm@smtp215.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: kUS0zvkVM1lOk9tIYePtCissYh7_WtVU80CLJUw7Jm5HkzR KMU_1FqJParS5tOXCDR3MORvkurLNejU8t47XY8drl6vmaDK_KxcjIVO6btN wyjrFvMoaZgwuPa44qU7VsAs83GzhAKOY0x5272HNi1p6J68hEkcKrkEjdK8 lzAfONV7avdD_Loz8ZXfU5K1mDnLEMuAeE4XwXWeUJj5JbTm5M.zK8uJePTz aQQSi8ui_41xqc9N.gpDL8czLFJqN5Lo4KPbECO934lZO_BD9t9zYfN9.bKh ZKFuTPhUbNcOKXXFerZvXsCD0LixqTH_4OLWZ5AxUECNn0.sD1tmCIByBbhT OR07yRwy8CRMj7MpRscsEHoz9IHO.yKE9AtRI8._TAS0gCLPSkgzoGH0bR.n NHwHQBHqXcbWSfWfH7jl4vb0d3dZ5dHc9_x8_AFvJ9_x3Yh1Utocb_GWJRwO 3qUbpVn0zDaqWHHh8fFMgnOL1G.1Ok6HR.38W5rM9s7X_SFp1Hwksuj50UC. QLE5E7RskQBWCuNpIZZFn_PeE7Mp3DgTK X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <555CADB6.202@FreeBSD.org> Date: Wed, 20 May 2015 10:52:22 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Shawn Webb , "freebsd-arch@freebsd.org" Subject: Re: ASLR work into -HEAD ? Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 15:52:27 -0000 Hello Shawn; What ever happened to the performance, does it still have a noticeable effect even when disabled? I have no technical opinion on the patch, but ... TBH, the problem I see is that ASLR is so widespread that every potential attacker already knows how to defeat it. Yes, it is meant only as a mitigation technique but if it only buys you 5 min. (at most) I don't see much advantage in obfuscating the VM. Just IMHO ... I am not a player in that area and I don't maintain the underlying code so I don't approve or reject anything. Pedro. From owner-freebsd-arch@FreeBSD.ORG Wed May 20 15:59:34 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 82C06390 for ; Wed, 20 May 2015 15:59:34 +0000 (UTC) Received: from mail-qk0-f182.google.com (mail-qk0-f182.google.com [209.85.220.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3E85F1C5C for ; Wed, 20 May 2015 15:59:33 +0000 (UTC) Received: by qkgx75 with SMTP id x75so34717605qkg.1 for ; Wed, 20 May 2015 08:59:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:organization:content-type:mime-version; bh=+6KciQiK23xpX8swW6hFuPEgIV5zd7BOm1wAKa/7XGQ=; b=iGu+Nt7aKDb8NXRrcJF/TpnGup5X4t1VBcbclpLlZdQewh8TpJ7XMUkWNDAHhmS05G DV/ikuq6h3JUgjzeRVq8slPjoQO5d+kChJnVP4Rg19zXtNUjP6EpeASNusAJsfwxCcH4 0iDcWUqO57O53moqDAwZAxXRgsrWm7IjiMmJra7ORdNCtZpBKFOlELQNIIcP/oaLRTWD /2XyChmJSy7EwCQOj+b+fjtfiUptrQIpwQ+8wcnSgjwaoGS09TeacgjiX+A09TnuZww8 IYP2Usji9xHhOBmy/1qlWRqSKB9Xq+Lum7o+J40jRofZXQ3lIiaK3jw8HWlXSTa2AAEq d8Nw== X-Gm-Message-State: ALoCoQmvMcN4vuBzzpXNGPgMxgEpIbKkA8UfA8rcdzo5NY3YJ8Z0ii5lc1EqmzVrdgOt9Vbb6vsu X-Received: by 10.55.48.193 with SMTP id w184mr68044994qkw.42.1432136242095; Wed, 20 May 2015 08:37:22 -0700 (PDT) Received: from [192.168.1.103] ([129.6.250.136]) by mx.google.com with ESMTPSA id m134sm11299804qhb.30.2015.05.20.08.37.19 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2015 08:37:21 -0700 (PDT) Message-ID: <1432136239.4153.4.camel@hardenedbsd.org> Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Adrian Chadd Cc: Warner Losh , Oliver Pinter , "freebsd-arch@freebsd.org" , HardenedBSD Core Date: Wed, 20 May 2015 11:37:19 -0400 In-Reply-To: References: <1426878339.5550.29.camel@hardenedbsd.org> <9043388.Uf7dufN8KZ@shawnwebb-laptop> <1432135200.4153.3.camel@hardenedbsd.org> Organization: HardenedBSD Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-CBJj3T77+2oJnRHY8NFa" X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 15:59:34 -0000 --=-CBJj3T77+2oJnRHY8NFa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-05-20 at 08:32 -0700, Adrian Chadd wrote: > Robert's been busy on a conference presentation. That's happening this > week, so I'll poke him about it later in the week and see if he has > some more cycles to review things. >=20 > Thanks! >=20 >=20 > -a Sounds good. Thanks for the quick update. Thanks, Shawn --=-CBJj3T77+2oJnRHY8NFa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIbBAABCgAGBQJVXKovAAoJEGqEZY9SRW7u67kP9jmpqqAUkMjvr+75a5aeEzo8 cdx7ugeY5jeuLI4Pq8XvVjdHUROM0HxmN1Rt+wjahNvG4n9NDV/Zi1Ep/h3YPN2H 61j/nBC618aDVQntT16u8wQuUjTbAv9yiZshKCOoTx/MZNIHv/H+wBt9deAwHbUV DzPq9RUGSmrt8Ft6v63oroCQv5C69IH/l1NT39aUp/TQKHsU/arT0oajcDgE7jJu YMwv0SasBbL9riMjNopem+JfbYzqb7r0eeJlB0uNfGppISv4TAohbDLivC0e4f0F oyJmLid4GkOctPq/C48PbLtudSu94i/X2VhEgcI8uAjLkMBeQfcWUpzXWoWYL/5E e3RGTPtGSKd6GMqsLQlHK6jgt9lwVFV2ipZKx/pMFSwN8xlFzQFZa3AUM5s+vEQS o11w/xL2TILx9LObKNZ8GEYa1BKnzc7XCZ1dfVqMpJP0SZ9JdRNY/tYfShWn/NX/ 1ghitu1ZgHdjQysado52d6xWDUXAA8UvdmJD52WnZ2YDMWfG4ucuRnwr77HjROTU p9xGiQFl1Evg9uv7+TtCPtOkF6Bl56Qn/y13IPsMFptr7Xw6pCeIAVxngwhkH0dt MxNQ3MCxGouCVNU+zdW0DcTK49NdLyDbXNThb42ZhpfmR2feMRgehItr08eSja8t 0HAWKf51ZJliGZbbxeo= =yQ9F -----END PGP SIGNATURE----- --=-CBJj3T77+2oJnRHY8NFa-- From owner-freebsd-arch@FreeBSD.ORG Wed May 20 16:28:25 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 478E3F3F; Wed, 20 May 2015 16:28:25 +0000 (UTC) Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 14E121FED; Wed, 20 May 2015 16:28:25 +0000 (UTC) Received: by igbpi8 with SMTP id pi8so106863545igb.1; Wed, 20 May 2015 09:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=vGknbsLFhoIWTytJ0ju/8RQvjYAVTtqhOX7I55ad2O8=; b=gBee1G6D84l3g8ppruw9h3S5YJRRiQcuYyoR3pfpuYuovzrtZUJ/NuTwZ4N4WrCvNL +lzIr5CNzVAub61MtX5pwkT8bC6gEPI9gm9yVEfAMfMT0lqeiWLgXMr3BEoHL7ZSN3Is ZYtQJXGTzT6UEs4hwf077CqhhhFCM2WStbJuOGibO4Xa021WYM6x6fDdO9leniAy0Kcj SQUZPAWoFsYQMxiUiS9yYKm3WYOhjrKym8uFsOBLRd6SX7mYgIOhdB1uo7S5rt6Wivf4 8o6YLyFzzUMpOYb8mfqKY80FJJSHxtAny3HQOqAJf1985aJlBLGSII+6vAXjBao42LJk okWA== MIME-Version: 1.0 X-Received: by 10.43.163.129 with SMTP id mo1mr46067270icc.61.1432139304456; Wed, 20 May 2015 09:28:24 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.36.38.133 with HTTP; Wed, 20 May 2015 09:28:24 -0700 (PDT) Date: Wed, 20 May 2015 09:28:24 -0700 X-Google-Sender-Auth: heknrg_gRX8vsFxF9vYZyv8DXNw Message-ID: Subject: RFC: make UMTX hash table size configurable From: Adrian Chadd To: "freebsd-arch@freebsd.org" , "freebsd-embedded@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 16:28:25 -0000 Hi, This patch makes the umtx hash table size configurable. It saves ~40k of footprint from embedded images. (I can't seem to get phabricator to create a diff based on a set of files, rather than the whole tree. Sigh.) adrian@lucy-11i386:~/work/freebsd/head-embedded/src % svn diff sys/kern/ sys/conf/options Index: sys/kern/kern_umtx.c =================================================================== --- sys/kern/kern_umtx.c (revision 282934) +++ sys/kern/kern_umtx.c (working copy) @@ -29,7 +29,7 @@ __FBSDID("$FreeBSD$"); #include "opt_compat.h" -#include "opt_umtx_profiling.h" +#include "opt_umtx.h" #include #include @@ -184,7 +184,11 @@ PRI_MAX_TIMESHARE : (td)->td_user_pri) #define GOLDEN_RATIO_PRIME 2654404609U +#ifdef UMTX_NUM_CHAINS +#define UMTX_CHAINS UMTX_NUM_CHAINS +#else #define UMTX_CHAINS 512 +#endif /* UMTX_NUM_CHAINS */ #define UMTX_SHIFTS (__WORD_BIT - 9) #define GET_SHARE(flags) \ Index: sys/conf/options =================================================================== --- sys/conf/options (revision 282934) +++ sys/conf/options (working copy) @@ -209,7 +209,8 @@ SYSVSHM opt_sysvipc.h SW_WATCHDOG opt_watchdog.h TURNSTILE_PROFILING -UMTX_PROFILING +UMTX_PROFILING opt_umtx.h +UMTX_NUM_CHAINS opt_umtx.h VFS_AIO VERBOSE_SYSINIT WLCACHE opt_wavelan.h From owner-freebsd-arch@FreeBSD.ORG Wed May 20 16:32:03 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 327D924B for ; Wed, 20 May 2015 16:32:03 +0000 (UTC) Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com [209.85.223.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 044311113 for ; Wed, 20 May 2015 16:32:02 +0000 (UTC) Received: by iebgx4 with SMTP id gx4so43336108ieb.0 for ; Wed, 20 May 2015 09:31:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IiTwmtD7a0LZIKBLgisp6hzuosL5Ypw7HU7rCBvG2TU=; b=dBa8VxRPpcs1JapL+vh83dottoqMUze0+B5QFrAWBJyncEs/2V1LalJxMNHPodla4i 1Ff+mnYT182Okv1wP6ntkJ+6f6u7hWYlEdldQJN9JM0XkKJubiZd3pB7WFB3ZlySpDM7 37tkb+Ztnz824UPiIG7j5Z+qUcod52EhY0mnHu4gEv9sQVyjgm2k7gyjwFsvsVTPTIV4 0qzX+e7SzyJU1m8gYWflYUxY9Q4Axt10wbTq2Fu5LpnxYHeRKzCyTv7ipyj0JR2RgmOT 4a++hEJiOmxkBJpaJL2n1ZUbk94BrHji9Z95CM0t18mpoCKNdsyjHYJlFA5GGa/9jpWb LoMw== X-Gm-Message-State: ALoCoQmGxo9FXy8Q4Q58rS9w1EyIFE8LujYewFNrLETknxhzbJn02ix5yS5M0Ic2DgQDhKHS/m8L MIME-Version: 1.0 X-Received: by 10.43.173.70 with SMTP id ob6mr46563159icc.45.1432139516323; Wed, 20 May 2015 09:31:56 -0700 (PDT) Received: by 10.79.11.6 with HTTP; Wed, 20 May 2015 09:31:56 -0700 (PDT) In-Reply-To: <555CADB6.202@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> Date: Wed, 20 May 2015 18:31:56 +0200 Message-ID: Subject: Re: ASLR work into -HEAD ? From: Oliver Pinter To: Pedro Giffuni Cc: Shawn Webb , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 16:32:03 -0000 On 5/20/15, Pedro Giffuni wrote: > Hello Shawn; > > What ever happened to the performance, does it still have a > noticeable effect even when disabled? We should ask to run an exp-run again with/without/disabled ASLR. > > I have no technical opinion on the patch, but ... > > TBH, the problem I see is that ASLR is so widespread that every > potential attacker already knows how to defeat it. Yes, it is meant > only as a mitigation technique but if it only buys you 5 min. > (at most) I don't see much advantage in obfuscating the VM. Hi Pedro! Explain the situation, when someone release an exploit against one system without ASLR. The attacker hard code the address of the specific code, and try it against the whole internet. In this case all of the try will success. Then explain the other situation, when the system has ASLR. In this case the exploit in the majority fails, and the attacker must to try multiple times to attack the system. This is very large cost on their side... Sometimes this 5 minutes means that the attacker could break in or not. Most of the average attackers does not have the knowledge, how to bypass the ASLR. Yes, there exists automated ROP generator and other tools, and articles about blink ROP effectiveness, but in the real life the ASLR is a must have. The ASLR would much more efficient, when segvguard or similar brute force prevention solution existing in the system. > > Just IMHO ... I am not a player in that area and I don't maintain > the underlying code so I don't approve or reject anything. > > Pedro. > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > From owner-freebsd-arch@FreeBSD.ORG Wed May 20 16:35:45 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 94CAA58E; Wed, 20 May 2015 16:35:45 +0000 (UTC) Received: from smtp.vangyzen.net (hotblack.vangyzen.net [199.48.133.146]) by mx1.freebsd.org (Postfix) with ESMTP id 79CCB1162; Wed, 20 May 2015 16:35:44 +0000 (UTC) Received: from marvin.lab.vangyzen.net (c-73-147-253-17.hsd1.va.comcast.net [73.147.253.17]) by smtp.vangyzen.net (Postfix) with ESMTPSA id F29C056467; Wed, 20 May 2015 11:35:43 -0500 (CDT) Message-ID: <555CB7F7.5070409@vangyzen.net> Date: Wed, 20 May 2015 12:36:07 -0400 From: Eric van Gyzen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Adrian Chadd , "freebsd-arch@freebsd.org" , "freebsd-embedded@freebsd.org" Subject: Re: RFC: make UMTX hash table size configurable References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 16:35:45 -0000 Adrian, Good idea. Looks good to me. Eric On 05/20/2015 12:28, Adrian Chadd wrote: > Hi, > > This patch makes the umtx hash table size configurable. It saves ~40k > of footprint from embedded images. > > (I can't seem to get phabricator to create a diff based on a set of > files, rather than the whole tree. Sigh.) > > adrian@lucy-11i386:~/work/freebsd/head-embedded/src % svn diff > sys/kern/ sys/conf/options > Index: sys/kern/kern_umtx.c > =================================================================== > --- sys/kern/kern_umtx.c (revision 282934) > +++ sys/kern/kern_umtx.c (working copy) > @@ -29,7 +29,7 @@ > __FBSDID("$FreeBSD$"); > > #include "opt_compat.h" > -#include "opt_umtx_profiling.h" > +#include "opt_umtx.h" > > #include > #include > @@ -184,7 +184,11 @@ > PRI_MAX_TIMESHARE : (td)->td_user_pri) > > #define GOLDEN_RATIO_PRIME 2654404609U > +#ifdef UMTX_NUM_CHAINS > +#define UMTX_CHAINS UMTX_NUM_CHAINS > +#else > #define UMTX_CHAINS 512 > +#endif /* UMTX_NUM_CHAINS */ > #define UMTX_SHIFTS (__WORD_BIT - 9) > > #define GET_SHARE(flags) \ > Index: sys/conf/options > =================================================================== > --- sys/conf/options (revision 282934) > +++ sys/conf/options (working copy) > @@ -209,7 +209,8 @@ > SYSVSHM opt_sysvipc.h > SW_WATCHDOG opt_watchdog.h > TURNSTILE_PROFILING > -UMTX_PROFILING > +UMTX_PROFILING opt_umtx.h > +UMTX_NUM_CHAINS opt_umtx.h > VFS_AIO > VERBOSE_SYSINIT > WLCACHE opt_wavelan.h > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > From owner-freebsd-arch@FreeBSD.ORG Wed May 20 16:57:44 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3317D33A; Wed, 20 May 2015 16:57:44 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DC011447; Wed, 20 May 2015 16:57:43 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t4KGvcN7002926 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 20 May 2015 19:57:38 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t4KGvcN7002926 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id t4KGvcws002925; Wed, 20 May 2015 19:57:38 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 20 May 2015 19:57:38 +0300 From: Konstantin Belousov To: Eric van Gyzen Cc: Adrian Chadd , "freebsd-arch@freebsd.org" , "freebsd-embedded@freebsd.org" Subject: Re: RFC: make UMTX hash table size configurable Message-ID: <20150520165738.GL2499@kib.kiev.ua> References: <555CB7F7.5070409@vangyzen.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <555CB7F7.5070409@vangyzen.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 16:57:44 -0000 On Wed, May 20, 2015 at 12:36:07PM -0400, Eric van Gyzen wrote: > Adrian, > > Good idea. Looks good to me. > > Eric > > On 05/20/2015 12:28, Adrian Chadd wrote: > > Hi, > > > > This patch makes the umtx hash table size configurable. It saves ~40k > > of footprint from embedded images. > > > > (I can't seem to get phabricator to create a diff based on a set of > > files, rather than the whole tree. Sigh.) > > > > adrian@lucy-11i386:~/work/freebsd/head-embedded/src % svn diff > > sys/kern/ sys/conf/options > > Index: sys/kern/kern_umtx.c > > =================================================================== > > --- sys/kern/kern_umtx.c (revision 282934) > > +++ sys/kern/kern_umtx.c (working copy) > > @@ -29,7 +29,7 @@ > > __FBSDID("$FreeBSD$"); > > > > #include "opt_compat.h" > > -#include "opt_umtx_profiling.h" > > +#include "opt_umtx.h" > > > > #include > > #include > > @@ -184,7 +184,11 @@ > > PRI_MAX_TIMESHARE : (td)->td_user_pri) > > > > #define GOLDEN_RATIO_PRIME 2654404609U > > +#ifdef UMTX_NUM_CHAINS > > +#define UMTX_CHAINS UMTX_NUM_CHAINS > > +#else > > #define UMTX_CHAINS 512 > > +#endif /* UMTX_NUM_CHAINS */ > > #define UMTX_SHIFTS (__WORD_BIT - 9) > > > > #define GET_SHARE(flags) \ > > Index: sys/conf/options > > =================================================================== > > --- sys/conf/options (revision 282934) > > +++ sys/conf/options (working copy) > > @@ -209,7 +209,8 @@ > > SYSVSHM opt_sysvipc.h > > SW_WATCHDOG opt_watchdog.h > > TURNSTILE_PROFILING > > -UMTX_PROFILING > > +UMTX_PROFILING opt_umtx.h > > +UMTX_NUM_CHAINS opt_umtx.h > > VFS_AIO > > VERBOSE_SYSINIT > > WLCACHE opt_wavelan.h It makes more sense to make the hash size a tunable. The hash mask would also need to be a variable. From owner-freebsd-arch@FreeBSD.ORG Wed May 20 17:24:56 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 958A3F63 for ; Wed, 20 May 2015 17:24:56 +0000 (UTC) Received: from nm31-vm6.bullet.mail.bf1.yahoo.com (nm31-vm6.bullet.mail.bf1.yahoo.com [72.30.239.14]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 365EA1828 for ; Wed, 20 May 2015 17:24:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432142694; bh=+oqt1TCbMyyZ9RXhk4rRWtWRq9swlL7gYBiy04zEH7U=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=uDOEtn0ZltwTjyH/+VeI6n3ZfAjG83GC5pRi3prFMPemrDMjWpcsGde6jvFqAvqwjwS1TS6wt5GoHgCFReDJWdiWNwYU3kzVyNs6os1TBR9RlLXWD2BGLhhvBT7s9mofhGKGqV+xJ5LD0cbT02le5vU2uakkOXyi4v2lQT2OuMg7KxroeBsbc6J9ws2OAWJ34o6up/pnphACD6abzUyzLbxxHyqklQRD9FVa7OPwUyA6U8ZtbhW4+CqefiGJCwFlejJiH8zwsSS2b8nLBJSdtqqx4A90VG7gC3bXm9TbxXtA4QlvJknXBVvekjpZZq23IShqFaUR/vEkUW8r48OOng== Received: from [98.139.170.180] by nm31.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 Received: from [98.139.211.198] by tm23.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 Received: from [127.0.0.1] by smtp207.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 X-Yahoo-Newman-Id: 284963.28127.bm@smtp207.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: N.nIX1AVM1kiydi6vDxpLC183aG5UHNqq.aDQ3yDpRKctcI AL9kZL9s07nRmgxCru1v8yY2wtCXobcm6Gq40dnNxDguY9sEysY3yuXJAr4J Bb1W0NOyfrVpgfMPq5tgESgAdtyjZHruOaSXs6Q0jQ4lojK9C0aoXPe5Bh34 uW8iktNnCm62upHaGQIDJiHddZ6NFdnpDVLOq01hl.DtziMNCB7BYavaq80x fjAOLDcPNSscpqw2VoeNItAp2agnFpeykxyN7JIX8ELTFqfj_uoOd._Dtq4n WZpmqCGB7PIU8I5mY9sPQzXaJXQe3pfvggXnyEGTdCRtHyx0uQuSEwFtfRlF BK_ePPCbaUt2AQr32GwcN6GNHNVzEoFEXl3n_f_mQbjfBypdjMyisRcrSe20 CBnqzHucTa8guXzkG2qT19SqdG80yITM_XFdwZxftfkzl7rUCJkOLCtIPddu CKTb7QZmfLbjtq4he0YMCmPmkJdojG8MHSfRkXf1KfSeOrnDT5pGqkZJz1rZ ejV1Y6w6cPIQ3ydYlpDY8deNCe9_s9Sc2 X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <555CC369.1030206@FreeBSD.org> Date: Wed, 20 May 2015 12:24:57 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 17:24:56 -0000 On 05/20/15 11:31, Oliver Pinter wrote: > On 5/20/15, Pedro Giffuni wrote: >> Hello Shawn; >> >> What ever happened to the performance, does it still have a >> noticeable effect even when disabled? > We should ask to run an exp-run again with/without/disabled ASLR. > So there's not much done in that sense :(. >> I have no technical opinion on the patch, but ... >> >> TBH, the problem I see is that ASLR is so widespread that every >> potential attacker already knows how to defeat it. Yes, it is meant >> only as a mitigation technique but if it only buys you 5 min. >> (at most) I don't see much advantage in obfuscating the VM. > Hi Pedro! > > Explain the situation, when someone release an exploit against one > system without ASLR. The attacker hard code the address of the > specific code, and try it against the whole internet. > In this case all of the try will success. Then explain the other > situation, when the system has ASLR. In this case the exploit in the > majority fails, and the attacker must to try multiple times to attack > the system. This is very large cost on their side... My claim is that the majority of "professional" breachers and governments already have ASLR workarounds pre-coded and ready to launch. Finding an exploit is more difficult than beating ASLR so they are not going to hint everyone that they have an exploit until they can take all the linux/windows/MacOSX at the same time. The cost for the NSA and/or anonymous to step on ASLR is zero. > Sometimes this 5 minutes means that the attacker could break in or > not. Most of the average attackers does not have the knowledge, how to > bypass the ASLR. Yes, there exists automated ROP generator and other > tools, and articles about blink ROP effectiveness, but in the real > life the ASLR is a must have. I think (and see it's just my opinion), that it was a must have 5 years ago, but now any such measure is futile. Capsicum everywhere would be better spent effort. > The ASLR would much more efficient, when segvguard or similar brute > force prevention solution existing in the system. > Define efficient .. performance with PIE and other measures is certainly hit and very likely there is an energy cost as well, so energetically you could consider it a waste of resources. And, just to clarify, I am not in any way against your work: I would personally like to have the option to use ASLR but off by default. If I do turn it on sometime, I won't want any one else to turn it off (even for debugging). Pedro. From owner-freebsd-arch@FreeBSD.ORG Wed May 20 17:29:36 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 766653FD for ; Wed, 20 May 2015 17:29:36 +0000 (UTC) Received: from mail-qg0-f48.google.com (mail-qg0-f48.google.com [209.85.192.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2F8F3186F for ; Wed, 20 May 2015 17:29:36 +0000 (UTC) Received: by qget53 with SMTP id t53so26957942qge.3 for ; Wed, 20 May 2015 10:29:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:organization:content-type:mime-version; bh=Ebjs8mBV0/InUWGSwOJ9+y8ixswnaIB7kCUREROsAb0=; b=XWr8wTYWQBnVtOHU/WjmuAfkNxT/gLCUrcwlRWFUZSbmrJ0C/GuY7iHLNBxnJh1OG9 ibIiF3x9amzN5JYiW7IXAbQ2SqVkywJArbTdGNpVLe3C38ahHkpk0f3MNpPXzCuagNO+ rIyfV5Vj2+x1A6PsVyv1A5INE4wWO89kn1XFcsp4FwVNiTQ5RFyT5ouLA1bW1ZAnhiuv fS2UkPZr+P1t7SOVGixxVfUcZdaZG3ve+KAM65bIvmm4iqb7CQqsSS9Qa1z/TkaXvMCr 1IOguNTMRW6epV/YH0b0bS7XchnkCpfkykfIeBTvKQUomrz+Zk3ALXbNB0hXNk6Ll/MT RvmQ== X-Gm-Message-State: ALoCoQlfBav8J+MQtOOcHqgTkyvFnGFdXXRW46XtFmXVwqOpgHzXQ0kr+AULBvyZar1du/Q0SB1b X-Received: by 10.229.98.200 with SMTP id r8mr47035927qcn.15.1432142968818; Wed, 20 May 2015 10:29:28 -0700 (PDT) Received: from [192.168.1.103] ([129.6.250.136]) by mx.google.com with ESMTPSA id e78sm11487696qhc.0.2015.05.20.10.29.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 May 2015 10:29:26 -0700 (PDT) Message-ID: <1432142964.4153.19.camel@hardenedbsd.org> Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Oliver Pinter Cc: Pedro Giffuni , "freebsd-arch@freebsd.org" Date: Wed, 20 May 2015 13:29:24 -0400 In-Reply-To: References: <555CADB6.202@FreeBSD.org> Organization: HardenedBSD Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-kYBWlsHTBVQVo7E2d+nL" X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 17:29:36 -0000 --=-kYBWlsHTBVQVo7E2d+nL Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-05-20 at 18:31 +0200, Oliver Pinter wrote: > On 5/20/15, Pedro Giffuni wrote: > > Hello Shawn; > > > > What ever happened to the performance, does it still have a > > noticeable effect even when disabled? >=20 > We should ask to run an exp-run again with/without/disabled ASLR. >=20 > > > > I have no technical opinion on the patch, but ... > > > > TBH, the problem I see is that ASLR is so widespread that every > > potential attacker already knows how to defeat it. Yes, it is meant > > only as a mitigation technique but if it only buys you 5 min. > > (at most) I don't see much advantage in obfuscating the VM. >=20 > Hi Pedro! >=20 > Explain the situation, when someone release an exploit against one > system without ASLR. The attacker hard code the address of the > specific code, and try it against the whole internet. > In this case all of the try will success. Then explain the other > situation, when the system has ASLR. In this case the exploit in the > majority fails, and the attacker must to try multiple times to attack > the system. This is very large cost on their side... >=20 > Sometimes this 5 minutes means that the attacker could break in or > not. Most of the average attackers does not have the knowledge, how to > bypass the ASLR. Yes, there exists automated ROP generator and other > tools, and articles about blink ROP effectiveness, but in the real > life the ASLR is a must have. >=20 > The ASLR would much more efficient, when segvguard or similar brute > force prevention solution existing in the system. Pedro, I'd like to echo what Oliver just said above and provide some additional insight. There's no "end-all-be-all" solution to security. Proper security solutions implement layer upon layer to make life frustrating for an attacker. It's about buying time and forcing your adversary to spend time and resources to successfully exploit a vulnerability. No knowledgeable security researcher claims ASLR is unexploitable. It's simply another layer. Since it's very effective at making an attacker spend resources for successful exploitation, it's generally one of the first exploit mitigation techniques implemented. It provides a great foundation on which to implement further exploit mitigation techniques. Some say ASLR is useless as there are techniques to defeat it ([B]ROP). Those techniques aren't 100% effective and often crash applications they attempt to exploit prior to successful exploitation. As Oliver pointed out, use of SEGVGUARD (which HardenedBSD has, but is not included in our ASLR patch) in conjunction with ASLR is an effective countermeasure. Again, we're not marketing ASLR as the end-all-be-all solution for exploit mitigation. It's simply an effective layer of that delicious security onion we've all come to love. Let's frustrate our adversaries and force them to peel back more layers! I agree that FreeBSD ought to do EXP-RUNs with ASLR enabled, disabled, and completely removed for comparison. FreeBSD last year ran a ports EXP-RUN with ASLR enabled versus vanilla FreeBSD with the results showing no measurable overhead. Thanks, Shawn Webb --=-kYBWlsHTBVQVo7E2d+nL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJVXMR0AAoJEGqEZY9SRW7ucmEP/2NtSt4uZjz3PL6I5k6qGXya oars80lX6fjORTqAY/cZWyOZid3n0v0QwNtyZCmfF3le6TnobM4B8fQ7U9/DDmPf 4GoaOuLnMG5A3EJqpP9sz0JP1N4xfNeAIJNq+UTD6XPp5YG0M9OdKaF2Rtg/rBvh DeNvuGU9CokO30W5+0dKbXOUd6DhT/694vPPCWSpPOiGWmY9XzZUiF4tfc9II16S /hBsy4rhx/C2+M1dVkh4j1wpII1kO/IfyukyRkva2sxGjs5a8s0l4D5bALVrVWn2 FPMas3WfTmSuGknXBMx3rU2b/ZaO5lGVWudtMduRL6fAKaTyu56s1eii2/J12ZN/ Gd9928nbzQhn528k87Kp4FMGe/kYbflZRjnt3OEu6qc8iR5jQmNDpSj+qxwQD5Eq Y0eGC/CjKUzvMIo1Ku0ynJDCpqTgT/QDid14NhUQjmqjvyNdCo2WINacffhr5XzX zW31ue87BeNbc8Lx67sH2wWwdWLkmn/p/E5E9SQ7o2/er2o3UEjrbZ7draDgzNnr A1bCf4KfZtghajcgtPccIKIYtQ2yLzvN4mgdsMZc6NyDkTRgmausbAC6VTzMwfU3 csOsEBd27aAAhB/g02ftRUQUNki5OmXbZfMSMIYrY/fBFz6iMXKeIhMvaAB1GdYQ QDduUigAq8nWc0a/EbPY =FG5a -----END PGP SIGNATURE----- --=-kYBWlsHTBVQVo7E2d+nL-- From owner-freebsd-arch@FreeBSD.ORG Fri May 22 00:56:28 2015 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 349C7618 for ; Fri, 22 May 2015 00:56:28 +0000 (UTC) Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id E808A3121 for ; Fri, 22 May 2015 00:56:27 +0000 (UTC) Message-ID: <555E7EBB.7060908@FreeBSD.org> Date: Thu, 21 May 2015 20:56:27 -0400 From: Jung-uk Kim User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-arch@FreeBSD.org Subject: RFC: deprecate CALLOUT_MPSAFE Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2015 00:56:28 -0000 CALLOUT_MPSAFE has lost its meaning since r141428, i.e., more than ten years for CURRENT. However, it is continuously misused as mpsafe argument for callout_init(9). This patch cleans up callout_init() calls and deprecate the flag. https://reviews.freebsd.org/D2613 Any objections? Jung-uk Kim From owner-freebsd-arch@FreeBSD.ORG Fri May 22 16:53:33 2015 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BA7763C3 for ; Fri, 22 May 2015 16:53:33 +0000 (UTC) Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id 921583248 for ; Fri, 22 May 2015 16:53:33 +0000 (UTC) Message-ID: <555F5F0D.7000107@FreeBSD.org> Date: Fri, 22 May 2015 12:53:33 -0400 From: Jung-uk Kim User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-arch@FreeBSD.org Subject: Re: RFC: deprecate CALLOUT_MPSAFE References: <555E7EBB.7060908@FreeBSD.org> In-Reply-To: <555E7EBB.7060908@FreeBSD.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2015 16:53:33 -0000 On 05/21/2015 20:56, Jung-uk Kim wrote: > CALLOUT_MPSAFE has lost its meaning since r141428, i.e., more than > ten years for CURRENT. However, it is continuously misused as > mpsafe argument for callout_init(9). This patch cleans up > callout_init() calls and deprecates the flag. > > https://reviews.freebsd.org/D2613 FYI, I decided to go ahead and commit this patch. Then, we will remove the mpsafe argument from callout_init() as glebius suggested. https://reviews.freebsd.org/D2613#48639 Jung-uk Kim From owner-freebsd-arch@FreeBSD.ORG Fri May 22 23:40:56 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 03080E4D for ; Fri, 22 May 2015 23:40:56 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D8B591E14 for ; Fri, 22 May 2015 23:40:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t4MNetrt081293 for ; Fri, 22 May 2015 23:40:55 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t4MNetdM081292 for freebsd-arch@freebsd.org; Fri, 22 May 2015 23:40:55 GMT (envelope-from bdrewery) Received: (qmail 7580 invoked from network); 22 May 2015 18:40:50 -0500 Received: from unknown (HELO ?10.10.1.139?) (freebsd@shatow.net@10.10.1.139) by sweb.xzibition.com with ESMTPA; 22 May 2015 18:40:50 -0500 Message-ID: <555FBE83.6080103@FreeBSD.org> Date: Fri, 22 May 2015 18:40:51 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Pedro Giffuni , Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> In-Reply-To: <555CC369.1030206@FreeBSD.org> OpenPGP: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7WB0at8ihqDKalmCTslJAF1kecxPn3EjH" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2015 23:40:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > My claim is that the majority of "professional" breachers and > governments already have ASLR workarounds pre-coded and ready > to launch. Finding an exploit is more difficult than beating > ASLR so they are not going to hint everyone that they have > an exploit until they can take all the linux/windows/MacOSX > at the same time. >=20 > The cost for the NSA and/or anonymous to step on > ASLR is zero. This sort of argument easily turns into "why bother with security?". Please be careful with it. Every layer and mitigation helps. The real world is not just NSA or China. It's also full of script kiddies. Should we just stop using SSL because NSA might have cracked it? Should we just hand over root ssh keys to China because they probably have it all hacked anyway? Should we just give up since billions of dollars pour into security breaking research? Should I just post my CC here since it's surely leaked from the hundreds of places I use it at anyway? No. I've had very basic security checks, that could be easily circumvented, stop actual script kiddies before. Had they persisted longer I would have been in major trouble. If I explained what it is you would surely laugh it off and tell me to not bother. Well it worked. ASLR has its place too. --=20 Regards, Bryan Drewery --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVX76IAAoJEDXXcbtuRpfPl6cH/2mCC8Dftn9/Wj9bTCX9O8AF x0jZnU0rc1u0ARFmsFPAA2CCnjom5oxzMwkxpk1OP2FmWVcDSbDQ4TRghnmOG8nT mF84ktVGRAXAa2YtOsIK/u0Q4ACilk/oOXP+FPepDuc3+e4OOFQCUSsJC1BhoNve L1EvJ5hwgkTNNp8IFoZOIh3aTAhEwh6FfIy0Bn+WAyUVdS69FDLo5lXTV+bYJym7 f/uKHtJJvJDSiS+E3NJ9sm02S6xki0bKNphjDDT+I+M4Hc27u+VXsFKBcTmW23Ky WVZY9q+V8+Us+wKQ9fvfp5Sf67iLvQnqbNj4R8NXn0vEG7lx/OBMJK5vJFDyCyE= =LDFO -----END PGP SIGNATURE----- --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH-- From owner-freebsd-arch@FreeBSD.ORG Sat May 23 07:03:17 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2B5C94B9; Sat, 23 May 2015 07:03:17 +0000 (UTC) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id E334B1A4D; Sat, 23 May 2015 07:03:16 +0000 (UTC) Received: from critter.freebsd.dk (unknown [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id A4C6B3BB88; Sat, 23 May 2015 06:53:12 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id t4N6QU0j030919; Sat, 23 May 2015 06:26:30 GMT (envelope-from phk@phk.freebsd.dk) To: Bryan Drewery cc: Pedro Giffuni , Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? In-reply-to: <555FBE83.6080103@FreeBSD.org> From: "Poul-Henning Kamp" References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <30917.1432362390.1@critter.freebsd.dk> Date: Sat, 23 May 2015 06:26:30 +0000 Message-ID: <30918.1432362390@critter.freebsd.dk> X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2015 07:03:17 -0000 -------- In message <555FBE83.6080103@FreeBSD.org>, Bryan Drewery writes: >This sort of argument easily turns into "why bother with security?". That would be an extremely uninformed reaction. The correct reaction is: This is not something we can fix with technology, it needs to be fixed at the political level. For the USAnians that should be particularly evident, because every bit of technology you roll out will be defeated with your own tax-money. Engage in politics, that's the only place these problems can be solved. PS: And don't give me the "There's nobody to vote for", that just means that you have to become a candidate yourself. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-arch@FreeBSD.ORG Sat May 23 14:32:32 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 446DE713 for ; Sat, 23 May 2015 14:32:32 +0000 (UTC) Received: from nm16.bullet.mail.bf1.yahoo.com (nm16.bullet.mail.bf1.yahoo.com [98.139.212.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E31A3160E for ; Sat, 23 May 2015 14:32:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432391544; bh=c8qU2vSTFXdcG+8P2fOUxFVVtRUUvGzXI8zYei6NEbc=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=o0G/mluM+z9vo5Yz93eaY0EPthlyWGb4LTh0jTdhjrR4z88PxGspzJTJdrj629WEGQJrOVVXGQ13cMBgKVYX11nK65sAP3iDTU/g80jUMexBqcWDeY48VKu9i6xUT/dXuZOvM8XesTGRSgHsWji2DabumMwAgHkYX0egGV3ZK1y8OwPbYzjaGMEuBd+eLwRDcQQhAv0+Qq0D9cVs/vLqg7kNQVkGzivSzUBM4DXGwk8rKiNMljn/O/UtrKqx4GxXum5G2aWvRLsSN82Tvl5UMGxa8WT13wYXJriPPG6+c8serNUujCXCvbjiwWPw7pF3nIlUe3DXZT9k3xX95bcviA== Received: from [98.139.170.182] by nm16.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 Received: from [98.139.211.197] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 Received: from [127.0.0.1] by smtp206.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 X-Yahoo-Newman-Id: 814154.86564.bm@smtp206.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: jzOtv70VM1k8f3i0puQMNdLMGTGCwHA6LC6qx82BQCQ78si 8bDzCYtnQ7CM1wQgssfe9z96HFBH1lkrYKzYvzrfi0wJ9P5K.5XXSDNN2CzK lpTROjb0xrgROiEuAwb91Mv6s7ZpnNJn4y08.ksAjPRJV8o3ODrzm2MoAzZa HPet7SgsImijkJ2MGmR3caEbNpbyek9.zKcv8oY2fBfR62guwjD5hBasaSBi k9Qgx8nyDjHAnPb1ulHtll.HNzSNxfrj_O3jYjdSofYQ_L6ZQZ3dE4Vv3C1P NxipsfvafapJnbwRRQyYXbL6dxSMK..Idonq.wyCj9NcShG2gIalbj2WCi2o JToXXbYqJ7ASCjajg0z8TtzeC2ewbcBua07eg36HnceXEvaCLavraIaxF.N4 inXIXgo.n4B7wR6m3uNVYC4Z9Q_J1AL0acgSK_bxKMuOTWte1xIIBP58gX1S R0af2z0dA2tdKxmBS9221u4OkbtICU5MX.i5oYLwDXPtbX1pMqynoPEyLZiA Uiyrk5lfYAcKtDXPWFd5QEnYe88vBIi3e X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <55608F83.3000009@FreeBSD.org> Date: Sat, 23 May 2015 09:32:35 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Bryan Drewery , Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> In-Reply-To: <555FBE83.6080103@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2015 14:32:32 -0000 On 05/22/15 18:40, Bryan Drewery wrote: > On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >> My claim is that the majority of "professional" breachers and >> governments already have ASLR workarounds pre-coded and ready >> to launch. Finding an exploit is more difficult than beating >> ASLR so they are not going to hint everyone that they have >> an exploit until they can take all the linux/windows/MacOSX >> at the same time. >> >> The cost for the NSA and/or anonymous to step on >> ASLR is zero. > This sort of argument easily turns into "why bother with security?". I don't think you can blame me of that since I proposed, and am actually mentoring, a project to add yet another security layer (which is hopefully zero-cost). > Please be careful with it. Every layer and mitigation helps. The real > world is not just NSA or China. It's also full of script kiddies. Should > we just stop using SSL because NSA might have cracked it? Should we just > hand over root ssh keys to China because they probably have it all > hacked anyway? Should we just give up since billions of dollars pour > into security breaking research? Should I just post my CC here since > it's surely leaked from the hundreds of places I use it at anyway? No. I think there is a real danger that just because we add something like ASLR, someone will think they are actually protected. AFAICT there is not even one attack today that can be prevented by ASLR. Even then, it might be worth it, but I just don't find acceptable any performance hit even when turned off. > I've had very basic security checks, that could be easily circumvented, > stop actual script kiddies before. Had they persisted longer I would > have been in major trouble. If I explained what it is you would surely > laugh it off and tell me to not bother. Well it worked. ASLR has its > place too. > The fact that SONY pictures was breached in, doesn't mean I am turning off my firewall, but I won't be deploying anything based on enigma, just because "it's better than nothing". Pedro. From owner-freebsd-arch@FreeBSD.ORG Sat May 23 14:41:20 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A3DB1948 for ; Sat, 23 May 2015 14:41:20 +0000 (UTC) Received: from nm45-vm1.bullet.mail.bf1.yahoo.com (nm45-vm1.bullet.mail.bf1.yahoo.com [216.109.115.60]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4945216F2 for ; Sat, 23 May 2015 14:41:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432392077; bh=1z1res8sf5wp4NoZEh7VXlhweDzAKdiCidgHE+lu+gQ=; h=Date:From:To:CC:Subject:References:In-Reply-To:From:Subject; b=f8mEtZt/uKUJm/5zp5W+39Rb6cEbeRd8hM3JWIh2Hqoo4/fFrLLisu+xuUeYuEyDDAb4EgcZzloGD+hfcEO5Yxi0+wXlcSbaj5Y0LpZur/yT9cDe333A1tNHBdHvriHs1UkgeXzpQL/ifvzavP+8xuvi/OWCDqqLqu3Y6rd2kbJig4xoM1p+bbvefZ3otMIMwQ5ShGZ8XE92vbcNLmRO8cSVxfdcvYYSRMwMw+6mVtHtXm3ONIoLW2kU0lvfImf+bUgdIdNGRC50hj6P8o9KBH9Xjv0/OyH6yjxUjT1duAhq//umZvhI0pjfM5ItHP55D77rwcu24DYkHx8Pd1JOOg== Received: from [98.139.215.142] by nm45.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:41:17 -0000 Received: from [98.139.211.202] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:41:17 -0000 Received: from [127.0.0.1] by smtp211.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:41:17 -0000 X-Yahoo-Newman-Id: 934431.56909.bm@smtp211.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: k5MVcRcVM1nttko4sAckVozEqWlro57m1uJv4aHBuLXokrs yXjGonwNO0Pftz_XndrorzLwOa_OQzPl_S3JfDu.UqpXaRPLCBR84NUON2EW 3jAJhbUwcSt8azuK8eM0C9nvWz72A6vZ6nZodO75qJ6hFNnZytSY3N2_vXWY GFDezNhcf2vzu9P2Kl9odFyEWW0Ty7.uFUfX4fXToOJ.FW4tsWhnOH_NMQkB vy5_1VKPRd8Mw5.zZJAzbiqUA1CX.BB1vOhJRBy4f28QMuQ2k5x1oJjbEZrN _5Mybd6OTf6ZuDCSLa2_KAZlh9WnnoJRJteMj4DtVvq1hfqCyJMeN6IluWXD na8JHLIXrU.xb_CgQ5qOWs7KXunbgQVjLwA8drG1EEeJT0rEZzH.qSZXbVXh PsT4edTQVxU6lc9qzecw3hvXJRfsS0cr2Z9rAp5mfT62svRWoJSF2oVH1Rmu HCZynZ6Ebs2UV3rXWaTWP9xMYaWjl93TPQBrLoYi3Lvf9eRMQSA3buUnHFKy h8XpoV4mQPjRyllPp5uZSs5PfrdngIEpS X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <55609197.80501@FreeBSD.org> Date: Sat, 23 May 2015 09:41:27 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Poul-Henning Kamp , Bryan Drewery CC: Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <30918.1432362390@critter.freebsd.dk> In-Reply-To: <30918.1432362390@critter.freebsd.dk> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2015 14:41:20 -0000 On 05/23/15 01:26, Poul-Henning Kamp wrote: > -------- > In message <555FBE83.6080103@FreeBSD.org>, Bryan Drewery writes: > >> This sort of argument easily turns into "why bother with security?". > That would be an extremely uninformed reaction. > > The correct reaction is: This is not something we can fix with > technology, it needs to be fixed at the political level. I agree, this is the correct reaction. Furthermore, and on a more pragmatical note, I think we can now come to understand that anything you do on the Internet is unlikely to be private for long. If you have something that you want to keep for yourself, think twice before you put it in your computer or, even worse, on the cloud. However brutal the NK regime may be they appear to have understood how to keep their information secure. Pedro.